Anthropic said it is loosening earlier confidentiality restrictions tied to its powerful Mythos cybersecurity model, allowing participating organizations to share threat intelligence, vulnerabilities, and defensive tools more broadly as concerns mount over the scale of emerging AI-driven cyber risks.
The shift marks a notable recalibration for the AI company’s tightly controlled “Project Glasswing” initiative, which was launched in April to give a small group of organizations access to the unreleased Claude Mythos Preview model for defensive cybersecurity work. The program includes major technology firms such as Amazon, Microsoft, Nvidia, and Apple.
Mythos has drawn significant attention within cybersecurity circles because of its advanced coding and reasoning capabilities, which researchers say could enable the model to discover software vulnerabilities and generate exploitation pathways at a scale beyond conventional tools. That has intensified debate over whether frontier AI systems should be tightly restricted or broadly deployed to strengthen digital defenses.
Register for Tekedia Mini-MBA edition 20 (June 8 – Sept 5, 2026).
Register for Tekedia AI in Business Masterclass.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register for Tekedia AI Lab.
Anthropic said participating companies are now generally free to disclose their involvement in Glasswing and may, at their discretion, share findings, tools, code, and best practices developed through the initiative with outside organizations exposed to similar threats.
“We fully support our partners sharing findings with each other and companies outside of Glasswing to triage vulnerabilities,” an Anthropic spokesperson said.
The company clarified that while there was “never a specific Glasswing NDA,” confidentiality provisions were incorporated into participation agreements after partners requested protections before exposing sensitive security information and vulnerability research.
“While there was never a specific Glasswing NDA, confidentiality protections were something partners asked for at the outset and were built into agreements partners signed,” the spokesperson said.
Anthropic added that the rules have evolved as the program expanded and matured.
“As the program has matured, we’ve adapted them to ensure key information can be shared broadly, including outside the program, for maximum defensive impact,” the spokesperson added.
The revised framework allows participants to share information with corporate security teams, regulators, government agencies, industry groups, open-source maintainers, and even the media, provided disclosures follow accepted responsible-disclosure practices designed to avoid exposing unpatched vulnerabilities prematurely.
The policy adjustment comes as governments and corporations increasingly worry that advanced AI systems could sharply accelerate cyber warfare and digital espionage. Frontier AI models are now capable of generating functional code, identifying weaknesses in software infrastructure, and automating parts of vulnerability research that previously required teams of skilled engineers.
That dual-use nature has become one of the defining tensions in the AI industry. Companies developing cutting-edge systems are under pressure to demonstrate that the technology can strengthen cyber defenses without simultaneously handing malicious actors more sophisticated offensive tools.
Anthropic has attempted to position Mythos as a controlled defensive platform rather than a general-purpose public release. Under Glasswing, access remains restricted to vetted organizations working on cybersecurity and infrastructure protection.
The Pentagon has already begun deploying Mythos across parts of the U.S. government to help identify and patch software vulnerabilities, according to comments made last week by senior Defense Department technology officials. The U.S. military’s use of the model highlights how AI is becoming increasingly embedded in national security operations, particularly as governments face rising threats targeting critical infrastructure, cloud systems, and defense networks.
The Defense Department’s adoption of Mythos is occurring even as Washington works to reduce dependence on individual AI vendors and diversify its AI ecosystem amid intensifying geopolitical competition over advanced computing technologies.
Anthropic’s decision to relax disclosure limitations also reflects growing recognition across the cybersecurity industry that threat intelligence loses value when isolated inside closed corporate networks. Security researchers have long argued that rapid information-sharing is critical for containing attacks before they spread across sectors or borders.
The company’s revised approach could improve coordination among major technology firms and public institutions confronting increasingly complex cyber threats linked to AI-enhanced attacks, ransomware campaigns, and state-backed hacking groups. At the same time, the move may help Anthropic counter criticism from parts of the security community that earlier confidentiality expectations risked slowing collective defense efforts during a period of escalating cyber risk.
The debate over AI and cybersecurity has intensified as leading labs race to build more capable systems. Companies including OpenAI, Google, and Anthropic are investing heavily in models designed to automate coding, software analysis, and agentic workflows, areas viewed as commercially valuable but also highly sensitive from a security standpoint.
Mythos has become one of the clearest examples yet of how frontier AI companies are trying to balance commercial deployment, national security concerns, and pressure for greater transparency.