LIVE THREATS
HIGH On Anthropic’s Mythos Preview and Project Glasswing // MEDIUM Artemis Emerges From Stealth With $70 Million in Funding // HIGH OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident // HIGH Old Vulnerabilities get a new life, all thanks to AI! // CRITICAL Cursor AI Vulnerability Exposed Developer Devices // HIGH Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments // MEDIUM OpenAI Widens Access to Cybersecurity Model After Anthropic’s Mythos Reveal // MEDIUM Human Trust of AI Agents // MEDIUM Frontier AI for Defenders: CrowdStrike and OpenAI TAC // MEDIUM Deterministic + Agentic AI: The Architecture Exposure Validation Requires //
ATLAS OWASP HIGH Significant risk · Prioritise patching LLM Security Agentic AI Research Industry News RELEVANCE ▲ 8.5

On Anthropic’s Mythos Preview and Project Glasswing

SOURCE Schneier on Security ↗
TL;DR HIGH
  • What happened: Claude Mythos Preview demonstrates autonomous LLM exploit generation, narrowing defender advantage in vulnerability discovery.
  • Who's at risk: Software vendors and infrastructure operators facing imminent threat of commoditised zero-day exploits from advanced LLM capabilities.
  • Act now: Accelerate vulnerability patching cycles before public LLM release · Invest in automated exploit detection and containment systems · Participate in controlled LLM security programmes like Project Glasswing
0x4F0x3A0xFF0x0D0x7B0xC20xA10x550x0D0x7B0xC20xA10x550xE80x120x9F0xA10x550xE80x120x9F0xD40x2E0x880x120x9F0xD40x2E0x880x610xB30x4F0x2E0x880x610xB30x4F0x3A0xFF0x0D0xB30x4F0x3A0xFF0x0D0x7B0xC20xA10xFF0x0D0x7B0xC20xA10x550xE80x12LLM SECURITYSchneier on SecurityHIGHOn Anthropic’s Mythos Preview and ProjectGlasswing

Overview

Bruce Schneier’s April 2026 commentary examines Anthropic’s controlled release of Claude Mythos Preview and the associated Project Glasswing — a proactive programme in which the model is deployed internally to scan public-domain and proprietary software for vulnerabilities, with the intent of patching them before the model reaches general availability. Anthropic’s decision to withhold the model from public release, citing its advanced cyberattack capabilities, has drawn significant industry attention and prompted rival OpenAI to make similar claims about its own latest model. Schneier frames the announcement as partly a PR exercise, but does not dismiss the underlying technical reality: these models represent a qualitative step forward in autonomous offensive capability.

Technical Analysis

Several capability advances are highlighted that distinguish this generation of models from predecessors:

  • Autonomous exploit operationalisation: The models can move from vulnerability identification to working exploit code without human involvement, removing a historically significant barrier for lower-skilled attackers.
  • Complex vulnerability chaining: Models can identify and chain multiple memory corruption bugs — a task that previously required expert-level knowledge and manual effort.
  • One-shot prompting: Advanced cyberattack tasks can now be completed with minimal prompt engineering, eliminating the need for complex agent orchestration frameworks.

Importantly, security firm Aisle was reportedly able to replicate some of Mythos’s vulnerability findings using older, cheaper, publicly available models — though with a critical caveat noted in comments: smaller models required hints about where to look and frequently hallucinated vulnerabilities in patched code, suggesting the replication is noisier and less reliable than it first appears.

Schneier draws a key distinction: finding a vulnerability for the purpose of patching is currently easier for AI than finding plus reliably exploiting. This asymmetry provides defenders a temporary advantage, but one expected to erode as model capabilities continue to improve.

Framework Mapping

  • AML.T0047 (ML-Enabled Product or Service): Mythos and comparable models are being used as offensive security tools, whether by defenders (Project Glasswing) or potential adversaries.
  • AML.T0044 (Full ML Model Access): Concern centres on what happens when highly capable models become publicly accessible, granting full offensive utility to a broad attacker population.
  • AML.T0040 (ML Model Inference API Access): Even API-gated access to such models could enable scaled vulnerability discovery campaigns.
  • LLM08 (Excessive Agency): Autonomous exploit generation without human-in-the-loop controls exemplifies excessive agency risk at scale.
  • LLM09 (Overreliance): Defenders relying on AI-assisted patching programmes may develop blind spots if models hallucinate false positives or miss novel vulnerability classes.

Impact Assessment

The affected population is effectively the entire software ecosystem. Organisations running legacy software, open-source projects with limited maintainer bandwidth, and critical infrastructure operators face the greatest near-term risk. The commoditisation of zero-day discovery would disproportionately empower mid-tier threat actors — criminal groups and hacktivist organisations that currently lack the expertise to discover complex vulnerabilities independently.

Mitigation & Recommendations

  1. Accelerate patch cadence: Assume AI-assisted vulnerability discovery by adversaries is already occurring; treat unpatched software as actively targeted.
  2. Adopt memory-safe languages: Reduce the attack surface for memory corruption chaining, which is explicitly cited as an AI-exploitable vulnerability class.
  3. Invest in AI-assisted defence now: Defender-side AI tooling (e.g., Project Glasswing-style scanning) should be deployed before adversarial capability parity is reached.
  4. Do not overrely on AI patching: Validate AI-generated vulnerability reports and patches rigorously; hallucinated vulnerabilities waste resources and may introduce new weaknesses.
  5. Monitor model release timelines: Track public availability of frontier models as a proxy for shifts in the threat landscape.

References