This week, AI crossed a threshold that security experts have been dreading.
Anthropic built their most capable model to date, watched it autonomously find thousands of previously unknown vulnerabilities across every major operating system and browser, and then decided not to release it to the public. That decision, and what they built instead, is the story this week.
What Happened?
The model is called Claude Mythos Preview. And it was not trained specifically for cybersecurity. The capabilities emerged on their own, a byproduct of improvements in coding, reasoning, and autonomy. To specify, Anthropic didn't set out to build a cyberweapon. They built a better AI and discovered that a better AI is also, by default, a more capable attacker.
Here's what it found before anyone stopped it. A 27-year-old vulnerability in OpenBSD — an operating system built specifically for security hardening — that let an attacker remotely crash any machine just by connecting to it. A 16-year-old flaw in FFmpeg, a line of code that automated testing tools had hit five million times without ever catching it. A chain of Linux kernel vulnerabilities that escalated from ordinary user access to complete machine control. Fully autonomously, with no human steering after the initial prompt.
The cost to find the OpenBSD bug: $50 in computing.
Rather than sit on the model, Anthropic assembled Project Glasswing and pointed Mythos at the world's most critical software before adversaries could do the same. Partners include AWS, Apple, Google, Microsoft, Cisco, CrowdStrike, Nvidia, JPMorganChase, Palo Alto Networks, Broadcom, and the Linux Foundation. Over 40 additional organizations building or maintaining critical infrastructure also have access. Anthropic is committing $100M in usage credits and $4M in direct donations to open-source security organizations.
Anthropic privately briefed senior US government officials before the announcement. Fortune reported the company warned them directly: Mythos makes large-scale cyberattacks significantly more likely this year. Alex Stamos, former head of security at Facebook and Yahoo, put the timeline plainly: roughly six months before open-weight models catch up to frontier models in vulnerability discovery. At that point, any ransomware actor will be able to find and weaponize zero-day bugs with minimal cost and no forensic trace.
Now, Anthropic noted something quietly in the technical documentation that most coverage missed. The capabilities were not intentional. They stated: "We did not explicitly train Mythos Preview to have these capabilities. Rather, they emerged as a downstream consequence of general improvements in code, reasoning, and autonomy."
The window is closing fast. Six months is not a planning horizon. It is a deadline. Organizations that have not stress-tested their security assumptions against AI-assisted attackers need to start that conversation now, not after the next breach report.
The $50 number is the real signal. The fact that a decades-old vulnerability in one of the world's most hardened operating systems fell to $50 of compute changes the economics of every attack permanently.
Project Glasswing is a head start, not a solution. The 40-plus organizations inside it will patch what they find. But Mythos-class capability will proliferate. The question is whether your security posture was built for a world where the attacker has a PhD-level exploit developer running 24/7 at near-zero cost.
What This Means For You:
The standard security playbook — patch regularly, train staff, invest in perimeter defense — is not wrong. It is just no longer sufficient on its own.
The threat model has changed. Vulnerabilities that survived decades of human review and millions of automated tests are now findable in an afternoon. Your vendors are inside the Glasswing coalition, or they are not. Your open-source dependencies either got scanned, or they didn't. These are now questions worth asking your security team before the 90-day public report Anthropic has committed to.
The defensive window is real, but it is short. Use it.
Clutch. Just launched.
OpenClaw made it easy to get an agent running. Clutch makes it safe to run that agent at work.
Secure multi-agent deployment, built for teams that need more than a single-machine setup. We just launched.
a16z just published the first hard data on where enterprises are actually using AI
29% of the Fortune 500 and 19% of the Global 2000 are live, paying customers of a leading AI startup today. Coding is the dominant use case by nearly an order of magnitude. Tech, legal, and healthcare are the earliest-adopting industries. The widely-cited MIT stat that 95% of AI pilots fail to convert? a16z says their data doesn't support it.Meta just shipped Muse Spark and quietly walked away from open source
The model, originally code-named Avocado, is the first from Meta Superintelligence Labs under Alexandr Wang. It is small, fast, and closes the gap on Llama 4, but it is closed. The company that built its entire AI reputation on open source is now hedging. Meta says it hopes to open-source future versions. But the flagship ships proprietary. That is a meaningful shift for the industry's largest open-model contributor.AWS CEO: AI coding agents replacing enterprise software is "overblown"
Matt Garman pushed back at HumanX this week on the narrative that tools like Claude Code will replace Salesforce, ServiceNow, and the rest of the enterprise stack. His framing: AI is enormously disruptive and a huge opportunity. But incumbents will adapt, not collapse. Worth noting, he said this at a conference while Amazon holds a significant stake in Anthropic and runs Claude on AWS infrastructure.
I've been watching the reaction to the Glasswing announcement from security practitioners this week, and the honest read is: people are rattled.
Not because the initiative is bad. It's clearly the right call. But the combination of the $50 compute cost, the autonomous exploit chaining, and the six-month window before open-weight models catch up. That's a lot to absorb in one announcement.
What I keep coming back to is the framing Anthropic used. They called Mythos "both the best-aligned and the most alignment-risky model we've ever built." Those two things being true simultaneously is exactly where we are with frontier AI right now. The same capability that makes it useful makes it dangerous. And the organizations that understand that tension early are the ones that will be positioned for what comes next.
That's the exact problem Clutch was built for. When agents have this level of capability, you need a deployment layer that controls what they can touch, who can run them, and what they can do. Not as an afterthought, but as the foundation.
If you're thinking through what this means for how your organization deploys AI, Clutch is worth a look.
Haroon
P.S. The Glasswing public report drops within 90 days. When it does, it will be the most detailed public accounting of what AI can do to production software that the industry has ever seen. I'll cover it the week it lands.