Anthropic lets Mythos cybersecurity partners share findings more broadly
Anthropic lets Mythos cybersecurity partners share findings more broadly
Publish Date: 2026-05-19 08:47:00
Source Domain: tech.yahoo.com
Using an unordered list, summarize the following article with between 4 and 8 key points. Anthropic is revising its disclosure rules for Project Glasswing, allowing partners using its Mythos cybersecurity model to share vulnerability findings with outside parties rather than holding information within the program, the company said.According to Reuters, the revised terms — communicated to partners starting last week — permit disclosure of involvement in Glasswing and allow organizations to share, at their own discretion, any findings, tools, best practices, or code that emerged from the program with a broad range of outside parties, from regulators and industry groups to open-source maintainers and the general public, provided responsible-disclosure standards are observed.The previous policy had required partners to keep findings inside the program. Participating organizations had themselves pushed for the confidentiality provisions, Anthropic said, citing worries about exposing sensitive findings and fears that publicizing their involvement could make them targets for attackers. “As the program has matured, we’ve adapted them to ensure key information can be shared broadly — including outside the program — for maximum defensive impact,” an Anthropic spokesperson said.AdvertisementAdvertisementThe change came amid pressure from lawmakers and others who argued that restricting access to vulnerability findings could disadvantage smaller organizations. A letter sent Monday to Anthropic chief executive Dario Amodei by Rep. Josh Gottheimer (D., N.J.) — a co-chair of a House Democratic AI commission — argued that “no entity should be contractually restricted from warning others, coordinating mitigations, or informing relevant and trusted stakeholders about urgent cyber risks,” the text of which was reviewed by The Wall Street Journal. Gottheimer also encouraged Anthropic competitors, including OpenAI, to adopt a similar approach.Project Glasswing, launched in April, gives about 50 large companies and organizations managing critical digital infrastructure access to Mythos for defensive cybersecurity purposes. Named partners include Amazon Web Services, Apple, Google, Microsoft, Nvidia, Cisco, and JPMorgan. Disclosure has already started flowing from some participants: both Palo Alto Networks and Mozilla have publicly credited Mythos with surfacing software vulnerabilities at a volume they said would not have been achievable through their standard processes, The Wall Street Journal reported.Mythos has identified thousands of zero-day vulnerabilities across major operating systems and browsers during internal testing, and can develop working exploits against those flaws on first attempt in more than 83% of cases, Anthropic has said. The scale of what the model has uncovered prompted Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell to convene a meeting with bank CEOs to discuss cybersecurity risks. As Quartz has previously reported, U.S. banks with access to Mythos have been working to address a wave of vulnerabilities the model surfaced, with findings also being shared downstream with community and regional banks that lack direct access to the program.Even under the loosened rules, partners remain bound by responsible-disclosure conventions — meaning any sharing must account for adequate patching timelines and avoid releasing details that could be weaponized, The Next Web noted.
