Publicly available AI models can replicate many of the advanced software vulnerability findings previously attributed exclusively to Anthropic’s specialized Mythos and Project Glasswing research tools.

Key Points

• Researchers used open-source coding agent opencode with GPT-5.4 and Claude Opus 4.6 to test vulnerability discovery across various software projects.
• The study successfully reproduced critical security flaws in FreeBSD, Botan, and OpenBSD using widely accessible models.
• Results were mixed for FFmpeg and wolfSSL, where models provided partial signals but failed to achieve full, exact vulnerability reproduction.
• The testing workflow utilized a standardized, two-step agentic process involving automated planning and file-level detection rather than manual intervention.
• Each file scan was completed at a cost of less than $30, demonstrating that high-level security research is no longer gated by proprietary lab access.

Why it Matters

The ability of public models to perform complex vulnerability research indicates that the competitive advantage in cybersecurity is shifting from model access to the operational ability to validate and prioritize findings. Organizations must now focus on integrating these AI capabilities into their existing software development lifecycles to manage the increased volume of potential security discoveries.