This week, Anthropic unveiled Project Glasswing and a new frontier model called Claude Mythos Preview, and I haven’t been able to stop thinking about it.
On the plus side, this is exactly the kind of thing many of us have hoped AI would become exceptionally good at. Anthropic says Mythos has already found thousands of high-severity vulnerabilities, including issues in major operating systems, browsers, and widely used open source components. Some of those bugs had apparently survived years — or even decades — of human review and automated testing.
That’s a pretty incredible thing to contemplate.
If a model like Mythos can reliably uncover dangerous flaws that have been hiding in plain sight, the upside is enormous. We could dramatically improve the security of critical software infrastructure. We could scan ancient, poorly understood systems that nobody really wants to touch. We could bake this capability directly into CI/CD workflows and prevent serious issues from ever making it to production. In the best case, AI doesn’t just help us write software faster — it helps us write software that is fundamentally safer.
I’m genuinely excited by that possibility.
But… cybersecurity may be the clearest example yet of AI as a dual-use technology.
The same capability that helps defenders find and fix vulnerabilities could also help attackers find and exploit them. Anthropic clearly understands that, which is why Mythos is not being broadly released. Instead, access is being tightly controlled through Glasswing. As CNBC reported, Anthropic said there was “a lot of internal deliberation” about the rollout and that this is intended to give defenders a head start.
That idea — giving defenders a head start — may be one of the most important AI strategies we’ll see over the next few years.
A lot of the AI conversation has centered on productivity: faster coding, better writing, cheaper support, more efficient workflows. All of that matters. But Mythos points to something even bigger: the race between defensive and offensive capability compression. If AI dramatically reduces the time required to discover vulnerabilities, defenders will need to reduce the time required to assess, patch, test, and deploy fixes just as aggressively.
And that’s where the really uncomfortable question shows up.
We already have a broadly understood process for responsible disclosure. A researcher privately reports a bug, the maintainer works on a patch, and then details are eventually disclosed publicly. It’s not perfect, but it works well enough. The problem is that the process assumes vulnerability discovery happens at a human pace.
What happens when it doesn’t?
What happens when frontier models begin surfacing vulnerabilities across the open source ecosystem faster than maintainers, vendors, and enterprise IT teams can realistically respond? It’s one thing to tell a business they need to urgently patch one critical library. It’s another thing entirely to tell them they now need to evaluate and upgrade hundreds or even thousands of dependencies because AI has suddenly exposed a backlog of latent risk that’s been quietly accumulating for years.
That’s not just a security problem. It’s a systems problem.
It affects software vendors, enterprise architecture teams, compliance functions, regulators, insurers, and every organization still running a tower of fragile legacy systems held together by maintenance windows and good intentions. The bottleneck may no longer be finding bugs. The bottleneck may become absorbing the operational shockwave of finding too many bugs at once.
There’s another angle here that I think deserves more attention: if AI becomes extraordinarily good at vulnerability discovery, then software quality and patchability matter even more than they already do. Organizations with modern deployment pipelines, clean dependency management, strong observability, and disciplined release practices will be able to respond. Organizations with brittle systems, manual deployments, and years of accumulated technical debt may find themselves in a very bad position very quickly.
In other words, AI-native cybersecurity may widen the gap between the prepared and the unprepared.
Still, I remain optimistic. Anthropic’s framing is the right one. In Glasswing, they write that “the same capabilities that make AI models dangerous in the wrong hands make them invaluable for finding and fixing flaws in important software.” I think that’s exactly right. These capabilities are coming either way.
The real question is whether defenders, software maintainers, and enterprises can adapt fast enough to use them responsibly before adversaries get comparable tools.
Mythos could help create a meaningfully more secure world.
It may also force us to confront just how insecure the current one really is.
