Anthropic announced on Monday that partners in its Project Glasswing cybersecurity program can now publicly share vulnerability findings, best practices, tools, and code developed using the Claude Mythos Preview model. The policy revision removes the tightly controlled confidentiality framework that had governed the program since its April 7 launch.

What Changed

Project Glasswing gives select organizations access to the unreleased Mythos model for defensive cybersecurity work. Partners include Amazon, Microsoft, Nvidia, and Apple. Until last week, findings generated through the program were kept within the Glasswing network. Anthropic has now told partners they can disclose their involvement and share results at their own discretion.

“We fully support our partners sharing findings with each other and companies outside of Glasswing to triage vulnerabilities,” an Anthropic spokesperson told Reuters.

The approved sharing targets include security teams at non-partner companies, industry bodies, regulators, government agencies, open-source maintainers, the media, and the public, subject to responsible-disclosure norms.

Why the Confidentiality Existed

According to Anthropic, the original restrictions were partner-driven. “While there was never a specific Glasswing NDA, confidentiality protections were something partners asked for at the outset and were built into agreements partners signed,” the spokesperson said, per The Hindu/Reuters. Partners had sought assurances before sharing sensitive findings and worried about being targeted by attackers.

“As the program has matured, we’ve adapted them to ensure key information can be shared broadly, including outside the program, for maximum defensive impact,” the spokesperson added.

Pentagon Context

The policy shift arrives while the U.S. Department of Defense is actively deploying Mythos to find and patch software vulnerabilities across government systems. Defense Department chief technology official Emil Michael confirmed last week that the Pentagon is using Mythos even as it completes a planned transition away from Anthropic as a vendor, according to Reuters.

The Threat Intelligence Calculation

Anthropic’s move turns Glasswing from a closed defensive network into an open threat intelligence pipeline. Mythos reportedly has the capability to identify decades-old vulnerabilities in web browsers, infrastructure, and software at machine speed. When those findings stayed inside Glasswing, only partner organizations could act on them. Now, a vulnerability discovered by Microsoft’s Mythos deployment could reach an open-source maintainer the same day.

The tradeoff is exposure. The same findings that help defenders also provide a roadmap for attackers. Anthropic is betting that responsible-disclosure norms and the speed advantage of sharing outweigh the risk of broader visibility.