Anthropic Glasswing update shows Mythos finding 10,000+ zero‑days

Glasswing is one of the clearest demonstrations yet that frontier‑class models now materially change the economics of software security. Mythos Preview isn’t just “good at CTFs”; Anthropic reports that partner organizations like Cloudflare and Mozilla are seeing 10x jumps in vulnerability discovery rates, with thousands of high‑severity bugs uncovered across critical infrastructure, browsers and open‑source dependencies. In other words, mainstream production stacks are now legible to AI exploit engines in a way they simply weren’t a year ago.([anthropic.com](https://www.anthropic.com/research/glasswing-initial-update))

The uncomfortable twist is that discovery no longer looks like the bottleneck—patching and deployment do. Anthropic’s own data show only a small fraction of Mythos‑found vulnerabilities have been patched so far, despite a new Claude Security tool that helps generate fixes. That mirrors independent observations across the ecosystem: CVE counts are surging while remediation lags. In the near term, Mythos‑class models are asymmetric: they compress attacker costs faster than they compress defender friction.

For the AGI race, this is a double‑edged accelerant. It raises the pressure to harden the digital substrate we’ll be running increasingly powerful models on, while also proving that agentic systems can execute complex, high‑stakes workflows (red‑teaming, exploit development, coordinated disclosure) with comparatively light human supervision.