The Security Model That Just Broke
Anthropic’s Claude Mythos AI discovered decades-old security vulnerabilities that humans missed, including a 27-year-old bug in OpenBSD.
The model was trained for coding, not hacking, but its deep understanding of code made exploitation capability emerge automatically.
Anthropic is not releasing it publicly. Instead, Project Glasswing gives defenders early access to patch critical flaws before attackers strike.
Anthropic built an AI that found a 27-year-old bug in OpenBSD.
Video
The same model found a 16-year-old vulnerability in FFmpeg that survived 5 million automated tests.
This is structural shift in how security works.
What Claude Mythos Does
- Discovered a 27-year-old vulnerability in OpenBSD and a 16-year-old bug in FFmpeg
- Chains multiple vulnerabilities into complex exploits that rival elite human hackers
- Converts 72.4% of identified vulnerabilities into working exploits (previous models: near 0%)
- Scores 93.9% on SWE-bench coding tests (previous best: 80.8%)
- Achieves 83.1% on cybersecurity benchmarks (previous: 66.6%)
How Security Capability Emerged Without Direct Training
Claude Mythos was trained to write code. The cybersecurity capabilities emerged as a downstream consequence.
The same improvements that made the model better at patching vulnerabilities made it better at exploiting them.
You train someone to be the world’s best locksmith.
You do not teach them to break into houses. But now they understand locks so well that breaking in becomes trivial. That skill came free.
Mythos scores 93.9% on SWE-bench, the industry standard for measuring how well AI fixes real-world software bugs.
The previous best model, Opus, scored 80.8%. On cybersecurity benchmarks, Mythos hit 83.1% compared to Opus at 66.6%.
Benchmarks do not tell you what matters.
What Matters: Training AI for one capability (coding) automatically creates another (exploitation). This dual-use nature is not a bug. It is structural.
Real-World Vulnerabilities Claude Mythos Identified
The model found vulnerabilities that remotely crash OpenBSD servers. It identified bugs in Linux that let users with zero permissions become administrators.
It discovered flaws in the video processing software that powers nearly every major service on the internet.
More important: it chains vulnerabilities together.
Mythos wrote a web browser exploit that linked four separate vulnerabilities, creating a complex attack that escaped both renderer and OS sandboxes.
That kind of chaining sits at the edge of elite human hacker capability.
The exploit success rate tells you everything. Mythos converts 72.4% of identified vulnerabilities into working exploits within Firefox’s JavaScript shell.
The previous model had a near-0% success rate. This is not iteration. This is a phase transition.
Critical Insight: The ability to chain vulnerabilities separates automated tools from strategic threats. Mythos operates at the strategic level.
Why This Creates an Unsolvable Dilemma
Anthropic now holds a model that secures critical infrastructure across the internet. It also breaks that same infrastructure if it reaches the wrong hands.
You do not uninvent this capability. You do not keep it secret forever. Someone else will build something equivalent within 12 to 24 months.
The timeline between vulnerability discovery and exploitation has collapsed.
What once took months now happens in minutes with AI assistance. CrowdStrike’s 2026 Global Threat Report documented an 89% year-over-year increase in attacks using AI.
The assumption that defenders get time to respond is strategically obsolete.
The Reality: Dual-use AI tools create a permanent security dilemma. The question is not whether offensive capabilities emerge. The question is who gets access first.
Project Glasswing: Giving Defenders the First Move
Anthropic chose not to release Mythos publicly. Instead, they launched Project Glasswing.
They partnered with AWS, Apple, Google, Microsoft, Nvidia, Cisco, CrowdStrike, and JP Morgan.
They opened access to over 40 organizations maintaining critical open-source infrastructure.
They committed $100 million in usage credits and donated $4 million directly to open-source security groups.
The defenders get the tool first.
This matters because open-source maintainers have historically operated without enterprise-grade security resources.
Their code underpins the systems billions of people depend on, including the systems AI agents use to write new software.
Project Glasswing redistributes security advantage from well-capitalized enterprises to infrastructure-critical projects.
For the first time, the maintainers of foundational code get access to frontier AI models before attackers do.
Strategic Shift: Security is no longer determined by who has the biggest budget. It is determined by who gets access to the scanning tools first.
What This Means for Your Infrastructure
The infrastructure you run today contains vulnerabilities AI has already found but humans have not patched yet.
Due to the volume of discoveries, Anthropic reports that fewer than 1% of identified bugs have been fully patched.
They are working through thousands of additional high and critical-severity vulnerabilities for responsible disclosure.
You will not see this happening. You will get a software update. Behind that update sits an AI that found a vulnerability a human might never have caught.
Security has always been a Fortune 500 problem. Big companies hire red teams, run penetration tests, pay millions for security audits. Small businesses install antivirus software and hope.
What Glasswing does is trickle down Fortune 500-level security to everyone.
When Mythos finds a bug in Linux or in a web framework your site runs on, that fix reaches you.
You benefit from the same AI scanning that protects Apple and Google infrastructure.
You do not pay for it. You do not know it is happening. But you are protected by it.
Infrastructure Impact: AI-driven vulnerability discovery shifts security from reactive patching to proactive scanning at a scale humans cannot match.
Why This Pattern Will Accelerate
This is not a one-time event. Every generation of AI models will be better at finding exploits.
The uncomfortable truth: the exponential curve does not flatten. It gets steeper.
What I watch for is whether this becomes the new standard or whether this is something one lab did once.
The labs that build safety plans before they need them will be the ones we trust with the next generation.
The ones that do not will be the ones that cause the headlines we all fear.
For the first time, the defenders got a real head start. That matters more than most people realize.
The Precedent: Anthropic’s choice to give defenders early access sets a template for responsible AI deployment in dual-use domains.
Frequently Asked Questions
What is Claude Mythos?
Claude Mythos is an AI model developed by Anthropic for advanced code analysis. It was trained to write and fix code, but cybersecurity capabilities emerged as a side effect of its deep understanding of software systems.
How does Claude Mythos find vulnerabilities humans miss?
Mythos analyzes code at scale and speed that humans cannot match. It also chains multiple small vulnerabilities into complex exploits, a technique that requires expert-level understanding of system architecture.
Why is Anthropic not releasing Claude Mythos publicly?
Because the same capabilities that make Mythos excellent at finding and fixing vulnerabilities also make it excellent at exploiting them. Public release would give attackers immediate access to a tool that outperforms most human hackers.
What is Project Glasswing?
Project Glasswing is Anthropic’s initiative to give defensive security teams early access to Claude Mythos. Partners include AWS, Apple, Google, Microsoft, and over 40 open-source organizations. Anthropic committed $100 million in usage credits and $4 million in direct funding.
How does this affect my business or website?
You will benefit from AI-discovered security patches without knowing it. When Mythos finds vulnerabilities in Linux, web frameworks, or other foundational software, those fixes get distributed through normal update channels. You get Fortune 500-level security scanning without paying for it.
Will other companies build similar AI models?
Yes. Anthropic estimates that equivalent capabilities will emerge from other labs within 12 to 24 months. This is why giving defenders early access matters. The window to patch vulnerabilities before attackers get similar tools is narrow.
What happens to the vulnerabilities Claude Mythos finds?
Anthropic works with affected organizations through responsible disclosure. Due to the volume of discoveries, fewer than 1% of identified bugs have been fully patched so far. They are working through thousands of high and critical-severity vulnerabilities.
Is this the future of cybersecurity?
Yes. AI-driven vulnerability discovery will become standard in both offensive and defensive security. The organizations that adapt first will have a structural advantage. The ones that do not will be playing catch-up in an environment where attack timelines have collapsed from months to minutes.
Key Takeaways
- AI models trained for coding automatically develop exploitation capabilities as a side effect of understanding software deeply.
- Claude Mythos discovered vulnerabilities that survived decades of human review and millions of automated tests, then chained them into elite-level exploits.
- The timeline between vulnerability discovery and exploitation has collapsed from months to minutes with AI assistance.
- Project Glasswing gives defensive security teams early access to Claude Mythos before attackers develop equivalent tools.
- Open-source maintainers now get Fortune 500-level security scanning, redistributing defensive advantage from well-funded enterprises to infrastructure-critical projects.
- Fewer than 1% of AI-discovered vulnerabilities have been patched so far due to volume, meaning your infrastructure contains flaws AI has already found.
- Anthropic’s decision to prioritize defensive deployment sets a precedent for responsible handling of dual-use AI capabilities.
