Anthropic just dropped an AI model that fundamentally changes the vulnerability research landscape, and the implications are both exciting and unsettling. I came across a breakdown by Ed at Low Level that cuts through the hype to explain what Claude Mythos and Project Glasswing actually mean for the security industry.
The headline claim? Mythos Preview can identify and exploit zero-day vulnerabilities in every major operating system and every major web browser—many of them hiding in plain sight for 10, 20, or even 27 years.
The Capability Leap is Staggering
Let’s put some numbers on this. When testing against a known Firefox vulnerability, the performance difference across Claude’s model generations tells a story:
Claude Sonnet 4.6 achieved a 4.4% success rate at writing an exploit that could control a CPU register. Minimal control, no code execution—and this is already a model many security researchers use daily with tools like Ghidra MCP for reverse engineering.
Claude Opus 4.6 bumped that to 14.4%, with at least one run achieving a fully successful exploit.
Claude Mythos? A 72.4% success rate at writing successful exploits when given a vulnerability.
That’s not iterative improvement. That’s a phase change.
But the raw exploit-writing capability isn’t even the scariest part. What makes Mythos genuinely unprecedented is that it doesn’t just write exploits—it finds the vulnerabilities in the first place.
Not Your Father’s Stack Smasher
The security community has been dealing with memory corruption bugs since the 1990s. Anyone with Ghidra can drop a binary into the tool and find a bad strcpy or memcpy. Those days of low-hanging fruit have been well-picked.
What Mythos demonstrates is the ability to find and chain sophisticated vulnerability classes that typically require deep specialization:
- Use-after-free vulnerabilities
- Time-of-check, time-of-use race conditions
- Complex heap spray exploitation
In documented testing, Mythos wrote a just-in-time heap spray that escaped both renderer and OS sandboxes—presumably in Chrome or Firefox. It autonomously obtained a local privilege escalation on Linux by exploiting race conditions and kernel ASLR bypasses. It wrote a remote code execution exploit on FreeBSD’s NFS server that chained across 20 packets to achieve root access.
Perhaps most impressively, it found a vulnerability in a production memory-safe Virtual Machine Monitor written in Rust. Memory-safe languages reduce attack surface, but they can’t eliminate it entirely—VMMs and hypervisors must eventually interact with hardware using raw memory pointers through unsafe blocks. Mythos found that boundary and triggered a denial of service.
The Talent Density Problem
Here’s the insight that reframes what AI capability means for security research. As Ed puts it, the traditional barrier wasn’t technological—it was about talent density.
Security research requires knowing multiple specialized domains simultaneously. To find a browser vulnerability, you need to understand:
- How memory corruption works
- What code patterns lead to exploitable conditions
- How browsers actually process and render content
- Where user-controlled data enters the system
The problem? People who spend years mastering security research often don’t deeply understand browser internals. People who understand browsers inside-out rarely have the exploitation background. The intersection of those skill sets is vanishingly small.
This is why the most critical vulnerabilities often live in codebases that sit at the intersection of multiple specialties. Consider FFmpeg’s H.264 parser—Mythos found a 16-year-old vulnerability there. To find that as a human, you’d need to understand memory corruption patterns, video codec structure, frame segmentation, and how all those pieces interact. That’s a unicorn skillset.
AI models change the equation entirely. A single researcher with the right model can effectively multiply their capability across domains they’ve never personally mastered.
What Happens When One Person Acts Like a Hundred?
Here’s the question that should keep defenders up at night: What happens when a single individual with a security mindset and a few hundred dollars in API credits can spin up multiple model instances conducting sophisticated vulnerability research simultaneously?
That’s the current state of AI-empowered vulnerability research. The traditional bottleneck of finding people who know both security fundamentals and target-specific architecture details just… evaporates.
This doesn’t mean every codebase is suddenly vulnerable. The most heavily audited software—Windows default configurations, Apache, nginx—have been picked over by the world’s best researchers for decades. Those codebases are probably safe not because they’re inherently more secure, but because they’ve already received more scrutiny than any AI model can add.
The real risk lives elsewhere: esoteric software running critical infrastructure, power grids, water treatment facilities. Code that’s critical but not sexy enough to attract top-tier security research. And perhaps most concerning: high-churn codebases that keep growing.
Chrome and Firefox constantly evolve to keep pace with the ever-expanding JavaScript and WebAssembly specs. As codebases grow and change, so does attack surface. The probability of exploitation is directly proportional to code size and churn rate.
Project Glasswing: The Walled Garden Approach
Enter Project Glasswing—Anthropic’s program to collaborate with the companies whose software underpins modern infrastructure: Cisco, NVIDIA, Microsoft, Palo Alto Networks, Broadcom (including VMware). These organizations control your network stack, GPU stack, operating systems, security appliances, basebands, Wi-Fi controllers, and virtualization layers.
The logic is straightforward: these companies need to get security right. Any tool that helps them find vulnerabilities before attackers do benefits everyone.
But here’s where things get contentious. Anthropic has explicitly stated they will not make Claude Mythos Preview generally available. Their goal is eventually enabling “users to safely deploy Mythos-class models at scale for cyber security purposes”—but that day isn’t today.
The Asymmetry Problem
Why the restriction? Because offense and defense aren’t symmetrical.
Defenders have to be right 100% of the time. Attackers only have to be right once.
If Mythos went public, both attackers and defenders would have access. In theory, that’s fair. In practice, attackers would win more encounters than defenders because finding and exploiting a single vulnerability is easier than finding and patching all possible vulnerabilities.
This creates an uncomfortable new reality: we’re entering an era where only certain organizations have access to this tier of capability. The ability to find remote code execution vulnerabilities at scale becomes something only major tech companies and their AI partners can do.
Is that better than everyone having access? Probably. Is it ideal? That’s a harder question.
The Trenches Period
The optimistic long-term view is that software actually gets more secure. AI models in the right hands will find and fix vulnerabilities faster than ever before. Combined with the ongoing migration to memory-safe languages like Rust, the attack surface should shrink over time.
But between now and that secure future lies what might be called the “trenches period”—the transition phase where:
- Attackers are gaining access to increasingly powerful research tools
- Codebases haven’t been hardened yet
- The bugs haven’t been found and patched
This is the World War I stalemate of cybersecurity. Everyone getting hacked constantly while the ecosystem catches up.
What This Means For You
If you’re in security, the practical takeaway is that the barrier to entry for vulnerability research just collapsed. You don’t need to be a specialist in video codecs to find bugs in FFmpeg anymore. You don’t need to understand browser internals to find browser vulnerabilities. You need security fundamentals—understanding trust boundaries, memory corruption patterns, threat modeling—and access to the right models.
If you’re building software, the calculus around code complexity just shifted. Every line of code is potential attack surface, and the cost of finding exploitable vulnerabilities in that code just dropped dramatically. Security debt that was previously “too expensive to find” may not stay hidden much longer.
If you’re neither, understand that we’re watching a fundamental capability shift in real-time. The ability to find zero-day vulnerabilities is becoming commoditized. What was once the province of nation-states and elite researchers is moving toward anyone with API access and basic security knowledge.
The question isn’t whether AI changes security research. That’s already happened. The question is whether defenders can leverage these tools faster than attackers—and whether the organizations controlling the most powerful models can responsibly distribute that capability before the asymmetry becomes catastrophic.
The trenches await. How long we stay in them depends on choices being made right now.