Anthropic lets Glasswing partners publicly share Mythos flaws

Anthropic will allow companies using Mythos to share what they find publicly, contrary to initial confidentiality agreements with partners — meaning any flaws spotted in the AI model can be widely published.

Last month, Anthropic unveiled Project Glasswing, a partnership that brings together Apple, AWS, CrowdStrike, Google, Microsoft, and more in an effort to secure software from the impacts of AI.

That was sparked by Anthropic's Claude Mythos model, which the company claims has found thousands of serious flaws in every major operating system and web browser. Because of that, Anthropic is keeping Mythos under lock and key and offering access only to trusted partners — a move designed to keep the technology out of the hands of hackers, though some have suggested that caution is at least in part a marketing move.

Initially, Anthropic said it would share any findings from Glasswing partners using Mythos, suggesting that the other companies would not be allowed to publish any flaws or concerns they discovered.

Latest Videos From

Now, Anthropic has confirmed that its partners will indeed be allowed to share any threats they discover with each other and external companies, as well as government authorities, the public, and the media, according to a report from Reuters.

"While there was never a specific Glasswing NDA, confidentiality protections ‌were ⁠something partners asked for at the outset and were built into agreements partners signed," an ​Anthropic spokesperson told the news agency via a statement.

"As the program ⁠has matured, we've adapted them to ensure key information can be shared broadly — including outside the program — for maximum defensive ​impact," the statement added.

Allowing Glasswing partners to work with affected companies with Mythos-spotted flaws allows the idea of responsible disclosure to continue, as any issues can be shared and solved — without necessarily keeping Anthropic at the centre of such efforts. That could have risked a bottleneck, especially if the rate of flaw discovery continues to be high.

AI vs security

More generally, Anthropic is keeping Mythos Preview locked down over fears of its wider impact. "For cyber defenders to come out ahead, we need to act now," it said at the time.

OpenAI clearly agrees, and last week unveiled its own version of Glasswing, called Daybreak. Built on its Codex Security tool and GPT 5.5, OpenAI aims to build AI-powered protections into software, rather than just using the technology to spot flaws — though, of course, there will still be plenty of that.

"AI can now help defenders reason across codebases, identify subtle vulnerabilities, validate fixes, analyze unfamiliar systems, and move from discovery to remediation faster," OpenAI said in a blog post at the time. "Because those same capabilities can be misused, Daybreak pairs expanded defensive capability with trust, verification, proportional safeguards, and accountability."

In a briefing, analyst firm Gartner warned that the time between patch and exploit has now collapsed, impacting how security works across all industries — AI is raising the stakes for all cyber professionals.

"Security providers should embrace adoption of such AI tools to assess all code in the wild and code in development to rapidly address discovered exploits," Gartner noted, adding: "In addition, as consumers of software with security implications, security providers should accelerate their exposure to threats from integrated code through proactive remediation coordination with partners."

In other words, work with AI developers, or risk being left behind.