According to the Wall Street Journal, Anthropic initially asked users of the Cloud Mythos preview model to sign a confidentiality agreement to prevent sharing the findings, but the Journal says that all changed last week.
By far, the most important thing to keep in mind about Cloud Mythos Preview, reportedly the world’s scariest AI model, has been its privacy. To use it, you have to be one of the VIPs allowed to participate in Project Glasswing – reportedly a very select group of about 50 companies and organizations.
if you Are One of the Cloud Mythos Preview testers who participated in Project Glasswing, you have to use models to find security vulnerabilities, and at the beginning there was an understanding that in the hands of the participants there was a huge responsibility to keep everything secret – as if the fate of the world depended on secrecy.
But according to the Journal, Democratic Representative Josh Gottheimer wrote a letter to Anthropic complaining about it. “No entity should be contractually restricted from warning others, coordinating mitigation, or notifying relevant and trusted stakeholders about immediate cyber risks,” Gottheimer wrote.
From the Journal’s report published on Monday, it seems as if Anthropic is struggling to find its footing on the question of what can be done with the output of the Mythos preview. An anonymous Anthropic spokesperson told the Journal, “Privacy protections were something that partners initially asked for and were built into agreements signed by partners,” but added that Glasswing has “matured”, and user agreements have evolved to ensure that critical information can be shared widely, including beyond the bounds of Project Glasswing.
Another event that happened a week ago was the announcement of a similar program called Daybreak from Anthropic’s main competitor, OpenAI. Daybreak was much less secretive than Project Glasswing, allowing anyone to fill out a short form and request to have their codebase scanned by OpenAI’s latest cybersecurity models. CEO Sam Altman posted on X that he would like to work with “as many companies as possible now.”
It seems like companies have already started speaking publicly about what the Mythos preview has shown them. For example, I couldn’t help but notice that Cloudflare Chief Security Officer Grant Bourzicas published a blog post on Monday detailing what he and his company found while tinkering with the Mythos preview. This is an informative post, describing Mythos Preview as similar to other bug-finding LLMs, but also adding, “What has changed with Mythos Preview is that a model can now take those lower-severity bugs (that would traditionally remain invisible in the backlog) and chain them into a single, more serious exploit.”
But there is an interesting coda at the end of the post. Bourzicas promises to share additional findings with clients soon, and says, “If your team is doing similar work and want to compare notes, contact us,” and then he provides an email address.
So it looks like the shroud of secrecy around the Cloud Mythos preview is being lifted bit by bit. The folks at Anthropic certainly feel like their model is losing some of its mystique, but the air of mystery around LLM is not something that can last forever.
<a href