Frontier models are now autonomous vulnerability hunters. Prepare for it.

Anthropic is openly disclosing that a frontier code-generation model—Claude Mythos Preview—is not just good at writing code, but is also unexpectedly capable at finding, chaining, and exploiting low-level vulnerabilities in critical open-source infrastructure. This is a live defensive operation, not a theoretical paper. The team used the model to scan core operating system code, yielding real, previously unknown bugs in OpenBSD (a 27-year-old kernel bug) and Linux (local privilege escalations). They then coordinated responsible disclosure with maintainers and offered the capability to US government partners under Project Glasswing.

The core tension is this: a model trained purely for code generation became effective at offensive cyber work as a side effect. That is a warning about emergent capabilities in general-purpose code models. The team is not releasing the model broadly, opting instead for a controlled gated-access approach with critical infrastructure maintainers. That’s an unusual and pragmatic middle ground—they accept the risk of misuse but try to get ahead of adversaries.

For engineering leaders, the immediate lesson is not about AI-powered SAST tools. It's that frontier models are starting to act like autonomous security researchers who can think across multiple component boundaries, chaining low-severity issues into end-to-end exploits. That changes the cost equation for both defenders and attackers. The threat surface shifts from “patch known CVEs” to “assume a model can discover and chain zero-days in your supply chain.”

The program also signals a geopolitical dimension: Anthropic is actively coordinating with US government officials. If you depend on open-source infrastructure (Linux, BSD-derived systems, core internet services), this is a rare chance to understand what proactive AI-driven defense looks like in practice. But the video is light on details about Glasswing’s operational model—who gets access, how findings are validated, what false-positive rates look like, or how the model handles languages beyond C. The real test will be whether the program scales beyond a few hand-picked partners and whether the coordination model survives adversarial attention.