Singularity.Kiwi

AI progress, with honesty.
Breaking
Anthropic's Project Glasswing: AI Finds Vulnerabilities Humans Missed for Decades Daily News: April 8, 2026 Daily News: April 5, 2026 Daily News: April 4, 2026 AGI Countdown Update: April 3, 2026 Daily News: April 3, 2026 AGI Countdown Update: April 2, 2026 Anthropic's Project Glasswing: AI Finds Vulnerabilities Humans Missed for Decades Daily News: April 8, 2026 Daily News: April 5, 2026 Daily News: April 4, 2026 AGI Countdown Update: April 3, 2026 Daily News: April 3, 2026 AGI Countdown Update: April 2, 2026
Cybersecurity code on screen showing vulnerability detection
Breaking AI News 8 April 2026

Anthropic's Project Glasswing: AI Finds Vulnerabilities Humans Missed for Decades

Anthropic assembled Apple, Google, Microsoft, and 40+ more to deploy Claude Mythos Preview — an AI that found thousands of vulnerabilities including a 27-year-old OpenBSD bug humans never caught.

cybersecurityanthropicproject-glasswingclaude-mythos

Anthropic’s Project Glasswing: AI Finds Vulnerabilities Humans Missed for Decades

Anthropic has assembled a coalition of tech giants — Apple, Google, Microsoft, Amazon, Nvidia, Cisco, CrowdStrike, and 40+ more — to deploy an AI model that found thousands of previously unknown security vulnerabilities, including a 27-year-old bug in OpenBSD and flaws in every major operating system and web browser.

What Just Happened

Anthropic announced Project Glasswing, a cybersecurity initiative built around Claude Mythos Preview — a new frontier AI model that operates autonomously to find and exploit software vulnerabilities.

The model’s achievements:

  • Found “thousands of high-severity vulnerabilities” in recent weeks
  • Discovered flaws in every major operating system and web browser
  • Identified a 27-year-old vulnerability in OpenBSD (used for firewalls and critical infrastructure)
  • Found a 16-year-old bug in FFmpeg that automated testing had hit 5 million times without catching
  • Autonomously chained Linux kernel vulnerabilities to achieve complete machine control

The kicker: Mythos did this “entirely autonomously, without any human steering.”

The coalition:

  • Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, NVIDIA, Palo Alto Networks, Linux Foundation, Apache Software Foundation, and 40+ additional organizations

The commitment:

  • $100 million in usage credits
  • $4 million in direct donations to open-source security foundations
  • Model access restricted to defenders, not publicly released

Why This Is Breaking News

1. This changes cybersecurity forever. The gap between attacker and defender capabilities has collapsed. CrowdStrike’s CTO said it: “The window between a vulnerability being discovered and being exploited by an adversary has collapsed — what once took months now happens in minutes with AI.”

2. The model found bugs humans missed for decades. OpenBSD has a reputation as one of the most security-hardened operating systems in the world. Mythos found a vulnerability that had existed for 27 years.

3. Fierce competitors are now cooperating. Apple, Google, Microsoft, and Amazon don’t normally collaborate on security at this level. The fact that they’re working together suggests the threat assessment is existential.

4. The model won’t be publicly released. This is the first time a major AI company has developed a frontier model and kept it restricted specifically because of its capabilities.

5. This is defensive, but the same tech can be offensive. The announcement emphasizes defense, but Anthropic acknowledges: “adversaries will inevitably look to exploit the same capabilities.”

The Technical Details

Mythos Preview wasn’t specifically trained for cybersecurity. Its capabilities come from “strong agentic coding and reasoning skills” — general software abilities that turn out to be extremely effective at finding vulnerabilities.

TaskMythos PreviewOpus 4.6
Cybersecurity Vulnerability Reproduction83.1%66.6%
SWE-bench Verified77.8%53.4%
SWE-bench Pro82.0%65.4%
Terminal-Bench 2.093.9%80.8%

The vulnerability examples:

  1. OpenBSD remote crash: A 27-year-old vulnerability allowing remote attackers to crash any machine running OpenBSD just by connecting to it.

  2. FFmpeg codec bug: A 16-year-old flaw in video processing code that automated security testing had “hit five million times” without detecting.

  3. Linux kernel privilege escalation: Mythos autonomously found and chained multiple vulnerabilities to escalate from ordinary user access to complete machine control.

What the Partners Are Saying

Cisco: “AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats, and there is no going back.”

CrowdStrike: “The window between a vulnerability being discovered and being exploited by an adversary has collapsed — what once took months now happens in minutes with AI.”

Linux Foundation: “Open source maintainers — whose software underpins much of the world’s critical infrastructure — have historically been left to figure out security on their own. Project Glasswing offers a credible path to changing that equation.”

The Geopolitical Angle

Anthropic explicitly acknowledges the national security implications: “Securing critical infrastructure is a top national security priority for democratic countries — the emergence of these cyber capabilities is another reason why the US and its allies must maintain a decisive lead in AI technology.”

The company has briefed senior US government officials about Mythos Preview’s capabilities. This isn’t just corporate security. This is infrastructure security at a national level.

What Happens Next

90-day report: Anthropic will publicly report on vulnerabilities fixed and improvements made.

Practical recommendations: Partners will produce guidelines for vulnerability disclosure, software updates, open-source security, and patching automation.

Broader access: Open-source maintainers can apply through the Claude for Open Source program.

The Honest Take

This is the most significant AI security announcement since ChatGPT launched. Not because of the model’s raw intelligence, but because of what it demonstrates about the future of cybersecurity.

The uncomfortable truth: Every piece of software we rely on has vulnerabilities that humans and automated testing have missed for decades. Mythos just proved that AI can find them.

The arms race: This technology will proliferate. Adversaries will get similar capabilities. The question isn’t whether AI will find your vulnerabilities — it’s whether defenders or attackers find them first.

What changes:

  • Software development will need AI security testing from the start
  • Open-source maintainers will get tools previously reserved for large corporations
  • The attack window has collapsed from months to minutes
  • Patching speed becomes critical in ways it never was before

What doesn’t change:

  • This doesn’t fix existing vulnerabilities — it finds them
  • This doesn’t prevent all attacks — it’s one tool in the security stack
  • This doesn’t eliminate the need for human security experts — it augments them

Sources

  • Anthropic: “Project Glasswing: Securing critical software for the AI era”
  • The Verge: “Anthropic debuts Project Glasswing and new AI model for cybersecurity”
  • ZDNet: “Apple, Google, and Microsoft join Anthropic’s Project Glasswing”
Sources: Anthropic, ZDNet, The Verge

More from Breaking AI News