AICronis
Back to Podcast Digest
Anthropic··5m

An initiative to secure the world's software | Project Glasswing

Watch on YouTube →

TL;DR

  • Anthropic says frontier coding models are now meaningfully dangerous in cyber — Claude Mythos Preview wasn’t trained specifically for security, but its stronger coding ability made it “by and large as good as a professional human” at finding bugs and chaining multiple flaws into real exploits.

  • The biggest leap isn’t just bug-finding, it’s autonomous exploit building — the team says the model can combine 3-5 individually limited vulnerabilities into sophisticated attack paths, the kind of long-range work a human security researcher might spend an entire day pursuing.

  • Anthropic is not broadly releasing this model and is instead launching Project Glasswing — the idea is to give trusted defenders at organizations maintaining critical software an early head start, so protective use of these capabilities arrives before wide misuse does.

  • The early results are not theoretical — using the model on major open-source systems, Anthropic says it found an OpenBSD bug that had existed for 27 years and Linux privilege-escalation flaws that could let a user with no permissions become an administrator.

  • The pitch is that AI security is now collective infrastructure work, not a side project — Anthropic says it has already coordinated disclosures with software maintainers and spoken with U.S. government officials, framing cybersecurity as “the security of our society.”

The Breakdown

Why ordinary people ignore bugs until one becomes everyone’s problem

The video opens with a simple point: most users never think about software bugs unless something goes very wrong. The speaker zooms in on the scary class of vulnerabilities that land in shared software and then cascade across “many, many, many” products and websites, turning one flaw into a global problem.

Coding progress is spilling directly into cyber capability

Anthropic says the same model progress that enables strong code generation also boosts offensive and defensive security work. Claude Mythos Preview, they say, represents a notable jump on that capability curve: it wasn’t trained to do cyber specifically, but being better at code made it significantly better at finding vulnerabilities anyway.

The alarming part: it thinks like a security researcher for long stretches

The key claim is that the model is not just spotting isolated bugs; it can chain multiple weaknesses together into actual exploits. Anthropic describes it as unusually autonomous and good at long-range tasks, meaning it can pursue the kind of multi-step reasoning a human researcher would work through over the course of a full day.

Why Anthropic is keeping the model tightly held

Because those capabilities could clearly be misused, the company says it will not release Claude Mythos Preview widely. Instead, it is launching Project Glasswing, a program to put the model in the hands of organizations responsible for critical code so defenders get an early lead before these kinds of models become more common across the industry.

The demo wasn’t abstract — they went straight for core infrastructure

Anthropic says it pointed the model at open-source code, starting with operating systems because that software underpins the internet itself. The standout example is an OpenBSD vulnerability that had apparently been sitting there for 27 years and could let someone crash any OpenBSD server with just a couple pieces of data.

Linux bugs, patched disclosures, and a researcher’s stunned reaction

The team also reports finding Linux privilege-escalation flaws where a user with no permissions could become administrator by running a binary locally. One researcher sums up the pace with a very human line: “I found more bugs in the last couple of weeks than I found in the rest of my life combined,” and Anthropic says maintainers were notified and patches were deployed.

From bug hunting to a broader public-interest argument

The closing message widens from tools to society: software now mediates everything from customer data to financial transactions to critical infrastructure. Anthropic says it has spoken with U.S. government officials and argues that no single organization can solve this alone — Glasswing is framed not as a quick campaign, but as months or years of coordinated defensive work.