- Rule Change: Anthropic plans to let Glasswing participants share Mythos findings with outside organizations facing similar cyber risks.
- Launch Context: Glasswing launched on April 7 with a restricted sharing model despite access for named partners and more than 40 other organizations.
- Defensive Proof: Mozilla tied Mythos evaluation work to 271 Firefox vulnerabilities, showing why earlier disclosure can change patching decisions.
- Policy Test: Anthropic says a 90-day lessons report should show whether broader sharing helps defenders move faster in practice.
Anthropic will let roughly 50 Project Glasswing participants share threat intelligence and Mythos findings with outside organizations facing similar cyber risks after telling partners last week the rule had changed. Outside defenders could receive warnings, tools, or working exploit code sooner while AI-assisted vulnerability research is already moving faster than many patching cycles.
Project Glasswing is Anthropic’s defensive cyber program built around Claude Mythos, a specialized AI model designed to help trusted security teams find, validate, and respond to software vulnerabilities. Until now, participants were largely expected to keep discoveries within the program’s original circle, even when a flaw might also threaten outside companies. The rule change matters because threat intelligence can include practical details such as affected software, reproduction steps, mitigation advice, or proof-of-concept exploit code that helps defenders confirm a bug and prioritize a fix.
Why Anthropic Changed the Rules
Anthropic began telling participants last week they could share threat intelligence beyond the initial group. Glasswing launched on April 7 under a far more limited structure. Anthropic had framed Mythos as a cyber-focused model whose capabilities could help identify software weaknesses and potential exploit paths.
At that April 2026 launch, Anthropic opened Glasswing with launch partners including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. More than 40 additional organizations that build or maintain key software infrastructure also received access. Even with that broader roster, the earlier restricted Mythos access kept findings inside a closed defensive lane.
Anthropic’s revised stance now lets participants help outside companies triage vulnerabilities when the same weakness could affect them. For security teams, triage means deciding how urgent a flaw is, how widely it reaches, and which mitigation path should move first. Partners are still expected to share information and defensive practices where possible.
Anthropic says it will publish lessons learned within 90 days. That checkpoint should show whether the new rule merely widens partner discretion or, in practice, pushes useful warnings and techniques beyond the original group before another exposed organization runs into the same bug.
What the Defensive Evidence Already Shows
Mozilla’s Firefox fixes are the clearest public example of why the policy change matters. Firefox 150 shipped fixes tied to 271 vulnerabilities in Firefox. Mozilla’s result turned an abstract model-safety debate into a concrete case where AI-assisted vulnerability research fed a real defensive patch cycle.
Since February, the Firefox team had been using frontier AI models to find and fix latent browser security vulnerabilities. Cloudflare said Mythos Preview’s output has noticeably higher quality, which helps explain why proof-of-concept code matters once defenders need to act fast: “A finding that arrives with a PoC is a finding you can act on.” A working exploit demo can help a vendor reproduce the flaw, test a patch, and decide whether emergency mitigation should start immediately.
Attackers and defenders are not moving on the same timetable. AI is accelerating how quickly vulnerabilities are found, but companies still take days or weeks to patch them. In 2025, CrowdStrike documented an 89 percent increase in AI-enabled adversary operations, which raises the cost of keeping useful exploit data trapped inside a small circle.
Competitive and Policy Pressure Around Cyber Models
Older models that were capable of finding software vulnerabilities were already pushing security teams to ask whether vulnerability research speed would outpace remediation speed. OpenAI has also run invite-only cyber programs, and several researchers have warned that offense may gain the initial advantage as those systems improve.
U.S. Representative and House Democratic AI commission co-chair Rep. Josh Gottheimer pushed that pressure into a policy dispute after challenging the confidentiality limits around Mythos findings.
“No entity should be contractually restricted from warning others, coordinating mitigations, or informing relevant and trusted stakeholders about urgent cyber risks.”
Rep. Josh Gottheimer, U.S. Representative and House Democratic AI commission co-chair
Gottheimer’s criticism helps explain why Anthropic’s narrower change is about defensive coordination, not broad public release. Anthropic says it will publish lessons learned within 90 days, giving defenders and policymakers one concrete checkpoint for whether broader sharing, in practice, helps organizations move faster than attackers can exploit the same acceleration.


