Anthropic’s Project Glasswing coalition is utilizing the Claude Mythos Preview AI model to identify critical software vulnerabilities at a scale that significantly outpaces traditional manual security auditing methods.

Key Points

• Project Glasswing includes major technology firms like Amazon, Apple, Google, Microsoft, and Cisco.
• The Claude Mythos Preview model identified a 27-year-old exploitable bug in OpenBSD that had previously evaded detection.
• Anthropic reports that over 99% of the vulnerabilities discovered by the AI model currently remain unpatched.
• The AI is capable of identifying and chaining memory safety flaws, such as buffer overflows, into functional exploits.
• Experts recommend shifting from a patch-only strategy to implementing binary hardening and runtime protections to improve system resilience.

Why it Matters

The rapid discovery of vulnerabilities by AI is collapsing the traditional patch window, leaving organizations unable to keep pace with potential security threats. This shift forces companies to prioritize software resilience and binary hardening over traditional remediation to mitigate risks from unpatched legacy code.