Anthropic’s Mythos is Here: Defending from the Vulnpocalypse

I don't really know who coined it, but for the past six months or so we've been tossing around the term "Vulnpocalypse." We use it to describe the inflection point where LLMs are able to discover zero day vulnerabilities, and create zero day exploits, faster than we can patch. It's the core asymmetry that drove me to write my Core Collapse blog post.

Our very own CISO in Residence (and CEO of Knostic), Gadi Evron, was one of the first to change my thinking about this based on a LinkedIn post (covered in Security Boulevard by Alan Shimel). The concept was also mentioned prolifically at the [un]prompted AI security conference.

And today, it's here, thanks to two announcements by Anthropic.

The first is Mythos Preview: a non-public frontier model with a massive improvement in its ability to find and exploit software vulnerabilities. The second is Project Glasswing, Anthropic's program for getting that capability into the hands of critical industry partners and open source maintainers before equivalent capabilities show up elsewhere.

This is exactly the moment I described in Core Collapse. The math hasn't changed, but the timer just started. Some folks are already calling this the beginning of the Vulnpocalypse. It's a term I should hate; it's the kind of hyperbole I generally despise, but this time I suspect the superlatives are warranted. Don't panic, but don't sit still. Mythos exists, and through Glasswing Anthropic is leveraging it to make us all safer, but we can't just sit and wait. We have a window, and there is real work we can start doing today.

 

What is Mythos?

Mythos Preview is a non-public Anthropic model with dramatically improved capabilities for discovering and exploiting software vulnerabilities. In Anthropic's own testing it found and exploited zero-days in every major operating system and every major web browser it was pointed at, including a 27-year-old bug in OpenBSD (an operating system specifically known for its security engineering). Many of the bugs it found were 10 or 20 years old. This isn't a marginal improvement, it's in a different league.

 

Why did Anthropic build a hacking machine?

They didn't, at least not on purpose. These are emergent properties from teaching models to code well and code securely. You can't build a model that's genuinely good at writing and reviewing software without it also getting good at understanding how software breaks. If I teach you how to build a lock, you'll learn how to pick a lock. Credit to Anthropic for recognizing the implications early, being transparent about them, and working with competitors and partners to address the fallout. That's not how this industry always behaves, and it matters.

 

How bad is it, really?

Bad enough to take very seriously, not bad enough to panic. A few data points from Anthropic's writeup:

• Anthropic engineers with no formal security training asked Mythos Preview to find remote code execution bugs overnight and woke up to working exploits.
• On the same Firefox 147 JavaScript engine benchmark where Opus 4.6 produced a working exploit twice out of several hundred attempts, Mythos Preview produced 181 working exploits and achieved register control on 29 more.
• Researchers have built scaffolds that turn vulnerabilities into exploits with no human in the loop.

This is what Core Collapse predicted: a capability that was previously gated behind years of specialized expertise is now a wide enabler, across skill levels. That's the part that changes the math.

 

Can't someone just use the stolen Anthropic code and run this themselves?

No. Not at all. That isn't how ANY of this works. Frontier models like Mythos don't run on a laptop, they run on massive, purpose-built infrastructure with dedicated neural networks and enormous compute capacity. The code that was stolen earlier was for Claude Code, which is a client that talks to the models. You can have every line of that client and still be nowhere near running Mythos yourself. That's also why Anthropic can tightly control who uses Mythos, monitor how it's used, and throttle or cut off abuse. It's exactly that control that makes Glasswing possible.

That said, Mythos is a wake up call. We should absolutely assume nation-states will eventually build equivalently capable models, and that some fraction of these capabilities will make their way into open-weight models over time. Glasswing buys us time. It does not buy us forever.

 

What is Glasswing?

Glasswing is Anthropic's program for releasing Mythos Preview in a controlled way to a limited set of critical industry partners and open source maintainers with the explicit goal of letting defenders harden the most important systems before equivalent models are broadly available. The thesis is that in the long run, powerful language models benefit defenders more than attackers, because fixing bugs scales better than exploiting them. I think they're right about the endgame. The question is what happens in the transitional period.

 

So what's the catch?

The catch is that "fix the code" and "fix the problem" are not the same thing. Anthropic's framing assumes that if we can patch the bugs, we've solved it. Anyone who has actually tried to get an enterprise to deploy a critical patch across its estate knows better. You could fix every open source project on GitHub today, harden every major operating system, and still leave tens of thousands of organizations exposed, because they can't patch fast enough, can't patch at all, or don't even know what they're running.

And that's before we get to the long tail: decades of custom enterprise code, legions of unpatchable consumer devices, home routers nobody will ever touch again, and OT environments that are already a disaster on a good day. This is where the Vulnpocalypse actually lives. Not in the code on GitHub. In the deployment gap.

 

Is this really a Y2K-level moment?

Yes! And I don't say that lightly. Y2K was handled because we treated it as a systemic problem with a hard deadline and put national-level resources behind it. We need to be thinking the same way here with nation-level resiliency, coordinated hardening of critical infrastructure, and systemic advancements in software supply chain and patch management. Leaving every organization to fend for itself is not a plan. However, we also can't wait for governments to help; this will move too quickly, and governments… have a lot going on these days.

 

Is there any good news?

Quite a bit, actually. Buried in the Mythos Preview writeup is one of the most important findings for defenders: Mythos Preview identified a number of Linux kernel vulnerabilities, buffer overflows, use-after-frees, double-frees, many remotely triggerable. And after several thousand scans, it could not successfully exploit a single one of them remotely. Where it succeeded was in local privilege escalation, against a weaker boundary.

Read that again. Defense in depth held. The Linux kernel's mitigations, the boring, unsexy work of years of hardening, turned "exploitable vulnerability" into "unexploitable vulnerability" even against a model that was explicitly trying. This is the path forward. Hardening works. Boundaries work. The exploit-finding floor is dropping, but the cost of turning a bug into a working attack is still a function of how much defensive engineering sits between the bug and the asset.

 

What can I do today?

A lot, actually. These are starting points, not a finished program. We will publish more research over time with more detailed recommendations, but here's where I'd focus right now. (I’m not pretending these are easy! All of this is hard at scale, but I don’t see other options.)

• Know what you actually run. You can’t ride the Glasswing patch wave if you can't answer "what versions of what software are running where, and who owns them?" Adopt inventory tooling that stays current with your running technologies instead of snapshotting them once a quarter.
• Get serious about SBOMs. Use your dependency management tools to generate and maintain real software bills of materials. If you don't know what's inside your code, you can't fix it when Mythos-class findings start landing upstream.
• Move to stronger dependency management. Pin versions, track provenance, and get rid of the dark corners where an unreviewed library quietly became load-bearing.
• Prepare your CI/CD pipelines for AI security assessment agents. Mythos-class tools will show up as integrations into the build pipeline, not as a separate scanner you run quarterly. If your pipelines can't host an agentic security step today, start there.
• Shrink your patch cycle. Measure your current velocity for critical vulnerabilities, honestly, and work on shrinking it. Remember this covers all your COTS software and traditional vuln management. It isn’t all covered in CI/CD.
• Migrate workloads to cloud where it makes sense. Cloud environments are more defined and deterministic than most datacenters, which makes them dramatically easier to inventory, patch, and rebuild. That's a defensive advantage, not just an ops one.
• Return to deep segmentation and isolation. Assume exploitation is going to get cheaper for everything you can't patch. Segment aggressively, minimize blast radius, and treat every boundary as load-bearing.
• Extend Zero Trust into the datacenter. Most ZT programs stopped at user-to-app. The next wave has to cover east-west traffic and service-to-service trust inside your own walls.
• Build in multiple security boundaries to avoid single points of failure. Use layered network segmentation, ideally with more than one firewall vendor at critical choke points, so a single exploitable bug doesn't collapse the whole perimeter.
• Fix the identity fundamentals. Stamp out static credentials, turn on MFA everywhere, and get serious about least privilege. This isn’t new advice, but it’s extra motivation if you still have gaps.

 

Where should I focus first?

If you run critical infrastructure or build widely-used open source, get engaged with Glasswing directly if possible. If you don't, your priorities are inventory, patch velocity, and segmentation, in that order. None of this is new advice. What's new is that the cost of getting it wrong is about to go up.

 

Bottom line?

Core Collapse was my feeble attempt to describe how and why this could work. Mythos is what it looks like when it arrives. Anthropic deserves credit for seeing the consequences clearly and for building Glasswing as a serious attempt to get ahead of them, but Glasswing alone won't save us, because the problem isn't just the code. It's everything downstream of the code.

The defenders who start moving now, on inventory, patching, segmentation, and general hardening, get to use the transitional period. The ones who wait get to live through the Vulnpocalypse the hard way. I know which one I'd rather be.

Start today. Start small if you have to. But start.