Anthropic said Monday it is loosening the disclosure rules that govern its Project Glasswing program, which gives a select group of tech giants and financial institutions access to Mythos, the company’s AI model built to hunt software vulnerabilities. Under the new policy, partners can pass vulnerability findings to other security teams, industry bodies, regulators, open‑source maintainers, the media and the public, provided they follow standard responsible‑disclosure practices.
The earlier framework required partners to keep discoveries within the Glasswing consortium and report them only to Anthropic. By expanding the sharing circle, the company hopes to give the broader defender community a faster line on threats that Mythos has already exposed. In internal tests the model flagged thousands of zero‑day bugs across operating systems and browsers and generated working exploits on first attempt in more than 83 percent of cases.
Project Glasswing’s roster reads like a who’s‑who of the tech industry: Amazon Web Services, Apple, Google, Microsoft, Nvidia, Cisco and JPMorgan, among others. Those firms collectively represent a sizable slice of the modern enterprise attack surface, meaning the findings circulating within the program already cover a meaningful portion of today’s threat landscape.
The policy revision arrives amid a broader regulatory push. Anthropic is preparing a briefing for the Financial Stability Board at the request of Bank of England Governor Andrew Bailey, and regulators including the U.S. Federal Reserve, the European Central Bank, the U.S. Treasury, ASIC and several Asian supervisory bodies have been monitoring the project. Critics have long argued that keeping vulnerability data locked inside a private consortium gives its members an unfair defensive advantage. The new rules aim to address those concerns while still respecting responsible‑disclosure norms such as reasonable patch windows and limits on weaponizable details.
U.S. government users are also feeling the impact. The Department of Defense’s top technology official confirmed that the Pentagon has been deploying Mythos to locate and remediate software flaws across federal systems, even as the administration works to transition away from Anthropic. The broadened sharing policy could enable findings from those government deployments to flow downstream to other agencies and private sector partners.
Despite the expanded reach, the structural asymmetry that critics highlight remains. The roughly 40‑to‑50 organizations inside Project Glasswing still receive early access to Mythos insights before the broader ecosystem. Anthropic’s leadership argues that giving defenders a head start is essential to staying ahead of adversaries who could eventually wield comparable AI capabilities.
Industry observers see the policy shift as the most concrete operational change since Mythos was unveiled in April. By allowing partner findings to be shared under responsible‑disclosure guidelines, Anthropic hopes to accelerate the patching of high‑impact vulnerabilities and reduce the window of exposure for enterprises worldwide.
Este artigo foi escrito com a assistência de IA.
News Factory SEO ajuda você a automatizar conteúdo de notícias para o seu site.