Claude Mythos
Claude just introduced (07.04) Mythos Preview, a frontier LLM capable of autonomously discovering thousands of zero-day vulnerabilities, building multi-step exploit chains, and producing working exploits.
Among the findings was bug in OpenBSD (from 1999), FFmpeg (vuln from 2010) and browser exploit chains capable of escaping sandbox environments by combining multiple flaws.
The performance improvement is huge ➜ this marks a transition from AI-assisted work to autonomous offensive capability.
Project Glasswing
Anthropic also launched Project Glasswing, a closed consortium including major technology and security companies such as AWS, Google, Microsoft, Apple, CrowdStrike, Palo Alto Networks, Cisco, NVIDIA, JPMorgan Chase, and the Linux Foundation.
The goal is to apply these capabilities to protect critical infrastructure and stay ahead of potential misuse by adversaries. The initiative includes substantial investment in both infrastructure access and open-source security.
Access to the model remains restricted, and there is no public release timeline.
0-days as the New Baseline
A large percentage of vulnerabilities identified by Mythos were previously unknown. This challenges the assumption that mature, well-audited software is inherently secure.
➜ Any system may contain undiscovered vulnerabilities that can be identified faster than they can be patched.
Core Shift in Infosec Things
The traditional goal of preventing all intrusions is no longer realistic.
The new approach assumes that compromise will occur, and focuses on limiting impact and improving detection and response speed.
