When the Model Finds 27-Year-Old Bugs: Anthropic's Project Glasswing

Anthropic just released their most powerful model yet. But you can't have it.

Claude Mythos isn't another chatbot update. It's a cybersecurity research tool that found thousands of high-severity vulnerabilities—including one in OpenBSD that had been sitting there for 27 years.

The decision to restrict access wasn't marketing theater. It's a genuine acknowledgment that the capability gap has widened fast enough to warrant pause.

What Mythos Can Actually Do

The technical details in Anthropic's announcement are striking:

• Wrote a browser exploit chaining four vulnerabilities together
• Achieved remote code execution on FreeBSD's NFS server via a 20-gadget ROP chain split across packets
• Found local privilege escalation on Linux by exploiting race conditions and KASLR bypasses
• Discovered a 27-year-old TCP vulnerability in OpenBSD that could crash any server with malformed packets

For comparison: Claude Opus 4.6 had a near-0% success rate developing working exploits. Mythos succeeded 181 times out of several hundred attempts.

That's not incremental improvement. It's a capability jump that changes the economics of vulnerability research.

Why This Matters for Everyone Building with AI

The timing is interesting. Last Friday, Simon Willison started a new "ai-security-research" tag on his blog. Greg Kroah-Hartman of the Linux kernel noted that AI-generated security reports switched from "slop" to "real" about a month ago. Daniel Stenberg of curl is spending hours per day on AI-generated reports that are "really good."

Thomas Ptacek published "Vulnerability Research Is Cooked" after a conversation with Anthropic's Nicholas Carlini, who mentioned he'd found more bugs in the last two weeks than in his entire career combined.

This isn't hypothetical anymore. The tools are already out there, being used by researchers. The question is how to manage the transition period when capability outpaces defense.

The Glasswing Approach

Project Glasswing gives access to:

• AWS, Apple, Microsoft, Google, and the Linux Foundation
• $100M in usage credits
• $4M in direct donations to open-source security organizations

The model itself won't be generally available. Anthropic is explicitly saying: this is too dangerous for public deployment right now, but the responsible path is to let trusted partners find and fix vulnerabilities before the capabilities proliferate.

That's different from the usual release-first-patch-later dynamic we've seen in AI.

The Trade-Off

Not everyone will agree with the restriction. Security researchers could argue that broader access means faster patch discovery. Malicious actors will eventually get similar capabilities regardless.

But there's something to be said for giving infrastructure maintainers a head start. The OpenBSD bug sat unnoticed for decades. Linux kernel vulnerabilities affect everything. These are foundational systems that deserve coordinated disclosure timelines.

What This Signals About AI Development

The Mythos announcement marks a shift in how frontier AI companies think about deployment. The industry has moved from "release everything" to "release with safeguards" to now "some capabilities need restricted access."

It's also a reminder that the gap between what models can find and what humans can defend against is not static. The more capable the model, the more important the deployment strategy.

For developers and security teams: this is your signal to start taking AI-assisted vulnerability research seriously. The tools are coming. Some are already here. The question is whether your systems will be ready when they arrive.