What happened
Anthropic released Claude Mythos Preview under Project Glasswing, a controlled-access program enabling Microsoft, Amazon, Apple, and select partners to use AI for vulnerability discovery. Mythos found 271 vulnerabilities in Firefox (patched in v150), with Mozilla confirming all could have been found by elite human researchers but at unprecedented speed. Microsoft announced integration into its Security Development Lifecycle (SDL) for faster vulnerability identification and remediation.
Why it matters
This marks the first production deployment of AI models capable of discovering vulnerabilities at machine speed, fundamentally changing the economics of offensive vs. defensive security. Organizations must reassess patch cycles and prioritization strategies (Anthropic recommends EPSS scoring) as vulnerability discovery accelerates from days to minutes. The controlled rollout also signals industry recognition that unrestricted access to such capabilities poses systemic risk.
Applicability
Any organization maintaining software should evaluate: (1) whether their patch cycle can handle AI-discovered vulnerability volumes, (2) if they qualify for Project Glasswing access as a defensive partner, (3) how their red teams can simulate AI-accelerated offense. Prioritize EPSS integration and runtime detection over static assessments.