Anthropic allows Mythos partners to share cyber threat data with governments, media and the public

Anthropic has revised its position on data sharing for its Claude Mythos cybersecurity model, now allowing partners to share threat intelligence and findings more broadly — a move that experts say introduces new security considerations.

What is Project Glasswing?

Mythos was announced on 7 April and is being deployed as part of Anthropic's Project Glasswing — a controlled initiative under which select organisations, including major technology companies such as Amazon, Microsoft, Nvidia, and Apple, are permitted to use the unreleased Claude Mythos Preview model for defensive cybersecurity purposes.

According to experts, Mythos' advanced coding capabilities give it a potentially unprecedented ability to identify cybersecurity vulnerabilities and devise methods to exploit them — a double-edged capability that has prompted careful governance from the outset.

Revised data sharing rules

Last week, Anthropic began informing partners that they are now generally permitted to disclose their involvement in Glasswing and, at their own discretion, share findings, best practices, tools, or code developed through the programme.

"We fully support our partners sharing findings and companies outside of Glasswing to triage vulnerabilities," an Anthropic spokesperson said. "While there was never a specific Glasswing NDA, confidentiality protections were something partners asked for at the outset and were built into agreements partners signed."

The spokesperson added: "As the program has matured, we've adapted them to ensure key information can be shared broadly — including outside the program — for maximum defensive impact."

Who can receive the information?

Under the revised framework, partners may share cybersecurity findings with security teams at other companies, industry bodies, regulators, government agencies, open-source maintainers, the media, or the wider public — subject to responsible-disclosure norms.

The original confidentiality protections had been built into agreements at the request of participating companies, who sought assurances before sharing sensitive findings and expressed concern about being targeted by attackers.

Pentagon deployment

The announcement comes as the Pentagon has confirmed it is deploying Mythos to identify and patch software vulnerabilities across United States government systems, even as the Defence Department continues to manage a broader transition away from the AI company, according to the department's top technology official.