THE Hacker News reports that Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities that its public release was postponed and access was given to Apple, Microsoft, Google, Amazon, and others to find and patch bugs before adversaries can. The Mythos Preview, which underpins Glasswing, reportedly found vulnerabilities across every major operating system and browser, including one that had been sitting for 27 years in OpenBSD.
It is described as capable of chaining four independent bugs into an exploit sequence and achieving a 72.4% success rate in the Firefox JS shell, with autonomous exploit development markedly different from earlier AI attempts. The piece notes a stark gap between finding and patching, highlighting that fewer than 1% of Mythos-found vulnerabilities were patched, raising concerns about defenders’ ability to absorb AI discoveries.
It also cites a real-world example in which a threat actor deployed an MCP server hosting an LLM to automate backdoor creation, mapping, vulnerability assessment, and execution, compromising 2,516 organisations across 106 countries in parallel, with human review only afterwards.