Your Code Has Bugs That AI Will Find Before You Do

For twenty years, cybersecurity operated on a simple equilibrium: finding vulnerabilities was hard, exploiting them was harder, and patching them was slow but usually fast enough. Humans reviewed code. Automated tools ran fuzzing campaigns. Bugs slipped through, got found eventually, got patched. The system was imperfect but stable.

That equilibrium just broke.

Anthropic built an AI model that finds and exploits software vulnerabilities better than almost every human on the planet. Not in a lab. Not on toy benchmarks. On real operating systems, real browsers, and real production infrastructure that powers the internet. And then, instead of releasing it, they got twelve of the biggest companies in tech together and said: we need to patch everything before someone else builds this.

What Anthropic Built

The model is called Claude Mythos Preview. It's a general-purpose language model — not a specialized security tool — that happens to be devastatingly effective at finding, understanding, and exploiting software vulnerabilities. It works autonomously. No human steering. You point it at a codebase or a binary and it goes hunting.

What it found:

• A 27-year-old bug in OpenBSD — one of the most security-hardened operating systems ever built. A TCP implementation flaw that allows remote denial of service. Twenty-seven years of expert human review missed it.
• A 16-year-old bug in FFmpeg — a video codec flaw from 2008. Automated fuzzing hit the vulnerable code path five million times without triggering it. Mythos found it on its own.
• Full Linux kernel privilege escalation — the model independently found and chained together multiple kernel vulnerabilities to go from unprivileged user to complete root access. Not one bug — a chain of bugs, linked together autonomously.
• Browser sandbox escapes — autonomous development of heap sprays chaining four separate vulnerabilities to escape both the browser sandbox and OS protections.
• Closed-source reverse engineering — Mythos reconstructed source code from stripped binaries, then found vulnerabilities in closed-source browsers and operating systems, including firmware bugs enabling smartphone root access.

Read that last one again. It reverse-engineered software it had never seen the source code for, and then found exploitable vulnerabilities in it.

The Numbers Are Not Close

Anthropic compared Mythos Preview against their current best model, Claude Opus 4.6, on the same security tasks. The gap is staggering.

Firefox JavaScript engine vulnerabilities:

• Opus 4.6: 2 successful exploits from several hundred attempts
• Mythos Preview: 181 working exploits, plus 29 additional register control cases

OSS-Fuzz testing across 7,000 entry points:

• Opus 4.6: ~175 basic crashes, 1 meaningful control case
• Mythos Preview: 595 crashes, 10 full control-flow hijacks — meaning complete takeover of program execution

CyberGym benchmark (vulnerability reproduction): Mythos 83.1% vs Opus 66.6%

And because Mythos is a general-purpose model, not a security-specific one, it also crushes standard coding benchmarks: 93.9% on SWE-bench Verified (vs Opus 80.8%), 77.8% on SWE-bench Pro (vs Opus 53.4%). This isn't a narrow tool. It's a frontier model that happens to be a world-class hacker.

Project Glasswing: The Emergency Response

Anthropic's response to building this was not to ship it. It was to convene Project Glasswing — a defensive security consortium of 12 organizations: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.

The initiative provides:

• $100 million in Mythos Preview usage credits for defensive security work
• $2.5 million to Alpha-Omega and OpenSSF through the Linux Foundation
• $1.5 million to the Apache Software Foundation
• Extended access for 40+ additional organizations maintaining critical infrastructure

Named after the glasswing butterfly — transparent wings that both conceal and reveal — the project exists because Anthropic looked at what they built and realized the window between "AI can find these bugs" and "attackers can find these bugs" is closing fast.

Anthropic was explicit: they do not plan to make Mythos Preview generally available. Instead, they'll develop cybersecurity safeguards and launch them with a future Opus model. A Cyber Verification Program will eventually give vetted security researchers access.

Why This Is Terrifying

Here's the part that should keep every engineer awake at night.

Over 99% of the vulnerabilities Mythos discovered remain unpatched. Not because nobody cares — because the volume is overwhelming. Thousands of zero-day vulnerabilities across major operating systems and browsers, found in days. The entire coordinated disclosure and patching pipeline of the global software industry cannot absorb that volume.

The vulnerability window — the time between a bug being discoverable and being patched — has collapsed. What used to be months is now minutes with AI. And while Anthropic is being responsible with restricted access, they can't un-discover the capability. Other labs are building the same thing. The knowledge that this is possible accelerates everyone.

The security industry's dirty secret was always that most software is held together with assumptions. The assumption that certain code paths wouldn't be reached. That certain combinations of bugs wouldn't be found together. That fuzzing coverage was "good enough." That code surviving decades of review was probably safe.

Mythos shattered every one of those assumptions in a matter of days.

What This Means for Every Engineer

If you ship code — any code — this changes your threat model.

Your dependencies are exposed

Every open-source library in your stack has been sitting in public repositories for years, waiting for this level of scrutiny. The bugs that human reviewers and automated tools missed? An AI model can now find them. Your transitive dependency tree is a liability in a way it wasn't six months ago.

"It works in production" is no longer a security posture

Code that has been running for years without incident isn't safe — it's unexamined. Mythos found bugs that survived decades. Production stability was never evidence of security. Now there's an entity that can prove it.

Patching speed becomes existential

When vulnerability discovery happens in minutes, patch deployment can't take weeks. Anthropic's own recommendations emphasize dramatically shortening patch cycles, implementing automatic updates, and treating dependency CVE fixes as critical rather than routine. The days of "we'll get to it next sprint" are over.

Memory-safe languages aren't a silver bullet

Mythos found logic vulnerabilities, authentication bypasses, and cryptographic weaknesses — none of which are prevented by Rust or Go's memory safety. It also found bugs in virtual machine monitors and TLS implementations. The attack surface is wider than any single language can protect.

Closed source is no longer security through obscurity

The model reconstructed source code from stripped binaries and found exploitable vulnerabilities in closed-source software. If your security strategy includes "nobody can read our code," that strategy is dead.

The Race Is On

Anthropic built this first — or at least, announced it first. But they won't be alone for long. Google, OpenAI, and every major AI lab with frontier model capabilities will reach similar levels of security proficiency. Some probably already have. The capability isn't a feature to be added — it's an emergent property of models that are good enough at code understanding and reasoning.

Anthropic's approach — restrict access, fund defensive work, build safeguards before broad release — is the responsible path. But responsibility is a choice each lab makes independently. And state-sponsored actors from adversarial nations don't publish blog posts about their capabilities.

Global cybercrime already costs around $500 billion per year. That number is about to look quaint.

The Long Game

There's a hopeful framing here, and it's not naive. In the long run, defenders have the advantage. Organizations can deploy AI models at scale to continuously scan, find, and patch vulnerabilities across their entire infrastructure. The same capabilities that make Mythos terrifying as an attacker make it transformative as a defender.

But we're not in the long run yet. We're in the gap. The transition period where these capabilities exist but defenses haven't caught up. Where thousands of zero-days are known to a model but unpatched in production. Where the security infrastructure of the internet — disclosure processes, patch pipelines, update mechanisms — was built for human-speed discovery and now faces AI-speed reality.

Anthropic's 90-day public reporting commitment, their coordinated disclosure pipeline with professional security contractors validating every report, their explicit decision not to release Mythos publicly — these are the right moves. But they're moves in a game that's about to get much bigger and much faster.

The Bottom Line

Every codebase you've ever worked on has bugs that an AI can now find and exploit. Not theoretically — proven. The software industry's entire security model was built on the assumption that finding vulnerabilities at scale was hard. That assumption is gone.

Patch your dependencies. Automate your updates. Shorten your deployment cycles. Assume that every line of code — yours, your libraries', your operating system's — is being examined by something that doesn't get tired, doesn't miss patterns, and doesn't need source code to find your bugs.

The glasswing butterfly has transparent wings. The metaphor is apt. Everything is visible now.

Related Reading

Claude Code Computer Use: Your AI Can Now See and Control Your Screen

KISS Your AI Workflow

The Re-Soloing