Project Glasswing is honestly one of the most alarming and exciting things at the same time.
About a week ago, when Claude Code source code was leaked, we found out about a mysterious model called Mythos and now we have official details from Anthropic:
- it's too capable at finding and exploiting software vulnerabilities (found 27-year-old vulnerability in OpenBSD that let an attacker remotely crash any machine just by connecting to it, 16-year-old bug in FFmpeg hiding in a line of code that automated tools had hit 5 million times without catching it)
- it autonomously chained Linux kernel vulnerabilities together to escalate from regular user access to full machine control
- on SWE-bench Verified (agentic coding), it hit 93.9% vs 80.8% for Opus 4.6
- an elite coalition they pulled is damn massive: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, NVIDIA, Palo Alto Networks, and the Linux Foundation all have access to it, before attackers do.
- they're basically admitting that models like this will eventually be available to everyone. The window to patch the world's critical software is now (that's the primary purpose of that coalition)
What are your thoughts on this? interested to hear from y'all below :)
[link] [comments]
