Project Glasswing Proved AI Can Find the Bugs. Who’s Going to Fix Them?
Project Glasswing Proved AI Can Find the Bugs. Who’s Going to Fix Them?
https://thehackernews.com/2026/04/project-glasswing-proved-ai-can-find.html
Publish Date: 2026-04-23 07:30:00
Source Domain: thehackernews.com
Last week, Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities that they took the extraordinary step of postponing its public release. Instead, the company has given access to Apple, Microsoft, Google, Amazon, and a coalition of others to find and patch bugs before adversaries can.
Mythos Preview, the model that led to Project Glasswing, found vulnerabilities across every major operating system and browser. Some of these bugs had survived decades of human audits, aggressive fuzzing, and open-source scrutiny. One had been sitting for 27 years in OpenBSD, generally considered to be one of the world’s most secure operating systems.
It’s tempting to file this under “AI lab says their AI is too dangerous,” the same playbook OpenAI ran with GPT-2.
Not so fast; there’s a material difference this time.
Mythos didn’t just find individual CVEs.
- It chained four independent bugs into an exploit sequence that bypassed both the browser renderer and the OS sandboxing
- It performed local privilege escalation in Linux through race conditions
- It built a 20-gadget ROP chain targeting FreeBSD’s NFS server, distributed across packets.
Claude Opus 4.6, Anthropic’s previous frontier model, failed at autonomous exploit development almost entirely.Mythos hit a 72.4% success rate in the Firefox JS shell.
This isn’t theoretical, nor some new three-to-five-year prediction. This is about to be a real-world engineering reality.
Why Project Glasswing Exposes the Real Cybersecurity Gap
Here’s the number that should keep security leaders awake at night: fewer than 1% of the vulnerabilities found by Mythos were patched.
Let that sink in for a moment.
The most powerful vulnerability discovery engine ever built ran against the world’s most critical software, and the ecosystem couldn’t absorb the output.
Glasswing solved the finding problem.
Nobody solved the problem of fixing.
