Given the pace of AI progress, it won't be long before models this capable are w

Anthropic's announcement of Claude Mythos and the accompanying Project Glasswing cybersecurity initiative represents a significant milestone in applied AI capability, demonstrating that frontier language models have crossed a threshold where they can autonomously discover critical security vulnerabilities that human researchers missed for decades. Under Project Glasswing, Anthropic deployed Claude Mythos Preview against real-world critical infrastructure and open source codebases, with the model surfacing a 16-year-old vulnerability in ffmpeg and a 27-year-old bug in OpenBSD — two widely used, heavily scrutinized software projects with large professional security communities. To support the initiative, Anthropic committed up to $100 million in Mythos Preview credits to be distributed among partners and critical open source projects, framing the program explicitly as a defensive security effort ahead of inevitable adversarial use of similarly capable models. The decision not to make Mythos Preview generally available reflects the dual-use tension at the core of highly capable AI security tooling. Anthropic's public framing emphasizes the defensive value — identifying and patching vulnerabilities before bad actors exploit them — but the social media reaction reveals widespread awareness that the same capabilities that find a 16-year-old ffmpeg flaw could be weaponized to discover and exploit new ones. By running Mythos against critical infrastructure prior to broader release, Anthropic is attempting to front-run adversarial use cases, a strategic posture that several observers described as among the company's most prudent decisions to date. The restricted availability also signals internal confidence that Mythos represents a meaningful capability jump — one whose risks warrant controlled deployment even as benchmarks reportedly show it leading in coding tasks. The announcement arrived with an irony that did not go unnoticed in public commentary: within roughly two weeks of Anthropic touting Mythos's ability to find vulnerabilities others missed, an Anthropic packaging error exposed approximately 500,000 lines of Claude Code source via an npm sourcemap. The juxtaposition crystallized a broader tension in AI safety discourse — that organizations building the most capable defensive AI tools are themselves subject to the same operational security failures that plague the rest of the software industry. Critics noted the incident as a reminder that advanced AI capability and sound engineering process are distinct competencies, and that the former does not automatically confer the latter. Project Glasswing fits within a rapidly accelerating trend of AI systems being deployed not merely as coding assistants but as autonomous security researchers operating at scale and depth beyond human capacity. The discovery of decades-old vulnerabilities in mature, well-audited codebases suggests that AI models are now capable of exhaustive, non-fatiguing analysis across massive codebases in ways that fundamentally change the economics of vulnerability research. This has profound implications for the cybersecurity profession: as several commenters observed, the relevant competitive axis is shifting from individual human expertise toward the speed and adaptability of the systems those humans deploy and oversee. The framing also aligns with trajectories described in AI forecasting work circulating in adjacent communities, which anticipate models reaching and surpassing human-expert performance on technical domains in the near term. Anthropic's explicit acknowledgment that "AI will also be invaluable for defensive work" — paired with the practical deployment of Mythos under Project Glasswing — represents a maturing institutional posture in which safety-focused AI labs are actively operationalizing their safety rationale rather than limiting it to policy statements. Whether this model of proactive defensive deployment scales, and whether the patching of discovered vulnerabilities can outpace the diffusion of offensive capability to less scrupulous actors, remains the central open question. The broader AI development community is watching closely, and the success or failure of Project Glasswing's defensive mission will carry significant weight in ongoing debates about how and when frontier models should be deployed in high-stakes domains.