Anthropic, maker of the Claude Mythos AI cybersecurity model, has relaxed its strict confidentiality agreements, permitting users to share vulnerabilities found through its Project Glasswing initiative more broadly than before.
- Anthropic lifts sharing restrictions on Claude Mythos security findings
- Shift follows pressure from lawmakers and evolving program maturity
- Competitor OpenAI runs less secretive Daybreak code scanning initiative
What happened
Anthropic previously required all participants in its Project Glasswing, the exclusive testing program for the Claude Mythos Preview AI model, to agree to strict confidentiality agreements. These agreements prevented testers from discussing or sharing any security insights or vulnerabilities found using the model. The group of testers was limited to a very small set of about 50 companies and organizations chosen for their trusted status.
Recently, this secrecy policy was revised following a letter from Democratic Representative Josh Gottheimer expressing concern that restrictive non-disclosure agreements hinder effective coordination on urgent cybersecurity risks. In response, Anthropic acknowledged that the program has matured and updated user agreements to allow broader sharing of key security findings. This change marks a shift toward openness intended to foster collaboration and improve overall security outcomes.
Why it matters
The move away from strict confidentiality reflects broader tensions in AI security research between preserving competitive advantage and facilitating industry-wide risk mitigation. AI cybersecurity models like Claude Mythos have the potential to uncover vulnerabilities quickly but require collective effort to address those risks effectively. When restrictions limit information flow, entire ecosystems may remain exposed longer to critical threats.
Anthropic’s loosening of secrecy also positions it closer to initiatives like OpenAI’s Daybreak, which invites widespread participation in codebase scanning from the outset. Cloudflare’s recent public discussion around Mythos Preview demonstrated how such models can detect chains of minor bugs that combine into severe exploits, underscoring the importance of wide sharing and collaboration in tackling emergent AI-enabled attack vectors.
What to watch next
Industry observers should monitor whether Anthropic’s new sharing policies lead to increased public reporting and collaborative threat intelligence leveraging Claude Mythos. The willingness of testers to openly exchange findings and compare notes could accelerate defensive innovations and highlight the evolving roles and responsibilities of AI vendors in cybersecurity.
Additionally, competition between Anthropic and OpenAI in scalable, transparent AI security tools will likely intensify. Watching how these companies balance secrecy, trust, and open engagement with enterprise customers will be key drivers in shaping the future of AI-powered vulnerability detection and mitigation across software ecosystems.