Anthropic softens restrictions on Mythos vulnerability reporting

Move comes amid growing political scrutiny of AI in cyber

Anthropic has changed course on how information uncovered by Mythos can be shared, after criticism that earlier restrictions risked leaving smaller organisations exposed to cyberattacks.

Anthropic has said that users of its experimental "Mythos" model will now be permitted to share findings about software vulnerabilities and cyber threats with other entities, provided they follow responsible disclosure practices.

Anthropic had initially required participants in its tightly controlled testing programme to keep discoveries confidential.

Mythos, unveiled in April, is being tested through a restricted initiative known as "Project Glasswing". Around 50 major organisations, including technology giants Amazon, Apple, Microsoft and Nvidia, have been granted access to the unreleased model for defensive cybersecurity work.

An Anthropic spokesperson said the original confidentiality protections were introduced at the request of participating organisations during the programme's early stages.

However, as concerns mounted over whether vital threat information was being unnecessarily contained within a small group of large companies, Anthropic revised the agreements.

"We fully support our partners sharing findings with each other and companies outside of Glasswing to triage vulnerabilities," the spokesperson said.

The company added that users may now share information with security teams at other firms, government agencies, industry bodies, open-source software maintainers, journalists and the public.

Political scrutiny

The policy reversal comes amid growing political and industry scrutiny of advanced AI systems designed for cybersecurity.

Last week, the Pentagon confirmed it was using Mythos to help identify and patch vulnerabilities across US government systems. At the same time, lawmakers in Washington have raised concerns that restricting disclosure of cyber risks could hinder wider defensive efforts.

In a letter sent on Monday to Anthropic chief executive Dario Amodei, Democratic Congressman Josh Gottheimer argued that organisations should not be prevented from warning others facing similar threats.

"No entity should be contractually restricted from warning others, coordinating mitigations, or informing relevant and trusted stakeholders about urgent cyber risks," he wrote.

Meanwhile, both the White House and Congress are considering new oversight measures for powerful AI systems amid fears that increasingly capable cyber models could be used to launch large-scale digital attacks.

The Trump administration is reportedly weighing an executive order that would expand federal scrutiny of advanced AI models before public release, while lawmakers are expected to debate a broader federal AI bill later this month.

Cloudflare reveals test findings

Internet infrastructure company Cloudflare said this week that tests of "Mythos Preview" model revealed capabilities beyond those seen in earlier generations of AI coding tools.

While many large language models can already identify isolated software vulnerabilities, Cloudflare said Mythos was able to connect multiple low-severity bugs into broader "attack chains" capable of compromising systems.

The AI system was tested across Cloudflare's live infrastructure, including its runtime systems, edge data networks, protocol stack, control plane and several open-source projects. According to the company, Mythos not only identified vulnerabilities but also generated proof-of-concept code designed to test whether a suspected flaw could be exploited.

Other frontier AI models examined during the tests reportedly identified some of the same bugs but failed to complete the final step of turning them into usable exploits.

Cloudflare said Mythos also demonstrated a level of persistence and autonomy not commonly seen in earlier AI security tools.

Despite the advances, Cloudflare warned the technology still produced many false positives requiring human review. The problem was particularly severe in software written in memory-unsafe programming languages such as C and C++, where the model frequently flagged speculative or unverified issues.

Cloudflare said the broader lesson organisations is to strengthen their overall security architecture rather than relying solely on faster software patching.

It recommended that businesses deploy layered defences capable of limiting how attackers move through systems even when vulnerabilities remain unpatched, including stronger network controls and coordinated deployment of security fixes across environments.