Anthropic Just Proved AI Can Find Vulnerabilities Faster Than Your Security Team. Here's What That Means.
By Brian Haugli, CEO, SideChannel
Last week, Anthropic dropped something that should be on every security leader’s radar — not because it’s a press release about AI being amazing, but because it contains real numbers that change how you have to think about your patch management cycle, your disclosure timelines, and frankly, your entire defensive posture.
Project Glasswing is Anthropic’s coordinated effort to use their new model — Claude Mythos Preview — to find vulnerabilities at scale before adversaries get access to similar capability. The coalition behind it includes Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. That’s not a PR list. That’s an industry acknowledging that something real just shifted.
Let me tell you what actually happened.
What Mythos Found
The research team at Anthropic gave Claude Mythos Preview access to widely-used software and let it run. The results aren’t theoretical. The model autonomously found thousands of high and critical-severity vulnerabilities across every major operating system, every major web browser, and critical infrastructure software. Not identified-as-possible — actually discovered, with working exploits.
A 27-year-old vulnerability in OpenBSD. A signed integer overflow in the TCP SACK implementation that enables remote denial-of-service. The model found it. Not a researcher with a hypothesis — an AI working through code with no human intervention.
A 16-year-old bug in FFmpeg’s H.264 codec. Automated fuzzing tools had run 5 million test iterations without catching it. Mythos found it.
In Firefox vulnerability exploitation testing, Claude Opus 4.6 — Anthropic’s current flagship — produced 2 successful exploits from hundreds of attempts. Mythos Preview produced 181 working exploits, with 29 additional register control successes.
On OSS-Fuzz benchmarks across 7,000 entry points: previous models maxed out at 1–2 tier-3 crashes, with zero tier-5 achievements. Mythos produced 595 tier-1/2 crashes and 10 full control flow hijacks.
The performance benchmark on CyberGym’s vulnerability reproduction benchmark: 83.1% for Mythos Preview vs. 66.6% for Claude Opus 4.6.
These aren’t marginal improvements. This is a different category of capability.
CrowdStrike CTO Elia Zaitsev put it plainly: “The window between a vulnerability being discovered and being exploited by an adversary has collapsed — what once took months now happens in minutes with AI.”
What This Means for Your Organization Right Now
If you run a vCISO program, manage a security team, or sit on a board that gets a quarterly security update — here’s the actual translation:
Your patch deployment cycle is too slow. It was already too slow before this. The assumption that you have weeks or months between a CVE being published and it being actively exploited is gone. Treat every critical CVE fix as urgent, not routine maintenance. If your team is still batch-processing patches on a 30 or 60-day cycle, that process is now a liability.
Over 99% of the vulnerabilities Mythos found remain unpatched. Anthropic committed to coordinated disclosure timelines of up to 135 days and SHA-3 hash commitments for unreleased findings. That’s responsible. But the math is still uncomfortable — thousands of real vulnerabilities in production software, most of them unfixed, found by a model that’s not yet publicly available.
Enable auto-updates wherever feasible. Shorten software distribution cycles. If you’re shipping anything, the gap between when a patch exists and when customers receive it is now an attack surface.
For legacy systems with unavailable developers — you need contingency plans now, not when the next incident happens.
The Cyber Verification Program: What Security Professionals Need to Know
One thing buried in the Glasswing announcement that practitioners should pay close attention to: Anthropic is launching a Cyber Verification Program.
Here’s the problem it solves. As AI models get better at offensive security tasks, they also get more restricted by default safety measures. For red teamers, penetration testers, vulnerability researchers, and incident responders, those restrictions can block legitimate defensive work. You’re trying to simulate an attacker to protect a client, and the model won’t cooperate because it can’t distinguish your intent from a malicious one.
The Cyber Verification Program creates a pathway for security professionals whose work is affected by those safeguards to apply for appropriate exceptions. Anthropic is acknowledging something the security community has known for years: defensive work and offensive technique are not separable. You can’t protect against attacks you don’t understand.
Over 40 organizations maintaining critical software infrastructure already received extended access to Mythos Preview through the research phase. The Claude for Open Source program offers discounted or donated access for qualifying organizations.
If you run a security practice and your team does penetration testing, red team engagements, or vulnerability research — this program is worth understanding and applying for. The models that are coming will be genuinely useful for security work if you have the access level to use them fully.
What Anthropic Is Committing To
Within 90 days of the Glasswing launch, Anthropic will publicly report discovered vulnerabilities, fixed findings, and program improvements. They’re also committing $100 million in model usage credits for research participants, $2.5 million to Alpha-Omega and OpenSSF through the Linux Foundation, and $1.5 million to the Apache Software Foundation.
The governance question — who should oversee large-scale AI-enabled vulnerability discovery at this magnitude — remains open. Anthropic floated the idea of an independent third-party body combining private and public-sector organizations. That’s the right instinct. The industry needs a framework for this before the capability becomes ubiquitous.
The Defender’s Moment
Here’s what I think is actually true about this moment, based on 25+ years of working security from the Pentagon to Fortune 500 boardrooms:
AI-enabled vulnerability discovery is going to favor defenders or attackers based almost entirely on who deploys it first and most systematically. That’s not optimism — that’s how every security capability has worked since firewalls.
The attack side does not need permission or partnerships to use these models. They will use whatever’s available. The defense side — the legitimate security community — is the one that needs programs like Glasswing, verification frameworks like the Cyber Verification Program, and coordinated disclosure infrastructure to do this at scale responsibly.
Anthropic is betting that if they can get defenders organized and equipped before attackers have comparable tools, the net outcome is positive. The math on Glasswing suggests they might be right. The FFmpeg bug ran past 5 million automated fuzzing iterations before Mythos caught it. That’s not a capability gap you can close with more headcount or bigger budgets. It’s an AI problem requiring an AI solution.
The organizations that start building their AI-augmented security workflows now — integrating frontier model capabilities into bug finding, incident response, and patch prioritization — are going to be materially better positioned than those waiting for the market to settle.
Our job at SideChannel is to help security leaders move from understanding that reality to actually acting on it. The Glasswing research is a starting point, not a finish line. Your security program needs to evolve alongside the capability it’s defending against.
The window is open. The question is whether you use it.
Brian Haugli is CEO of SideChannel, the largest vCISO firm in North America, and author of Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework (Wiley). SideChannel helps organizations build and operate security programs that match the actual threat environment.
