Why Anthropic Is Letting Partners Share Mythos AI Cybersecurity Findings

That capability could dramatically improve cyber defense. By quickly identifying weaknesses before attackers do, organizations can patch vulnerabilities earlier and reduce the risk of large‑scale cyber incidents.

But those same abilities create serious risks: the model could also be used to discover and exploit weaknesses at scale if it were widely available. For that reason, Anthropic has kept Mythos out of public release and instead deployed it only through a controlled program called Project Glasswing.

How the New Threat‑Sharing Feature Works

Originally, participants in Project Glasswing were restricted from broadly sharing vulnerability discoveries generated with Mythos due to nondisclosure rules.

Anthropic has now revised that policy. Participants can share threat information with organizations that may be affected by the same vulnerabilities, enabling faster coordinated defensive action across the software ecosystem.

The idea is straightforward:

• If one organization detects a vulnerability using Mythos
• Other organizations exposed to the same flaw can be alerted quickly
• Those organizations can patch or mitigate the issue before attackers exploit it

Supporters argue this change aligns the program more closely with traditional responsible vulnerability disclosure practices, where sharing critical information among defenders is key to preventing widespread attacks.

The Companies Involved in Project Glasswing

Project Glasswing brings together a group of major technology, cybersecurity, and infrastructure organizations working with Anthropic to test the model in controlled defensive environments.

Participants reported to be involved include:

• Amazon Web Services
• Apple
• Broadcom
• Cisco
• CrowdStrike
• Google
• JPMorganChase
• Microsoft
• Nvidia
• Palo Alto Networks
• The Linux Foundation

These organizations maintain or secure infrastructure used by billions of people, which makes them natural partners for testing AI‑assisted vulnerability discovery at scale.

Why Access Is Still Highly Restricted

Despite allowing limited sharing of threat intelligence, Anthropic is still keeping Mythos tightly restricted.

The reason is simple: the model’s capabilities are considered too powerful for open release.

Researchers and early testing suggest Mythos can rapidly uncover serious vulnerabilities across widely used systems. While this could significantly improve defensive security, it also raises the risk that malicious actors could use the tool to automate discovery and exploitation of software flaws.

To reduce that risk, Anthropic is:

• Limiting access to a small group of vetted organizations
• Restricting use to defensive cybersecurity purposes
• Deploying the model in controlled testing environments through Project Glasswing

Regulators Are Paying Close Attention

The potential impact of AI‑driven vulnerability discovery has drawn attention from governments and financial regulators.

Authorities in several countries have sought briefings from Anthropic about the risks posed by Mythos, including concerns that the model could expose weaknesses in critical financial infrastructure such as banks and payment systems.

These concerns highlight how powerful cybersecurity AI tools are becoming relevant not just to technology companies but also to national security and economic stability.

The Bigger Debate: Faster Defense vs. New Security Risks

Mythos and Project Glasswing have sparked a broader debate in the cybersecurity community.

On one side, many security professionals argue that faster vulnerability discovery and coordinated disclosure strengthen global defenses. AI tools could help defenders identify weaknesses earlier than attackers and reduce the time systems remain exposed.

On the other side, critics warn that such powerful systems could dramatically lower the cost of offensive cyber operations if misused. Even limited leaks or expanded access could allow attackers to automate large‑scale vulnerability discovery.

Anthropic’s approach—limited access, controlled testing, and selective information sharing—represents one attempt to strike a balance between these competing goals.

What Project Glasswing Signals About the Future of AI Security

The Mythos program suggests that cybersecurity may soon enter a new phase where AI systems can discover vulnerabilities faster than human researchers.

If that trend continues, the challenge will shift from simply finding flaws to managing how powerful vulnerability‑finding tools are controlled, shared, and governed.

Project Glasswing is effectively an early experiment in that future: using frontier AI to strengthen collective defense while trying to prevent the same technology from becoming a powerful new weapon for attackers.