Project Glasswing: Anthropic's Mythos AI Finds 27-Year-Old OpenBSD Bug, But Patch Rate Below 1%
Anthropic's Project Glasswing, powered by the Mythos Preview model, discovered vulnerabilities across major OSes and browsers including a 27-year-old bug in OpenBSD, but fewer than 1% were patched, exposing a critical remediation gap.
Anthropic's Project Glasswing, powered by the Mythos Preview model, has demonstrated an unprecedented ability to discover software vulnerabilities, including a 27-year-old bug in OpenBSD, one of the world's most secure operating systems. The model chained four independent bugs into an exploit sequence that bypassed both browser renderer and OS sandboxing, built a 20-gadget ROP chain targeting FreeBSD's NFS server, and achieved a 72.4% success rate in Firefox JS shell exploitation. Claude Opus 4.6, Anthropic's previous frontier model, failed at autonomous exploit development almost entirely.
Mythos found vulnerabilities across every major operating system and browser, including bugs that had survived decades of human audits, aggressive fuzzing, and open-source scrutiny. The model performed local privilege escalation in Linux through race conditions and distributed its ROP chain across packets. Anthropic took the extraordinary step of postponing public release, instead giving access to Apple, Microsoft, Google, Amazon, and a coalition of others to find and patch bugs before adversaries can.
However, the most alarming statistic is that fewer than 1% of the vulnerabilities found by Mythos were patched. The most powerful vulnerability discovery engine ever built ran against the world's most critical software, and the ecosystem couldn't absorb the output. Glasswing solved the finding problem, but nobody solved the problem of fixing.
This structural issue has been circling the cybersecurity industry for years, but AI just made it impossible to ignore. Defenders operate on calendar speed, gathering intelligence, building campaigns, simulating threats, and mitigating over a cycle that takes about four days on a good day. Attackers, especially those now leveraging LLMs at every stage of their operation, are moving at machine speed.
Earlier this year, a threat actor deployed a custom MCP server hosting an LLM as part of their attack chain against FortiGate appliances. The AI handled automated backdoor creation, internal infrastructure mapping, autonomous vulnerability assessment, and AI-prioritized execution of offensive tools for domain admin access. The result was 2,516 organizations across 106 countries compromised in parallel, with the entire chain from initial access through credential dumping to data exfiltration being autonomous. The only human involvement was reviewing the results afterward.
Autonomous systems like AISLE discovered 13 out of 14 OpenSSL CVEs in recent coordinated releases, bugs that had survived years of human review. XBOW became the top-ranked hacker on HackerOne in 2025, surpassing all surpassing all human participants. The median time from disclosure to weaponized exploit dropped from 771 days in 2018 to single-digit hours by 2024, and by 2025 the majority of exploits will be weaponized before being publicly disclosed.
The instinct after Glasswing is to ask how to find more bugs, but that's the wrong question. The right one is: when thousands of exploitable vulnerabilities land on your desk tomorrow morning, can your program actually process them? For most organizations, the honest answer is no, and the reason isn't a lack of tools or talent but a structural dependency on periodic, human-initiated processes designed for a world where vulnerabilities trickled in, not one where they arrive in a tsunami.