Anthropic dropped something wild.
Project Glasswing revealed that Claude Mythos Preview β a frontier AI model they kept from public release due to dual-use concerns β has autonomously identified over 10,000 high- or critical-severity vulnerabilities across the world's most important software.
Major findings include a critical WolfSSL flaw (CVE-2026-5194, CVSS 9.1) affecting billions of devices. Cloudflare reported 2,000+ flaws found with a false-positive rate "better than human testers."
The model is restricted to ~50 partner organizations, sparking urgent debate about when such capability should be more broadly trusted.
This isn't a theoretical AI security scanner. This is a model that was deemed too risky to release publicly, yet it's outperforming professional security researchers at finding zero-days in production infrastructure.
The question isn't whether AI can find vulnerabilities anymore. It can. The question is what we do with that capability now.
Full breakdown coming soon β what this means for developers, security teams, and anyone who uses the internet.