Anthropic just dropped something called Project Glasswing , and it’s honestly one of the more alarming/exciting AI announcements I’ve seen. They have an unreleased model called Claude Mythos Preview that they’re not making publicly available. Why? Because it’s too capable at finding and exploiting software vulnerabilities. Here’s what caught my attention: It found a 27-year-old vulnerability in OpenBSD (one of the most hardened OSes ever) that let an attacker remotely crash any machine just by connecting to it It found a 16-year-old bug in FFmpeg hiding in a line of code that automated tools had hit 5 million times without catching it It autonomously chained Linux kernel vulnerabilities together to escalate from regular user access to full machine control It scored 83.1% on CyberGym (vulnerability reproduction benchmark) vs 66.6% for Opus 4.6 On SWE-bench Verified (agentic coding), it hit 93.9% vs 80.8% for Opus 4.6 The coalition they pulled together is massive: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, NVIDIA, Palo Alto Networks, and the Linux Foundation. The model is being given to these partners + 40+ other orgs maintaining critical infrastructure. Anthropic is committing $100M in usage credits and donating $4M to open-source security organizations. The framing is: AI has crossed a threshold where it can find vulnerabilities better than almost any human. That capability will proliferate. So get it in the hands of defenders first before attackers have access to similar tools. The uncomfortable truth buried in the announcement: they’re basically admitting that models like this will eventually be available to everyone. The window to patch the world’s critical software is now. Source: https://www.anthropic.com/glasswing What do you think? Is this the right move, or does announcing this publicly make the situation worse? submitted by /u/Direct-Attention8597
Originally posted by u/Direct-Attention8597 on r/ClaudeCode