Anthropic Loosens Secrecy Around Claude Mythos Findings
According to reporting by The Wall Street Journal and covered by Gizmodo, Anthropic previously required testers of Claude Mythos Preview participating in Project Glasswing to sign confidentiality agreements and limited access to a reportedly very small set of participants, about 50 organizations. The Journal reported that Anthropic relaxed those restrictions last week, allowing broader sharing of vulnerability findings discovered with the model. Democratic Representative Josh Gottheimer wrote in a letter quoted by the Journal, "No entity should be contractually restricted from warning others, coordinating mitigations, or informing relevant and trusted stakeholders about urgent cyber risks."
What happened
The Wall Street Journal reported, and Gizmodo summarized, that Anthropic initially required users of Claude Mythos Preview in Project Glasswing to sign confidentiality agreements and limited participation to a reportedly small set of testers, about 50 organizations. The Journal also reported that Anthropic loosened those secrecy requirements last week, allowing participants to share some findings more broadly. Representative Josh Gottheimer's letter was quoted in the Journal: "No entity should be contractually restricted from warning others, coordinating mitigations, or informing relevant and trusted stakeholders about urgent cyber risks."
Technical details
Per available reporting, Claude Mythos Preview was made available to select partners under Project Glasswing to surface security vulnerabilities and test cyber risks. The coverage does not publish internal technical specifications, attack chains, or model parameters for the preview release.
Industry context
Editorial analysis: Companies running tightly controlled previews of powerful models in cybersecurity create a tension between controlled disclosure and rapid public mitigation. Observers have documented similar tradeoffs where early secrecy aims to limit misuse but can delay coordinated vulnerability disclosure and defensive action.
Context and significance
Editorial analysis: The reported policy shift matters because coordinated disclosure and information sharing are central to cyber risk mitigation across vendors, open-source projects, and infrastructure operators. When model-based tools surface exploitable patterns in widely used code and tooling, delay in sharing actionable findings can increase exposure time for defenders.
What to watch
Editorial analysis: Observers should track whether the new sharing guidelines include standard responsible-disclosure timelines, designated channels for alerts to software vendors, and participation rules for independent security researchers. Also watch for follow up reporting from The Wall Street Journal, statements from Anthropic, and any coordinated advisories from cybersecurity vendors that participated in Project Glasswing.
Scoring Rationale
The story affects how model-driven cyber risks are handled and informs responsible-disclosure practices for powerful models. It is notable for security teams and model governance, but not a frontier-model release or industry-shaking regulation.
Practice interview problems based on real data
1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
