"The Project Glasswing partners can now pass vulnerability findings to other security teams, industry bodies, regulators, open-source maintainers and the press, under responsible-disclosure norms. The defender pool just got wider. Anthropic said on Monday that it is revising its earlier disclosure policy on Mythos, the unreleased cybersecurity-focused AI model deployed under its Project Glasswing controlled-access programme."
"The revision will let partners using Mythos share information about cyber threats with other parties potentially exposed to the same vulnerabilities, rather than holding findings within the original partner organisation. The list of parties partners can now share with is, on the published text, deliberately broad: security teams at other companies, industry bodies, regulators and government agencies, open-source maintainers, the media and the public, all subject to responsible-disclosure norms."
"Anthropic's previous posture had been substantially tighter, with findings held inside the partner programme and surfaced upward to Anthropic itself rather than outward to the wider defender community. The shift matters because of what Mythos has been finding. On Anthropic's own disclosures, the model has identified thousands of zero-day vulnerabilities across major operating systems and browsers in internal testing, and has demonstrated the ability to develop working exploits against those flaws on first attempt in more than 83% of cases."
"Project Glasswing's partner roster includes Amazon Web Services, Apple, Google, Microsoft, Nvidia, Cisco and JPMorgan, a group large enough that the findings circulating inside it are themselves a meaningful subset of the modern enterprise attack surface. The change also lands inside a wider regulatory arc Anthropic has been navigating. The company is preparing to brief the Financial Stability Board on what Mythos has found inside financial-services infrastructure, at Bank of England Governor Andrew Bailey's req"
Partners in Project Glasswing can now pass vulnerability findings to external parties under responsible-disclosure norms. The change revises an earlier policy that kept findings within the partner programme and routed them upward to Anthropic. Partners can share with security teams at other companies, industry bodies, regulators and government agencies, open-source maintainers, the media, and the public, subject to responsible disclosure. The shift is significant because Mythos has identified thousands of zero-day vulnerabilities across major operating systems and browsers in internal testing. It has also demonstrated the ability to develop working exploits against those flaws on first attempt in more than 83% of cases. Project Glasswing includes major enterprise and infrastructure partners, expanding the defender pool.
#vulnerability-disclosure #cybersecurity-ai #zero-day-vulnerabilities #responsible-disclosure #regulatory-coordination
Read at TNW | Anthropic
Unable to calculate read time
Collection
[
|
...
]