RELEASE: Gottheimer Praises Anthropic for Taking Action After Addressing His Concerns

Resources / Press Share on RELEASE: Gottheimer Praises Anthropic for Taking Action After Addressing His Concerns Anthropic Removes NDA Restrictions Blocking Cyber Vulnerability Sharing; Calls on All Platforms to Follow Suit May 18, 2026 Press WASHINGTON, D.C. — Congressman Josh Gottheimer (NJ-5), Co-Chair of the House Democratic Commission on AI and the Innovation Economy, applauded Anthropic for taking action to address concerns raised about “Project Glasswing” and the use of non-disclosure agreements (NDAs) that had prevented participating organizations from sharing information about critical cyber vulnerabilities identified through the program. Following Gottheimer’s letter calling on Anthropic to change course, Anthropic announced carve-outs to the program that will allow organizations to responsibly share information about urgent cyber threats with trusted partners and relevant stakeholders. Gottheimer called on all platforms to follow suit. “I’m glad that Anthropic has done the right thing here and made these critical changes,” said Congressman Josh Gottheimer (NJ-5). “Responsible information sharing is a cornerstone of cybersecurity. No entity should be contractually restricted from warning others, coordinating mitigations, or informing relevant and trusted stakeholders about urgent cyber risks — and Anthropic stepped up.” “I encourage all other platforms to quickly follow suit,” Gottheimer continued. “As AI systems become more advanced, we need strong safeguards and rapid information sharing to protect against cyber threats and keep Americans safe.” Gottheimer had previously called on Anthropic to nullify the portions of its NDA that prohibited responsible sharing of cyber vulnerability information with trusted organizations, and urged all frontier AI developers — including OpenAI and others operating similar programs — to ensure organizations can share critical cyber risk information with trusted industry partners and government agencies. Find the full letter here and below: Mr. Dario Amodei CEO Anthropic 548 Market Street San Francisco, CA 94104 Dear Mr. Amodei: Project Glasswing is an important step toward securing critical physical and digital infrastructure from the cyber risks posed by your frontier AI model, Mythos. It is essential that any frontier AI model developer building these systems acts with the utmost caution when credible vulnerabilities are identified. My understanding is that you decided to limit Project Glasswing to approximately forty companies, which, of course, excluded many organizations — small, medium, and large — in a cross section of industries with vulnerabilities. It has also come to my attention that Anthropic required the limited organizations allowed to participate in Project Glasswing to sign a Non-Disclosure Agreement (NDA) that prevents any information sharing with other organizations about critical cyber vulnerabilities they identified through this process. Given the serious risk models including Mythos pose to critical systems, I urge Anthropic to nullify that part of its NDA and immediately allow the companies participating in Project Glasswing to share their findings with other trusted industry partners. Doing so will help ensure that as many entities as possible are protected against these types of cyber threats. I’m sure that you would agree that they would all benefit from the learnings of those that have access to Mythos to help protect their organizations from the vulnerabilities it can expose. All foundational model developers should do everything they can to prevent malicious exploitation and ensure that this information is shared responsibly and used to strengthen defenses. No entity should be contractually restricted from warning others, coordinating mitigations, or informing relevant and trusted stakeholders about urgent cyber risks. For example, a large utility or hospital that has access to Mythos should be able to let smaller organizations in their industry relying on similar software systems know what vulnerabilities Mythos exposed, so that they can secure their systems, too. Of course, there should be an appropriate vetting process, but the NDA should not be a bottleneck to these organizations being able to share with other known, trusted organizations. Responsible information sharing is a cornerstone of cybersecurity — one organization’s data on an attack can help others detect the same tactic earlier, reduce damage, and respond faster. As frontier AI models gain increasing cyber capabilities, the need for rapid and protected information sharing about potential vulnerabilities becomes more urgent. Any insights on the vulnerabilities that Mythos found in one company’s system can help a significant number of others that may never get access to it, or don’t have the resources to, either technologically or financially, to utilize it. I also urge all of the leading platforms to adopt the same approach, including OpenAI for entities involved in its