Two weeks ago Anthropic announced the Claude Mythos Preview, a new version of their general-purpose language model, with the fanfare that it is "strikingly capable at computer security tasks." So capable in their view that Anthropic has decided to withhold the general release of it in order to give the security industry time to catch up. This latter project is called Glasswing , which is their structured program for reaching out to a select number of organizations they deem worthy of the preview.

Ever since, the industry has been debating the impact of Mythos/Glasswing. There are three main camps:

The first camp believes this is vulnerability Armageddon and the industry is going to drown in security exploits leaving chaos and destruction behind. This view is represented by an analysis published by Gordon Goldstein of the Council on Foreign Relations.

A second camp has emerged taking a more practical, but still pretty hair-on-fire, which tries to lay out what can be done to defend. This is best represented by the work of 250+ CISOs that collaborated on a paper published by the Cloud Security Alliance.

It’s worth noting that a subgroup of this second camp has been harshly critical of a perceived naivete in the way Anthropic has gone about this process, arguing that patch management is far more nuanced than is being accounted for.

A third camp is taking the position that the Mythos drama is largely hype or noise and while they also agree it’s a problem, it’s not unique or new. Representative here would be a blog by Stanislav Fort of AISLE.

Each of the camps brings some good points to the discussion, but overlooks some aspect of the situation and, overall, a longer term view of what happens after the initial / ongoing vulnerability explosion plays out.

The AISLE research is a good place to start. It showed that Mythos’ advantage on vulnerability discovery isn’t actually unique or inaccessible in the market. AISLE was able to replicate the flagship Free BSD exploit from the Mythos announcement with 8 out of 8 open-weight models, including one costing only 11 cents per million tokens. This shows that while Mythos might be a step up in convenience or productivity, it’s not strictly new. Given this, it’s a safe assumption that even moderately skilled attackers, already had access to this capability.

This latter point seems to be confirmed by a recent, nearly coincident in timing, announcement from NIST changing the criteria for which CVE submissions will be enriched by in the National Vulnerability Database. Because of surge of 263% in submissions from 2020 to 2025, and a one-third increase this year alone, NIST will focus only on CVEs that it deems critical. In other words, the pace of vulnerability discovery, prior to the Mythos’ preview, is already outrunning the human infrastructure meant to respond. It’s impossible to say for sure this is due to AI, but it’s a good bet. Mythos, and other models like it that are sure to follow, might accelerate, or even dramatically accelerate this pace, but the dynamic is not new.

Further, as Rich Mogull , one of the lead authors on the Cloud Security Alliance paper, pointed out, Anthropic’s own report acknowledges that Mythos was unable to remotely exploit any of the vulnerabilities it found. The reason was that security mitigations in place prevented remote exploit. In other words, “ Defense in depth held ” [emphasis Rich’s].

Two Paths (Neither Will Work)

That said, everybody is in agreement that the pace of vulnerability discovery and the potential impact of models like Mythos is a problem. So far, the response pattern follows one that seems logical at first but is doomed to fail.

Glasswing is limiting preview access. According to the announcement, twelve large organizations were named as launch partners, but Anthropic has “…extended access to over 40 additional organizations that build or maintain critical software.” It’s hard to imagine that it is more that a drop in the bucket when compared to the number of organizations likely to be affected. As was shown in the AISLE research, protecting the world from Mythos results that already can be replicated by open-weight models, seems kind of pointless. Furthermore, it has been reported that unauthorized users have already found a way to access Mythos. Choose your metaphor: there is no way to keep this cat in the bag, Pandora’s box is already open, etc.

A theoretically more sustainable approach, though not without short term pain, is to learn a lesson from cryptography. In1883, Auguste Kerckhoffs a paper that laid out several principles for improved cryptography. Notably he argued that a cryptographic cipher should remain secure even when the enemy knows everything about it except the key. A century of experience with proprietary crypto libraries failing has yielded an unambiguous consensus that the only cryptography worthy of use is that which has been publicly published and rigorously vetted for exploitability.

By embracing a version of the Kerckhoffs principle and relying on software that has been battle-tested in an open way, it’s possible that the problems of software vulnerability could meaningfully improve to a more sustainable and less vulnerable state. This would mean only trusting code or code components that were open source and had come out the other side of the vulnerability apocalypse and its aftermath.

In practice, it’s not feasible for all code to be open to full inspection in a public way. Companies need to be able to monetize IP, which means keeping some secrets. The compromise path forward will be to rely on open source for everything not intellectual property relevant and to use the best models for vulnerability discovery on everything that is closed source. In essence, SaaS companies do a version of this today as much of the code in their infrastructure is built from open source. The key difference is that in this hypothetical future, all of that open source code has been more rigorously vetted by frontier models.

Another practicality problem with this future is the inevitable tragedy of the commons. Almost every software company and many enterprises use open source software and very few pay to discover and remediate vulnerabilities in that code. This seems unlikely to change. And while models like Mythos make vulnerability discovery easier, tokens aren’t free. When the Glasswing open source subsidies run out, the industry is going to have to reckon with a world in which whoever is willing to pay for the compute of vulnerability discovery gets access to the information.

In a perfect world, government and industry would collaborate to fund this. But in our world, it’s much more likely that the vetting of open source continues to be mostly non-consensual, by attackers, resulting in a cycle of pain. A huge exploit event (like the recent LiteLLM supply chain attack ) will happen. There will be a flurry of patching. Then back to the normal routine until the next widespread attack event. These cycles will repeat, but with luck in the long term, we should end up with a de facto version of the Kerckhoff principle.

What This Means For The Industry

For vulnerability discovery companies the outlook is bad. For sure, code vulnerability scanners in the short term will see a lot of pressure from Mythos and its peer models. But it also seems likely that models will solve more general vulnerability discovery (think configurations, etc.) as well.

For remediation vendors, the short term looks great. There will be strong demand from the Glasswing output. They should also benefit from the mass exploit pain cycles. In the longer term, it’s unclear whether foundation models will be able to do this well.

For defense in depth vendors (i.e., security products that focus on prevention) things look great. For one thing, defense in depth is currently working to mitigate the threat. Mythos didn’t accomplish remote exploit. As counter intuitive as it may seem, CISOs should invest in these kinds of tools this at least as much as they are investing in patching.

Open source software users are going to have a very rough go of it in the short and medium terms. The mass exploit cycle that’s coming will be painful. In the long term, though, I’m hopeful this turns around and we reach some sort of Kerckhoff state for open source software.