| This week, AI crossed a threshold that security experts have been dreading. |
| Anthropic built their most capable model to date, watched it autonomously find thousands of previously unknown vulnerabilities across every major operating system and browser, and then decided not to release it to the public. That decision, and what they built instead, is the story this week. |
|
|
What Happened?
|
|
| “The model is called Claude Mythos Preview. And it was not trained specifically for cybersecurity. The capabilities emerged on their own, a byproduct of improvements in coding, reasoning, and autonomy. To specify, Anthropic didn’t set out to build a cyberweapon. They built a better AI and discovered that a better AI is also, by default, a more capable attacker. |
| Here’s what it found before anyone stopped it. A 27-year-old vulnerability in OpenBSD — an operating system built specifically for security hardening — that let an attacker remotely crash any machine just by connecting to it. A 16-year-old flaw in FFmpeg, a line of code that automated testing tools had hit five million times without ever catching it. A chain of Linux kernel vulnerabilities that escalated from ordinary user access to complete machine control. Fully autonomously, with no human steering after the initial prompt. |
| The cost to find the OpenBSD bug: $50 in computing. |
| Rather than sit on the model, Anthropic assembled Project Glasswing and pointed Mythos at the world’s most critical software before adversaries could do the same. Partners include AWS, Apple, Google, Microsoft, Cisco, CrowdStrike, Nvidia, JPMorganChase, Palo Alto Networks, Broadcom, and the Linux Foundation. Over 40 additional organizations building or maintaining critical infrastructure also have access. Anthropic is committing $100M in usage credits and $4M in direct donations to open-source security organizations. |
| Anthropic privately briefed senior US government officials before the announcement. Fortune reported the company warned them directly: Mythos makes large-scale cyberattacks significantly more likely this year. Alex Stamos, former head of security at Facebook and Yahoo, put the timeline plainly: roughly six months before open-weight models catch up to frontier models in vulnerability discovery. At that point, any ransomware actor will be able to find and weaponize zero-day bugs with minimal cost and no forensic trace. |
| Now, Anthropic noted something quietly in the technical documentation that most coverage missed. The capabilities were not intentional. They stated: “We did not explicitly train Mythos Preview to have these capabilities. Rather, they emerged as a downstream consequence of general improvements in code, reasoning, and autonomy.” |
- The window is closing fast. Six months is not a planning horizon. It is a deadline. Organizations that have not stress-tested their security assumptions against AI-assisted attackers need to start that conversation now, not after the next breach report.
- The $50 number is the real signal. The fact that a decades-old vulnerability in one of the world’s most hardened operating systems fell to $50 of compute changes the economics of every attack permanently.
- Project Glasswing is a head start, not a solution. The 40-plus organizations inside it will patch what they find. But Mythos-class capability will proliferate. The question is whether your security posture was built for a world where the attacker has a PhD-level exploit developer running 24/7 at near-zero cost.
|
|
|
| What This Means For You: |
| The standard security playbook — patch regularly, train staff, invest in perimeter defense — is not wrong. It is just no longer sufficient on its own. |
| The threat model has changed. Vulnerabilities that survived decades of human review and millions of automated tests are now findable in an afternoon. Your vendors are inside the Glasswing coalition, or they are not. Your open-source dependencies either got scanned, or they didn’t. These are now questions worth asking your security team before the 90-day public report Anthropic has committed to. |
| The defensive window is real, but it is short. Use it.” |
|
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.