It’s been just over three weeks since Anthropic pulled the curtain on Claude Mythos Preview and the Project Glasswing consortium, and the conversation has finally moved past “is this real?” into “what do we actually do about it?” The first wave of coverage was about the model itself — codename Capybara, SWE-bench 93.9, the fully-autonomous discovery and exploitation of a 17-year-old FreeBSD remote code execution flaw, the 271 zero-days handed to Mozilla that shipped in Firefox 150. The second wave, which I think is more interesting, is about the gap Mythos has just opened between finding problems and fixing them.
I want to walk through where the discourse is sitting today, because I think the practitioner take is meaningfully different from the headline take.
What Anthropic actually shipped
Mythos Preview is not generally available, and at this point it’s clear Anthropic doesn’t intend to make it generally available on the original timeline. Instead, access is being routed through Project Glasswing — AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, plus another forty-odd organizations that maintain critical software. Anthropic has put up a hundred million dollars in model usage credits and another four million in donations to open-source security work to underwrite the program through its preview window.
The capability claim that anchors all of this: Mythos can take a codebase and a one-line prompt — essentially “find a security vulnerability in this program” — and return working exploits at a marginal cost reportedly under two thousand dollars per finding, in under twenty-four hours, without the kind of expert-in-the-loop scaffolding that earlier autonomous-vuln-discovery work needed. Anthropic’s red team report says it found thousands of high-severity issues across every major OS and every major browser. That’s the number that should make you stop and re-read the sentence.
The remediation side is where it gets uncomfortable
The Hacker News piece this week put the math plainly: discovery has accelerated by roughly an order of magnitude, but the organizational machinery for triage, prioritization, communication, and verified remediation has not. NVD logged over 42,000 CVEs in 2025. Even before Mythos, “patch everything” was already not a coherent strategy at most organizations. Mythos doesn’t change the patching model — it just exposes how thin it always was.
If you’re an enterprise security leader, the practical implication is that the bottleneck has moved. It used to be “we can’t find them fast enough.” Now it’s “we can find them faster than our SDLC can absorb the fixes, faster than our change-management process can ship them, and faster than our SREs can validate that the fix didn’t break a downstream service.” A backlog that grows faster than you can drain it is just a different kind of breach exposure, and one most risk registers don’t model well.
Bain’s analysis suggests cybersecurity budgets may need to roughly double to keep pace, against the ten-percent-per-year increases most boards have penciled in. I’m skeptical of any “you need to double the budget” claim on its face, but the underlying point — that the cost of acting on findings has been the silent constraint, not the cost of generating them — is right.
The asymmetry argument cuts both ways
Schneier’s framing is the one I keep coming back to. His position, roughly: capabilities of this kind are coming whether or not Anthropic releases this particular model, so giving defenders a head start through a controlled consortium is probably the least-bad option available. I think he’s right, but I’d add a wrinkle the optimist case usually skips. Project Glasswing is structurally a club. Forty organizations get the head start. The other million-and-change organizations that run software on top of those forty do not — they get the patches, eventually, on the platform vendors’ timelines, gated by their own ability to deploy them.
So the asymmetry doesn’t go away. It just changes shape. Inside the consortium, defenders are ahead. Outside it, the gap between “vulnerability is known to a frontier model somewhere” and “my organization can verify and remediate” widens. The CETaS analysis from Turing makes a related governance point: this is the first credible test of whether private-sector consortia can substitute for the public coordination infrastructure we don’t actually have.
What I think the non-Glasswing playbook looks like
For the other 99% of us, the work right now isn’t dramatic. It’s boring, and it’s about getting your remediation pipeline ready for an inbound wave you can already see forming.
The pieces I’d be auditing this week, in order: SBOM coverage for anything internet-facing — if you can’t enumerate components, you can’t tell which Glasswing-driven advisories actually apply to you. Patch-deployment SLAs by criticality tier — most orgs have these on paper but haven’t pressure-tested them under volume. Change-management throughput — the bottleneck is increasingly in CAB and validation, not in writing the patch. EDR and detection coverage on the assumption that attackers will get Mythos-class capability before you do, which the Forrester piece argues persuasively will happen on a months-not-years timeline. And tabletop the scenario where a Glasswing partner discloses a critical flaw in something you depend on and you have seventy-two hours, not ninety days, before working exploits are circulating.
None of that is novel security advice. The Mythos-shaped update is just that the volume and tempo assumptions baked into your existing program are probably wrong now.
What I’m watching
Three things over the next month. First, whether the July full-disclosure report from Anthropic actually lands on schedule — the credibility of the Glasswing model rests on it. Second, how the non-consortium open-source maintainers handle the inbound; the Linux Foundation is in the tent, but a long tail of single-maintainer projects underpins a lot of critical software, and “here are forty zero-days, please patch them” is a different kind of pressure than what most maintainers signed up for. Third, the first credible report of a Mythos-equivalent capability outside the consortium — open-weights or otherwise. The clock on that started ticking on April 7.
The honest summary: the model is real, the controlled release was probably the right call, and the operational debt most organizations have been carrying on their patching pipelines is about to come due. I’d rather have this conversation now than after the first big incident.
Sources
- Claude Mythos Preview — red.anthropic.com
- Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren’t Ready for the Remediation Side — The Hacker News
- On Anthropic’s Mythos Preview and Project Glasswing — Schneier on Security
- Claude Mythos: What Does Anthropic’s New Model Mean for the Future of Cybersecurity? — CETaS, Alan Turing Institute
- Project Glasswing: The 10 Consequences Nobody’s Writing About Yet — Forrester
Leave a Reply