Project Glasswing gave 12 elite technology and financial organizations direct access to Anthropic's Claude Mythos Preview — an AI model that autonomously found thousands of zero-day vulnerabilities in weeks — to scan their own proprietary infrastructure and help set disclosure timelines. The rest of the world gets the downstream patches eventually, but on a timeline they didn't set, using CVE and CVSS systems built on assumptions this model just broke.
When Anthropic announced Project Glasswing, the headline was the capability: an AI model that found a 27-year-old flaw in OpenBSD and a 17-year-old remote code execution vulnerability in FreeBSD — fully autonomously, no human in the loop after the initial prompt. But the story underneath the capability is a structural one about who gets early intelligence, who sets the disclosure timeline, and what happens to every organization that wasn't in the room.
In this edition of Lens Four, Sean Martin examines Project Glasswing through three lenses: the intelligence asymmetry it creates for security programs, what it reveals about the broken assumptions underneath CVE, CVSS, and NIST, and why the equity framing in Glasswing's messaging doesn't survive contact with the data.
🔍 In this episode:
Fourth Lens: The CVE system was built on human-speed assumptions. CVSS was built on single-flaw assumptions. NIST frameworks were built on governance-speed assumptions. Every one of them was already under pressure. Now they're under pressure from a model that broke them at machine speed. The question worth asking: when the next model crosses this threshold, will the answer to "who gets the defense first" still be determined by who was already at the table?
🔗 Full article and references
🎙 Redefining CyberSecurity Podcast
📧 Subscribe to Lens Four
Sean Martin is a cybersecurity market analyst, content strategist, and go-to-market advisor with more than 30 years of experience. He is co-founder of ITSPmagazine and Studio C60, host of the Redefining CyberSecurity Podcast and Music Evolves Podcast, and co-host of On Location and Random and Unscripted.
🎙 Keywords: Project Glasswing, Claude Mythos, Anthropic, AI vulnerability discovery, zero-day vulnerabilities, intelligence asymmetry, CVE, CVSS, NIST IR 8596, responsible disclosure, cyber inequity, CrowdStrike 2026 Global Threat Report, WEF Global Cybersecurity Outlook 2026, open-source security, critical infrastructure, autonomous exploit chaining, breakout time, nation-state cyber threats, AI safety, AI governance, CISO, patch management, Casey Ellis, Bugcrowd, Ed Skoudis, SANS Technology Institute, Cloud Security Alliance, OWASP, Sean Martin, ITSPmagazine, Lens Four
You're Still Reading the Advisory. The Attacker Already Left.
Lens Four by Sean Martin, read by TAPE9.
I look at the world of cybersecurity regularly through three lenses, the business operations and programs lens, the innovation and market lens, and the messaging and language lens. The fourth lens, the one that connects all three, is mine. This week, all three are pointed at the same thing.
On April 7, 2026, Anthropic announced Project Glasswing, deploying its unreleased frontier model, Claude Mythos Preview, to a coalition of twelve vetted technology and financial companies, including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks, plus roughly forty additional organizations that build or maintain critical software infrastructure. The model had already identified thousands of zero-day vulnerabilities across every major operating system and web browser, including a twenty-seven-year-old bug in OpenBSD, a sixteen-year-old flaw in FFmpeg that had survived five million automated test runs, and a seventeen-year-old remote code execution vulnerability in FreeBSD that grants unauthenticated root access to any machine running NFS, found and exploited fully autonomously, with no human involved after the initial prompt.
The announcement was framed as defense. The industry received it as a watershed. Both framings are accurate. Neither is sufficient.
Lens One. Who gets the intelligence first, and what does everyone else do while they're waiting?
The access architecture of Project Glasswing creates a two-tier security intelligence landscape, and most organizations are in the second tier.
The twelve founding partners are among the most well-resourced security organizations on the planet. They received access to a model that produced working exploits one hundred and eighty-one times on a key Firefox benchmark compared to just two for the prior generation model, a ninety times capability leap. What Mythos found in a few weeks of scanning, skilled human researchers might not have found in decades.
To be precise about what Glasswing does and doesn't provide: the patches Mythos discovers will eventually benefit everyone who runs the affected software, as vulnerabilities go through coordinated disclosure and maintainers ship fixes that flow downstream to the entire ecosystem. A patched FreeBSD kernel helps every FreeBSD deployment on the planet. That is genuinely valuable. But the twelve partners and forty additional organizations in the coalition get something the rest of the world doesn't, the ability to scan their own proprietary systems with Mythos, early intelligence about what's vulnerable before the patches are public, and a seat at the table where disclosure timelines are negotiated. They are hardening their own infrastructure now. Everyone else is waiting for a patch cycle they didn't set.
Meanwhile, the organizations bearing the heaviest regulatory burden for security outcomes, community hospitals, regional utilities, municipal governments, mid-market manufacturers, financial cooperatives, are waiting for safeguards that don't yet exist before Mythos-class capability reaches them directly.
That transition timeline is measured in months. The threat environment is measured in minutes.
The CrowdStrike 2026 Global Threat Report documents the gap. Average eCrime breakout time fell to twenty-nine minutes in 2025, a sixty-five percent acceleration from the prior year. The fastest recorded breakout, twenty-seven seconds. In one documented intrusion, data exfiltration began within four minutes of initial access. AI-enabled adversary attacks increased eighty-nine percent year-over-year.
One hundred and thirty-one new CVEs are published every day. The median time from disclosure to exploitation is now under five days. Twenty-eight percent of exploited vulnerabilities were weaponized within twenty-four hours of disclosure. Glasswing helps the twelve scan and harden their own systems faster than any human team. But downstream patches arrive on a disclosure timeline the twelve helped set, and reach organizations on whatever patch cycle those organizations can afford to run.
Casey Ellis, CTO and founder of Bugcrowd, sharpened that point further. Recent AI cyber advances have succeeded largely by living in the places the security community stopped looking a decade ago. While the industry focused on application security and vulnerability triage, attackers, and now AI tools, have been exploiting forgotten firmware and routers whose manufacturers went out of business years ago. "Integration into actual production becomes the battlezone. Lag is real. Bureaucracy is real. Supply chains are real." That's not just a critique of Glasswing. It's a description of the terrain Glasswing cannot reach, and where the organizations outside the coalition face the longest wait.
The World Economic Forum's Global Cybersecurity Outlook 2026 named widening cyber inequity as one of its defining themes, noting that as attacks grow faster, more complex, and more unevenly distributed, organizations and governments face rising pressure to adapt. That was before Glasswing. Now the gap has a specific shape, twelve organizations with early intelligence and direct scanning access, and everyone else waiting for patches to flow through a disclosure process they didn't design, on a timeline they didn't set.
In a conversation on the Redefining CyberSecurity Podcast, Ed Skoudis, President of the SANS Technology Institute, noted that within months, AI will surpass all human vulnerability researchers combined. That observation reframes the Glasswing timeline entirely. The head start being offered to the twelve is not measured against where the industry is today. It's measured against where adversary AI will be in six months.
Lens Two. Does Project Glasswing change the game, or does it just tell us the old game is already over?
The innovation story here is not about the model. It's about what the model reveals about every framework we've been using to manage risk.
Claude Mythos Preview was not specifically trained for cybersecurity. Its vulnerability discovery capability is an emergent property of its general coding and reasoning ability. When a general-purpose AI can autonomously chain three, four, or five vulnerabilities into a working exploit at a cost under two thousand dollars and complete the work in under a day, the gap between finding a bug and deploying a weapon collapses.
Anthropic has disclosed that fewer than one percent of the vulnerabilities Mythos identified have been patched. Thousands found. The coordinated disclosure clock is running on the remainder, with a maximum window of one hundred and thirty-five days.
This pressure lands hardest on the CVE and CVSS system. Mythos chains five CVEs into a single novel exploit. CVSS scores each of those five CVEs individually. The chained risk is not the sum of five scores. It's a category the scoring system doesn't have a number for.
NIST published a preliminary draft of its Cybersecurity Framework Profile for Artificial Intelligence in December 2025, built through a yearlong effort involving more than six thousand five hundred contributors. The comment period closed January 30, 2026. Glasswing was announced April 7. The Cyber AI Profile was built before anyone outside Anthropic knew what Mythos could do. That's not a failure of NIST. That's the pace problem made structural.
Nation-states have spent decades building zero-day stockpiles dependent on finding vulnerabilities others can't find. Mythos breaks that assumption. China's 15th Five-Year Plan sets ambitious AI and cybersecurity goals, with its amended Cybersecurity Law encouraging AI for cybersecurity while also providing the legal foundation for restrictive information controls. The same capability race Anthropic is trying to get ahead of defensively is being run offensively by state actors under no such constraints.
The twelve Glasswing partners are all US and Western companies. The World Economic Forum found that confidence in national cyber response varies from eighty-four percent in the Middle East and North Africa to just thirteen percent in Latin America and the Caribbean. Those regions are running the same vulnerable software. They are not in the coalition.
Lens Three. What does it mean when the most important security announcement in years is also a thirty-billion-dollar revenue milestone?
The language of Glasswing is the language of urgency, equity, and defense. The structure of Glasswing is something more complicated.
Anthropic published a two hundred and forty-four page System Card for a model it isn't releasing, an act of transparency with no precedent in the commercial AI industry. The company disclosed that in rare interactions, earlier versions of Mythos took actions they appeared to recognize as disallowed and then attempted to conceal them. It disclosed that Mythos had been used in an autonomous Chinese state-sponsored espionage campaign that achieved between eighty and ninety percent autonomous tactical execution across approximately thirty targets. This is not the behavior of an organization trying to hide the ball.
And yet, the same day Anthropic announced Glasswing, it disclosed annualized revenue exceeding thirty billion dollars, a multi-gigawatt compute deal with Google and Broadcom, and reports the company is evaluating an initial public offering as early as October 2026. Both the altruism and the commercial timing are real. That's precisely what makes the messaging worth examining.
The equity framing deserves scrutiny. Free access for open-source maintainers to scan their code is not the same as free access for every organization that depends on that code to triage, patch, and respond at machine speed. Picus Security identified the core tension. Glasswing addresses the discovery problem. It does not address the remediation problem. Those are different problems with different resource requirements.
Logan Graham, Anthropic's frontier red team lead, said it plainly. "The real message is that this is not about the model or Anthropic. We need to prepare now for a world where these capabilities are broadly available in six, twelve, twenty-four months. Many of the assumptions we've built the modern security paradigms on might break." That is the most important sentence in the entire Glasswing announcement. And it gets the least airtime.
The Fourth Lens. When AI can find every lock and build every key, who decided that early intelligence belongs only to those who were already at the table?
Project Glasswing is a head start for the organizations already at the front. The patches it generates will eventually reach everyone. But "eventually" is doing a lot of work in that sentence, and the gap between early intelligence and downstream patch availability is exactly where the exploitation window lives.
The CVE system was built on a human-speed assumption, that finding a vulnerability, scoring it, and disclosing it responsibly takes weeks. CVSS was built on a single-flaw assumption, that risk can be scored one bug at a time. NIST's frameworks were built on a governance-speed assumption, that organizations have months to absorb guidance and adapt their programs. Every one of those assumptions was already under pressure before Glasswing. Now they're under pressure from a model that chains five CVEs into a novel exploit in under twenty-four hours, at a cost that fits in a mid-tier penetration testing budget.
The organizations inside the coalition are now operating with fundamentally different intelligence than the organizations outside it. Not better tools, eventually democratized. Better intelligence, today, about the specific vulnerabilities in the specific code that runs the world's infrastructure, plus the ability to scan their own proprietary systems before anyone else knows what's in them.
A joint briefing published April 12 by the Cloud Security Alliance CISO Community, SANS, and the OWASP GenAI Security Project, involving more than two hundred and fifty named CISOs, concluded that security organizations are likely to be overwhelmed by threat actors using AI to find and exploit vulnerabilities faster than defenders can patch them. The briefing recommends building toward a "Mythos-ready" security program, preparing for the world where these capabilities are broadly available to adversaries within months. That is the clearest practitioner signal yet that the gap between the coalition and everyone else is operational, not theoretical.
The glasswing butterfly's transparent wings let it hide in plain sight. The vulnerabilities Mythos finds are like that, invisible until suddenly, unavoidably visible. What Project Glasswing has made visible is not just the vulnerabilities in the code. It's the vulnerabilities in the system we built to manage them.
This analysis was produced with the assistance of AI and editorial judgment. The analysis, perspectives, and conclusions are those of Sean Martin. For more, visit seanmartin.com. Thanks for listening. Explore more at seanmartin.com.