What happened
Anthropic launched Project Glasswing, providing Claude Mythos Preview — a model with exceptional security research capabilities — to 12 launch partners including AWS, Apple, Google, Microsoft, NVIDIA, CrowdStrike, and Palo Alto Networks. Mythos autonomously discovered thousands of zero-day vulnerabilities across Windows, Linux, macOS, Chrome, Firefox, and Safari, including a 17-year-old FreeBSD RCE (CVE-2026-4747). Anthropic is committing $100M in usage credits and $4M to open-source security organisations.
Why it matters
This represents a step-change in AI-assisted vulnerability discovery. The model's ability to autonomously find and exploit decades-old vulnerabilities across major platforms signals that both defenders and attackers will soon have access to similar capabilities, fundamentally altering the vulnerability disclosure landscape.
Applicability
Critical infrastructure operators, OS vendors, browser vendors, and open-source maintainers should monitor Glasswing disclosures. Security teams should prepare for a significant increase in vulnerability disclosures in the coming weeks as partners run Mythos against their codebases.