Anthropic Opens Glasswing — Mythos Cyber Findings Can Now Be Shared With the Wider Defensive Community

Anthropic Just Loosened the Glasswing Sharing Rules — And It Is the Right Call for Defensive Cybersecurity

On May 19, 2026, Anthropic announced a meaningful policy update to Project Glasswing: partners participating in the program can now share their findings, best practices, tools, and code derived from Claude Mythos Preview with security teams at other companies, industry bodies, regulators and government agencies, open-source maintainers, the media, and the public — subject to responsible disclosure norms. The shift opens up the defensive intelligence flow inside one of the most consequential AI-for-cybersecurity programs in operation today. For everyone in the AI security research community, this is the structural change that converts Glasswing from a closed early-access pilot into something closer to a coordinated defensive intelligence network.

For CISOs, vulnerability research teams, open-source maintainers, and anyone tracking how frontier AI is reshaping defensive cybersecurity, the May 19 update is the operational signal that the defensive-disclosure model around frontier-AI vulnerability discovery is maturing. The previous policy posture — confidentiality protections written into the Glasswing partner agreements — was the right starting point for a program operating at the frontier of AI capability. The new posture — explicit permission to share findings broadly, subject to responsible disclosure — is the right next step now that the program has matured and the operational practices for responsible AI-assisted vulnerability handling have been validated.

What Glasswing and Claude Mythos Actually Do

For context: Project Glasswing is Anthropic's controlled early-access program providing select organizations with Claude Mythos Preview — a frontier model with unusually strong cybersecurity capabilities derived from its ability to deeply understand and modify complex software. Mythos has been used to identify thousands of zero-day vulnerabilities in every major operating system and every major web browser, along with significant other software infrastructure. The most striking single result from the program so far: Mythos Preview fully autonomously identified and exploited a 17-year-old remote code execution vulnerability in FreeBSD (CVE-2026-4747) that allowed attackers to gain root access — with no human involvement after the initial request.

Glasswing's Partner Roster Sets the Scale

Anthropic has been deliberately selective about Glasswing's partner roster. Major tech firms including Amazon, Microsoft, NVIDIA, and Apple have access. Critical software infrastructure organizations and open-source maintainers are included. Anthropic has committed up to $100 million in usage credits for Mythos Preview and $4 million in direct donations to open-source security organizations. The structural design choice is that the partner set is large enough to cover the systems most attackers would target first, but small enough that the responsible-disclosure protocols can be coordinated centrally.

Why Sharing Is the Right Next Step

The original closed-share policy was a reasonable starting posture for a program operating at the frontier of AI capability. When Mythos first launched, the entire field of AI-assisted vulnerability discovery was new. The right operational discipline was to keep findings tightly held while the partner community calibrated norms — how to disclose responsibly, how to coordinate patches, how to communicate with maintainers, how to handle the unusually high finding velocity that Mythos produces. Six months into the program, those norms have settled. The closed-share posture is no longer the constraint that protects defenders — it is the constraint that prevents defenders from helping each other.

The Maximum Defensive Impact Argument

Anthropic's stated reasoning for the policy update is direct: "to ensure key information can be shared broadly — including outside the program — for maximum defensive impact." That is the right operational frame. A vulnerability discovered by a Glasswing partner is most valuable to defenders when the underlying pattern can be shared with the broader vulnerability research community, who then check their own systems for the same class of issue. Restricting that signal to the Glasswing partner set, no matter how distinguished, leaves significant defensive value on the table.

Industry Bodies, Regulators, and the Press

The breadth of approved sharing channels is deliberately wide. Security teams at other companies. Industry bodies (think the major CERTs and ISACs). Regulators and government agencies (CISA being the obvious US example). Open-source maintainers (where the vulnerability discoveries most directly land). The media. The public. Each of those audiences plays a different role in the responsible disclosure ecosystem, and the policy update gives partners permission to communicate with the right audience for each finding rather than funneling everything through Anthropic.

How the Update Lands in the Wider AI Security Landscape

The Glasswing sharing update arrives at a moment when several major AI labs are operating their own AI-for-cyber programs. OpenAI launched its Trusted Access for Cyber (TAC) program scaling to thousands of verified defenders. Google and Microsoft are running their own AI-assisted security initiatives. The structural picture across the field is that frontier AI is now genuinely changing the economics of vulnerability discovery — and the operational question for the defensive community has moved from "are AI models capable enough to be useful?" to "how do we coordinate the flow of AI-assisted findings to maximum defensive effect?"

Why Coordinated Disclosure Norms Still Matter

The Glasswing policy update is explicit that the broader sharing is subject to responsible disclosure norms. That qualification matters. AI-assisted vulnerability discovery operates at significantly higher velocity than traditional human-led research. The volume of findings produced in a single Mythos run can easily outpace the patching cadence of the affected maintainers. The responsible disclosure norms — coordinated patch windows, embargoed publication, prioritized critical-infrastructure handling — are what prevent the high-velocity finding flow from outrunning the patching pipeline. Maintaining those norms while expanding the sharing channels is the operational discipline that makes the policy update work in practice.

The Pentagon Reaction and the Government Lens

One signal worth flagging from the broader Glasswing coverage: senior Pentagon leadership has publicly described Glasswing and Mythos as "an opportunity" for defensive cybersecurity. That is the right framing from the government's perspective. The US critical infrastructure stack — federal civilian systems, defense industrial base systems, the OT systems that run physical infrastructure — benefits when the AI-assisted vulnerability discovery flow reaches them at the same time it reaches the major commercial tech firms. The new Glasswing sharing rules make that flow operationally easier for government coordination teams.

CISA and the Civilian Disclosure Pipeline

CISA's existing role as the US civilian critical infrastructure security agency makes it the natural government endpoint for many of the disclosures the new Glasswing policy enables. A Glasswing partner that discovers a vulnerability in a widely-deployed open-source library can now, under the updated rules, share the finding with CISA, with the maintainer, with the broader open-source security community, and with the affected commercial vendors — all in parallel rather than serially through the Anthropic-mediated channel. That parallel-flow model is the operational shape responsible disclosure has been moving toward for years.

What to Watch Next

The Glasswing policy update opens up several concrete watch items. First, the velocity and breadth of the disclosures that start appearing publicly from Glasswing partners — the open-source security community will likely be the first to see the impact. Second, the coordination patterns that emerge between Glasswing partners and traditional vulnerability disclosure channels (Project Zero, the CERT system, industry ISACs). Third, the responsible-disclosure norms that solidify around AI-assisted vulnerability discovery as the field matures. Fourth, the policy updates that other AI labs running similar programs may adopt in response.

For the broader AI security research community, the Glasswing update is the kind of structural policy shift that ripples through the field for months. The defensive intelligence flow is now wider, the coordination model is more flexible, and the bar for what responsible AI-assisted vulnerability disclosure looks like has been quietly but meaningfully reset. That is the right outcome for a program operating at the frontier of AI-assisted defensive cybersecurity — and Anthropic deserves credit for adapting the policy as the program matured.

Sources: Security Boulevard, May 19, 2026; Insurance Journal, May 19, 2026; WinBuzzer, May 19, 2026; The Next Web, May 19, 2026; Anthropic Project Glasswing page, May 2026.