
A single chart from Epoch AI tells a striking story: in June 2026, 21 major tech organizations disclosed roughly 1,500 high- and critical-severity CVEs , more than 3.5 times the previous monthly record. The timing is not a coincidence. The spike follows Anthropic's announcement that Claude Mythos Preview could autonomously discover software vulnerabilities, and the launch of Project Glasswing, a coordinated defensive effort with major industry partners.
A model that broke the benchmarks
Anthropic formed Project Glasswing because of capabilities observed in a new frontier model: Claude Mythos Preview, a general-purpose, unreleased frontier model that reveals AI has reached a level of coding capability where it can surpass all but the most skilled humans at finding and exploiting software vulnerabilities. This is not a security-specific model , it is a general reasoning model that turned out to be extraordinarily good at one of the hardest tasks in software engineering.
Anthropic had historically relied on internal and external benchmarks to track vulnerability discovery capabilities, but Mythos Preview improved to the extent that it mostly saturated those benchmarks. The team had to shift to testing against real-world, previously unknown bugs , called zero-days , to get a meaningful signal.
The results were alarming. Engineers at Anthropic with no formal security training asked Mythos Preview to find remote code execution vulnerabilities overnight, and woke up the following morning to a complete, working exploit. In one documented case, Mythos Preview fully autonomously identified and exploited a 17-year-old remote code execution vulnerability in FreeBSD that allows anyone to gain root on a machine running NFS , and no human was involved in either the discovery or exploitation after the initial request.
The performance gap versus previous models is stark. Claude Opus 4.6 had a near-zero success rate at autonomous exploit development , in one Firefox test, it turned discovered vulnerabilities into working exploits only twice across several hundred attempts, whereas Mythos did it 181 times.
Project Glasswing: a controlled defensive coalition
Faced with a model that could essentially hack anything, Anthropic made a deliberate choice: don't release it publicly. Instead, by releasing the model initially to a limited group of critical industry partners and open source developers with Project Glasswing, the aim is to enable defenders to begin securing the most important systems before models with similar capabilities become broadly available.
Don't miss what's next in AI
Join 300,000+ engineers and researchers who get the signal, not the noise.
- Full access to in-depth AI research breakdowns
- Be the first to know what's trending before it hits mainstream
- Daily curated papers, repos, and industry moves

