Anthropic claims its new Claude Mythos Preview can autonomously discover and exploit vulnerabilities in virtually any software, releasing it only to a few dozen orgs via Project Glasswing.
Anthropic announced Claude Mythos Preview, a model it claims can autonomously find and exploit vulnerabilities in any operating system, browser, or software product. Rather than a public release, Anthropic is distributing Mythos Preview exclusively through Project Glasswing — a consortium of roughly a few dozen organizations including Microsoft, Apple, Google, and the Linux Foundation. The intent is to give defenders a head start before capabilities like this become broadly available. Skeptics argue AI-assisted exploitation already exists and that this framing benefits Anthropic commercially, while others in security research validate the severity of the claim.
If Anthropic's claims hold, the time-to-exploit for unpatched vulnerabilities just collapsed. Developers building on or maintaining software with public-facing attack surfaces need to treat automated vulnerability discovery as a present-day threat, not a future one. The practical implication: your current patch cadence and dependency hygiene practices are likely calibrated for human-speed attackers — that baseline is now wrong.
Run a dependency audit on your production codebase this week using Dependabot or Snyk — identify any CVEs rated 7.0+ CVSS that have patches available but haven't been applied, and prioritize those above all other backlog items.
Go to snyk.io and connect your GitHub repo via the dashboard
Tags
Also today
Signals by role
Also today
Tools mentioned