“Fewer than 1% of the vulnerabilities found by Mythos were patched.”
Mythos found decades-old bugs; Anthropic delayed release
Last week Anthropic announced Project Glasswing, a program built on Mythos Preview — an AI model that, according to the source, discovered vulnerabilities across every major operating system and browser. Anthropic took the extraordinary step of postponing a public release of the model and instead granted access to Apple, Microsoft, Google, Amazon and a coalition of others to permit patching before adversaries could act.
The model’s output included highly specific, high-impact findings: a 27‑year‑old bug in OpenBSD; a four‑bug exploit chain that bypassed both a browser renderer and OS sandboxing; a local privilege escalation in Linux via race conditions; and a distributed, 20‑gadget ROP chain targeting FreeBSD’s NFS server. Mythos achieved a 72.4% success rate in the Firefox JavaScript shell, the source reports — a step-change from Anthropic’s prior model, Claude Opus 4.6, which “failed at autonomous exploit development almost entirely.”
Calendar speed versus machine speed: why fixes lag
The central problem Glasswing exposes is not discovery — it is remediation. The source frames defenders as operating on “calendar speed”: gathering intelligence, building campaigns, simulating threats and mitigating over multi‑day cycles that average about four days on a good day. AI‑driven attackers, the piece warns, operate at “machine speed.”
That structural mismatch matters because Mythos solved the finding problem while the ecosystem, per the source, could not absorb the output: fewer than 1% of Mythos-discovered vulnerabilities were patched. The existing handoff model — scanner, analyst triage, ticket to engineering, patch weeks later, and no re‑validation — is called out as the single chokepoint where machine‑speed discovery turns into human‑speed exposure.
Real-world precedent: FortiGate incident and faster weaponization
Earlier this year, the source recounts, a threat actor used a custom MCP server hosting an LLM as part of an attack chain against FortiGate appliances. The model automated backdoor creation, internal mapping, autonomous vulnerability assessment and AI‑prioritized execution, and — the report states — 2,516 organizations across 106 countries were compromised in parallel. The entire chain from initial access through credential dumping to data exfiltration ran autonomously, with human review occurring only after the fact.
The article places that event in broader trends: autonomous systems like AISLE reportedly discovered 13 of 14 OpenSSL CVEs in coordinated releases, XBOW became the top‑ranked hacker on HackerOne in 2025, the median time from disclosure to weaponized exploit fell from 771 days in 2018 to single‑digit hours by 2024, and by 2025 the majority of exploits will be weaponized before public disclosure.
Picus Swarm: autonomous exposure validation as the proposed fix
The author, Sıla Özeren Hacıoğlu of Picus Security, lays out a defensive prescription that centers on validation rather than additional discovery. Picus’ product, Picus Swarm, is described as an AI agent ensemble that compresses the traditional four‑day cycle into minutes. The workflow the source describes uses four agent roles — researcher, red teamer, simulator and coordinator — to ingest intelligence, map it to an environment, execute safety‑checked simulations across endpoints and cloud, and bridge findings to remediation via tickets, SOAR playbooks, EDR indicators and re‑validation. Picus claims the chain, from a CISA alert to validated, remediation‑ready findings, runs in about three minutes.
The article is explicit about bias: Picus builds autonomous validation platforms and is arguing that validation — proving which discoveries are exploitable in a given environment — is the bottleneck that must be solved if AI will continue to accelerate vulnerability discovery.
What this means for Apple, OpenBSD maintainers, and enterprise security teams
- Apple, Microsoft, Google and Amazon: they were given early access to Glasswing to patch pre‑release findings. The source suggests those platform and vendor teams will be measured by how many of these AI‑found vulnerabilities they can remediate before exploitation.
- OpenBSD and FreeBSD maintainers (and other open‑source maintainers): Mythos exposed long‑lasting bugs — including one in OpenBSD present for 27 years and a complex ROP chain against FreeBSD’s NFS server — underscoring the pressure on maintainers to triage AI‑generated discoveries alongside ongoing development and community processes.
- Enterprise security teams (illustrated by the mention of Atlassian’s CISO David B. Cross speaking at the Autonomous Validation Summit and practitioners from Kraft Heinz and Glow Financial Services attending): they must change prioritization from CVSS‑centric pipelines to environment‑specific, signal‑driven validation and closed‑loop remediation if they hope to act at machine speed.
Project Glasswing does two things at once: it proves that AI can find deep, chained and long‑hidden vulnerabilities, and it forces a new test — can the software and operations ecosystem patch faster than adversaries weaponize? As the source concludes, the metric that will judge this moment is simple and unforgiving: how many vulnerabilities get patched before they are exploited. The Autonomous Validation Summit on May 12 & 14 is positioned as one near‑term forum where vendors and practitioners will wrestle with that question.




