When Bug-Finding Outruns Bug-Fixing

Anthropic’s system card says Mythos is its most capable model yet. Its Project Glasswing announcement makes it clear that Anthropic will not make Mythos globally available. Instead, it will only be rolled out into a restricted defensive program. That amounts to a public admission. Frontier AI has crossed into offensive cyber territory serious enough that a major lab chose not to release its best model in the normal way. (Anthropic)

Mythos abilities appear to have fallen out of general progress. In Anthropic’s technical writeup, the company says it did not explicitly train Mythos for cybersecurity. The capability emerged from better code, reasoning, and autonomy. Anthropic also says Mythos can identify and exploit zero-days across every major operating system and browser, found a 27-year-old OpenBSD bug and a 16-year-old FFmpeg bug, and turned Firefox 147 crashes into working exploits 181 times, versus 2 for Opus 4.6. (Red Anthropic)

The general benchmark picture makes this harder to wave away as a narrow security demo. The system card reports 93.9% on SWE-bench Verified, 94.5% on GPQA Diamond, 97.6% on USAMO 2026, and 79.6% on OSWorld. Anthropic also says Mythos still does not clear its automated AI-R&D threshold, which keeps the frame grounded: this is a cyber threshold event first.

Bug-finding, however, can scale much faster than bug-fixing. Anthropic’s own numbers point the same way. Over 99% of the vulnerabilities Mythos has found are still unpatched. Glasswing gives launch partners like AWS, Apple, Google, Microsoft, Cisco, CrowdStrike, Palo Alto Networks, JPMorganChase, Broadcom, NVIDIA, and the Linux Foundation, plus 40+ additional infrastructure organizations, early access and up to $100M in usage credits, with a public report promised within 90 days. Glasswing is a controlled effort to buy patching time.

Anthropic’s February 0-days note said Opus 4.6 had already found and validated 500+ high-severity vulnerabilities and warned that standard 90-day disclosure norms may not survive LLM-scale discovery. Simon Willison surfaced the human version of that problem: kernel maintainer Greg Kroah-Hartman says the flow of AI-generated reports has flipped from obvious slop to real reports, and curl’s Daniel Stenberg says he is spending hours a day on them. (Red Anthropic)

Meanwhile, AISLE’s experiments suggest that once the right system narrows the search, smaller and cheaper models can recover a surprising amount of the same vulnerability analysis Anthropic showcased. Indeed, access itself can become a structural advantage. If both are right, the moat moves away from the model and toward the remediation machine: triage, disclosure, maintainer trust, patch pipelines, and the judgment to know which fix won’t break production.

Finally, Anthropic adds one more uncomfortable nuance. It calls Mythos its best-aligned model yet, and also the alignment-related model it worries about most, because rare failures now sit behind much more capability. Anthropic’s cyber team says Mythos wrote exploits in hours that expert penetration testers said would have taken weeks. In fact, Mythos is best understood as an exploitative lab that never sleeps. Give a capable actor that kind of patience and the timeline changes.