Anthropic announced Project Glasswing last week, alongside a preview of Claude Mythos, a frontier model built for autonomous cybersecurity research. The claims are big: thousands of high-severity vulnerabilities uncovered in major operating systems and browsers, performance that rivals all but the most skilled human researchers, partnerships with AWS, Apple, Google, Microsoft, CrowdStrike, and others backed by up to $100M in credits. There’s been healthy debate about how much of this holds up under scrutiny. That’s fair. But even if you discount the specifics, the direction matters.
Novelty
If Mythos Preview does what Anthropic says it does, the first thing worth paying attention to is discovery. Using LLMs to surface zero-days sitting in mature, decades-old codebases, undetected by traditional tooling and invisible to the maintainers of those projects. These aren’t fresh bugs in new code. They’re vulnerabilities that scanners have been running over for years without flagging. Whether they were truly unknown to everyone is a different question, and I’ll come back to that.
Then there’s the false positive problem, which anyone who’s worked with traditional scanners knows intimately. The signal-to-noise ratio in most vulnerability scanning is terrible. Security teams spend enormous time triaging findings that turn out to be irrelevant. LLM-powered research can reduce that noise and surface findings that actually matter, and that changes the daily reality for security practitioners in a very practical way.
The piece that really shifts things is autonomous exploitability. Not just finding a vulnerability, but proving it’s reachable and weaponizable without a human in the loop. A vulnerability that isn’t exploitable is a low-priority backlog item. One that is? Completely different risk profile. Collapsing the gap between “found a CVE” and “here’s a working exploit” is where the real change happens. To be clear, this doesn’t remove humans from the equation. It automates the proving step. The volume of real findings that need to be triaged, prioritized, and remediated still lands on people.
Deployment
Whether or not every claim checks out, Anthropic deserves credit for how they’re handling this. They’ve said they won’t make Mythos Preview generally available yet, citing the need for safeguards against dangerous outputs. Responsible disclosure, staged deployment, major partnerships rather than dropping capabilities into the open. That’s the right posture.
There’s a tension here worth naming: the responsible thing to do is restrict access, and the consequence of restricting access is that most organizations are left without it. Both of those things are true at the same time. We’re entering a period where capabilities like these will be deployed asymmetrically. Anthropic has this. A few other frontier labs are building similar things. And then there’s everyone else — the overwhelming majority of companies shipping code daily with no access to anything like autonomous security research. That gap is where risk concentrates, and it’s not Anthropic’s fault for being careful. It’s just the reality of where we are. The long-term direction is promising, but the long-term direction doesn’t protect you today.
Information Asymmetry
Many of these vulnerabilities were likely not unknown to everyone. Sophisticated state actors have had decades to find weaknesses in these same critical systems, and they don’t publish blog posts or coordinate disclosure timelines when they do. They find zero-days and sit on them. What was missing was visibility for the other side: the maintainers, the defenders, the general public. What Glasswing represents is the possibility of closing that information gap. Not discovering something entirely new to the world, but giving defenders access to what was previously only accessible to the most resourced attackers.
You can’t sit around hoping frontier labs will eventually productize this and make it available through some API. The long-term trajectory for defender tooling is good, and I’ll get to that. But there’s a gap between now and then, and the threat landscape won’t wait for the tooling to catch up. Organizations need to be proactive during that window. Invest in LLM-powered security tooling. Build relationships with vendors pushing on autonomous vulnerability research. Make security a procurement priority rather than an afterthought.
Attack Surfaces
The asymmetry problem is compounding, because attack surfaces are expanding from a direction most security teams aren’t watching closely enough.
Sales teams are deploying AI agents that touch customer data. Marketing is building custom automations. Product teams are shipping AI features faster than anyone would have predicted two years ago. Go-to-market teams are spinning up internal tools over a weekend. Everyone from RevOps to customer success is writing or commissioning software, often with zero security review in the pipeline. Even developers don’t always understand their impact on security.
Every one of those deployments is a new attack surface. Every agent with API access, every quick integration, every internal tool. They all widen the perimeter. The people building them aren’t thinking about downstream security implications, because that’s never been their job. But that’s an organizational problem, not an excuse. If your teams are deploying software without security review, that’s a choice your organization is making, whether you realize it or not. And it’s not just existing surfaces growing. Entirely new categories of attack vectors are being created that we haven’t fully mapped yet. MCP integrations, agentic workflows with tool access, AI systems that can be prompt-injected into taking unauthorized actions. These didn’t exist two years ago.
Security Talent
I think security is going to be the hottest job in tech. Look at the last couple of weeks. Cybersecurity moved from back-office cost center to front-page news that moves markets. Security researchers are getting the kind of attention that used to be reserved for AI researchers. I don’t think that’s a blip. As AI capabilities grow, the demand for people who understand how to secure systems against them will only increase.
And counterintuitively, I think better AI tooling for security will increase the demand for security talent, not decrease it. Autonomous exploitability automates the proving step, but it doesn’t automate the response. More real findings surfaced faster means more triage, more remediation, more architectural decisions that need human judgment. The bottleneck shifts from “can we find the bugs” to “can we fix them fast enough.” When you make something more efficient, you tend to get more of it, not less.
Short term: appreciate your security engineers. They’re in a moment where the ground is shifting under them. New tools, new attack surfaces, new threat models, and they’re expected to keep up with all of it at once.
Long Term
I’m optimistic about where this goes, not because the current moment is comfortable, but because of where the trajectory leads. As more models develop real cybersecurity capabilities — and they will, because every major lab is investing here — the tooling available to defenders gets better. This is the world where independent security platforms flourish. Organizations will need systems that continuously deploy the latest models to review their code, test their infrastructure, and catch what internal teams miss. Not everyone will build their own Mythos in-house. Most will need partners who can bring that capability to them.
The same autonomous capabilities that can find zero-days can be pointed at your own codebase, your own infrastructure, your own CI/CD pipeline. What makes systems like Mythos Preview potentially powerful for offense also makes them invaluable for defense. Defenders have at least one structural advantage: they know their own systems, they have legitimate access, and they can run these tools continuously. Attackers only need to find one hole. Defenders need to cover the whole surface. That asymmetry has always existed, and I don’t think Mythos fundamentally disrupts it further in favor of attackers. If anything, defenders who can run these tools continuously across their own systems are better positioned to close holes before someone finds them.
Even with the caveats around what Mythos Preview has demonstrated so far, this direction makes it meaningfully easier for defenders to find and fix the unknown unknowns before someone else does.
Where This Goes
The asymmetry window between now and widely available defender tooling is real, and we’re in it. The long-term trajectory points toward a more defensible world. But the trajectory doesn’t help you if you don’t act during the gap.