A 17-year-old bug was hiding in FreeBSD. Not some obscure academic fork — FreeBSD, the operating system running inside PlayStation consoles, Netflix servers, and who knows how many enterprise systems you interact with daily. The vulnerability allowed anyone to gain root access on a machine running NFS. It was introduced sometime around 2009, survived nearly two decades of code reviews, security audits, and patch cycles, and was discovered last month by an AI that had been running for a few hours.
That's where we are.
Anthropic built a model called Claude Mythos — so good at finding security vulnerabilities that they won't release it publicly. Instead, they wrapped it in Project Glasswing and handed restricted access to AWS, Apple, Cisco, Google, JPMorgan Chase, Microsoft, NVIDIA, CrowdStrike, Palo Alto Networks, and about 40 other organizations that build or maintain critical infrastructure. No general availability. No waitlist. A curated guest list for a model that is, in Anthropic's own framing, too capable to let out of the box.
Let that sit for a second.
What Mythos Actually Found
The FreeBSD bug (CVE-2026-4747) is one headline in a much longer list. Mythos also found a 27-year-old flaw in OpenBSD. A 16-year-old vulnerability in FFmpeg — the media processing library embedded in everything from web browsers to professional video software. Thousands of high-severity zero-day vulnerabilities across every major operating system and browser, all found autonomously, without a human pointing it at anything specific.
But here's the part that should really get your attention: Mythos doesn't just find individual bugs. It chains them. It identifies two or three vulnerabilities that each look minor on their own, then builds a multi-step exploit out of four or five of them in sequence. The result is a sophisticated attack path that no single security researcher would have constructed manually, simply because nobody has the attention span or the processing bandwidth to think across that many interdependencies at once.
According to Nicholas Carlini at Anthropic, Mythos can get to "sophisticated attack outcomes" from combinations of vulnerabilities that each look harmless in isolation. That's not a search-and-flag tool. That's a penetration tester with infinite patience and no rate limit.
The Paradox Nobody Wants to Name
Here's the thing. The same capability that makes Mythos terrifying in the wrong hands is exactly what makes it useful in the right ones. You can't find these multi-step exploit chains with conventional security scanning. The whole point of a chain exploit is that each link looks clean. You need something that can hold an entire codebase in working memory, trace execution paths across components, and reason about what an attacker with enough time and creativity would eventually find.
That's an AI problem. So the answer to "how do we defend against AI-powered attacks" is, essentially, "AI." You need the weapon to disarm the weapon.
This is why Anthropic isn't just releasing a security scanning API. They're controlling who gets access to Mythos Preview because misuse risk is real — in the wrong hands, this model could find and exploit the same vulnerabilities it's supposed to patch. Project Glasswing is their attempt to get defenders ahead of attackers before a comparable model leaks or gets independently built by someone with worse intentions.
Whether that's achievable is a separate question.
The Part Developers Should Actually Be Embarrassed About
Here's my hot take that's not really a hot take: the story isn't that Claude found a 27-year-old OpenBSD vulnerability. The story is that the bug survived 27 years of human code review.
We've had security audits. We've had CVE disclosure programs. We've had entire organizations whose full-time job is finding this stuff. The security research community isn't lazy — they've been drowning. The volume of critical infrastructure code is staggering, most of it is old, and humans simply don't have the bandwidth to audit all of it manually. We've been patching the things we could find and crossing our fingers about the rest.
AI just made the backlog visible.
As a developer, this should make you feel two things at once. Relieved — because we're finally going to actually clear this technical debt, and the systems we depend on are going to get more secure faster than they would have in the next decade of human-paced security research. And also quietly embarrassed — because we've been shipping code into the world with a confidence that wasn't fully warranted.
Your code has bugs you haven't found. My code has bugs I haven't found. That's always been true. What's new is that there's now something capable of finding them systematically, and we're in the early days of figuring out who gets to run that process.
What This Means For You
Unless you work at AWS or Apple, you're not getting access to Mythos anytime soon. But Project Glasswing is a preview of what security auditing looks like going forward. A few things worth thinking about now:
- AI security audits will become a baseline expectation. Right now, "we ran automated scans" is table stakes. In two years, "we ran an AI-driven vulnerability chain analysis" will be the new floor for any serious production system.
- Open source maintainers are in scope. Glasswing includes the Linux Foundation as a launch partner specifically because so much critical infrastructure runs on open source software. If you maintain anything with broad deployment, this is increasingly your problem too.
- The dual-use question is live. We're entering a period where the most capable security tools are also the most dangerous offensive tools. How organizations govern access to these models — and how the industry standardizes that governance — is going to shape a lot of what happens next. The FreeBSD bug sat quietly for 17 years. There are thousands more like it. We're finally in a position to find them.
I'm genuinely not sure whether to feel hopeful or terrified. Probably both. That seems right.
Sources: Project Glasswing | Claude Mythos Preview | The Hacker News | Fortune | Schneier on Security