When Anthropic launched Project Glasswing in April, it came with an unusual condition: members of the coalition could use Claude Mythos Preview to hunt for software vulnerabilities, but they could not talk publicly about what they found. On May 18, the company reversed course. Partners now have explicit permission to share their findings, developed tools, and best practices with the broader security community, including regulators, open-source maintainers, and the press.
The policy shift is significant. Glasswing began as a tightly controlled program, designed to give defenders a head start on patching before Mythos's capabilities became more widely available. Anthropic had asked participants not to disclose their involvement or share specifics of any findings. That constraint made operational sense at launch: Mythos had surfaced more than a thousand critical-severity zero-day vulnerabilities, and coordinated disclosure windows needed time to run before attack details could circulate. Six weeks later, enough of those findings have moved through the disclosure pipeline that Anthropic says broader sharing serves the defensive mission better than continued silence.
A More Open Glasswing
Under the updated policy, Glasswing participants may share, at their own discretion, findings from Mythos scans, best practices developed during the program, tools or code built to support the work, and their involvement in the coalition itself. Recipients can include security teams at other companies, industry bodies, regulators such as CISA, government agencies, open-source maintainers, journalists, and the general public.
The existing responsible-disclosure norms remain in place. Anthropic has not abandoned the 90-day patch window that governs how findings move from private to public. Partners who share externally are expected to follow the same timelines Glasswing itself follows, which means a given vulnerability finding can be shared broadly once the affected vendor has had sufficient time to ship a fix, or once the window expires.
Project Glasswing: Key Details
- Program launchedApril 7, 2026
- Model in useClaude Mythos Preview
- Known participantsAmazon, Microsoft, Nvidia, Apple
- Critical-severity findings1,000+
- Prior sharing policyConfidential (no disclosure permitted)
- Updated policyPartners may share at discretion, subject to responsible-disclosure norms
A Program That Has Matured
Anthropic offered a candid explanation for the timing. As Glasswing has developed over the past six weeks, more of the highest-risk vulnerabilities it surfaced have worked through disclosure pipelines and received patches. The window during which wide sharing would carry the most attack risk has narrowed. At the same time, the company has come to see transparency as a multiplier: findings shared with open-source maintainers outside the coalition can accelerate remediation in software that Glasswing participants may not directly control.
The financial sector has been one focus area. Just before this policy update, Anthropic confirmed it would brief the Financial Stability Board on systemic risks in global financial infrastructure that Mythos had identified. That briefing, reported by the FT, required Anthropic to share information with a regulator outside the original coalition, an early signal that the company's thinking about Glasswing's scope was already shifting. The new sharing policy formalizes what had in some respects already begun.
"As the program has matured, Anthropic has adapted protections to ensure key information can be shared broadly, including outside the program, for maximum defensive impact." Anthropic statement, May 18, 2026
What Defenders Gain
Security professionals outside the original Glasswing coalition will now start hearing more about what the program has actually found. Until now, organizations not on the participant roster had no direct way to assess whether their software was affected by a Mythos-surfaced finding unless they happened to receive a patch notification through standard coordinated channels. That mechanism still applies, but partners can now share context, tooling, and methodological guidance that helps non-Glasswing teams prepare and triage more effectively.
For open-source maintainers in particular, who often operate without dedicated security staff, the ability to receive direct outreach from Glasswing participants is meaningful. Many of the vulnerabilities Mythos has surfaced have been in exactly the kind of widely deployed, under-resourced libraries where patch coordination is slowest. A direct channel from a well-resourced coalition member, rather than a generic disclosure ticket, could compress remediation timelines considerably.
There is also a governance dimension. Regulators who want to understand what AI-powered vulnerability discovery looks like in practice can now speak directly with coalition members, rather than relying solely on Anthropic's own reports. That kind of distributed information flow is what bodies like the FSB have been requesting as they work to assess systemic risk in critical infrastructure. The FSB briefing arrangement confirmed the appetite exists; the policy change makes it possible to scale it.
Glasswing at the Next Stage
Anthropic has not announced a timeline for any broader public release of Mythos, nor has it indicated when the coalition might expand to include new participants. The program's membership list remains unpublished, though Amazon, Microsoft, Nvidia, and Apple have been confirmed through reporting and statements from Glasswing participants themselves.
The original decision to hold Mythos back from public release was controversial in some corners of the security community. Critics argued that a closed coalition gives an incomplete picture of the model's capabilities and creates an implicit competitive advantage for coalition members. The policy shift does not answer those objections entirely, but it does move the program toward a model in which findings eventually reach the community at large, rather than remaining inside a ring-fenced group indefinitely.
For researchers and maintainers who were not part of Glasswing from the start, the change is a meaningful signal. The findings Mythos is generating are, by most accounts, substantial in both volume and severity. The more of that work that flows to the people who can act on it, the closer Glasswing gets to fulfilling its stated defensive purpose, rather than simply being a structured advantage for a select group of well-resourced organizations.
