April 7, 2026
Bug buster or chaos machine?
Anthropic's Project Glasswing sounds necessary to me
AI finds bugs everywhere; devs cheer, home gadgets panic, open source braces
TLDR: Anthropic is previewing a powerful bug-finding AI instead of releasing it widely, after it uncovered major flaws—even a decades-old one. The community is split: some applaud fast fixes and caution, while others fear costs for smaller device makers and mounting pressure on open-source projects.
Anthropic kept its new “Claude Mythos” model behind glass under Project Glasswing, and the internet instantly split into two camps: “finally, the bug-squashing bot we needed” vs “this thing will turn every smart light into a hacker’s disco.” Fans cheered that Mythos has already flagged thousands of serious flaws across major systems, and even chained multiple small bugs into big, movie-level hacks. One clip-worthy moment: a 27-year-old OpenBSD crash bug got patched after Mythos sniffed it out. Cue the “AI slop is dead; we’re in a security report tsunami” vibes, echoing open source veterans who say the flood just got real.
On the cheer squad, [orenlindsey] wants AI scanning everywhere, while [verdverm] lumps this into “necessary efforts” and tosses in a push for stronger privacy laws and tools like roost.tools. But the anxiety bronco is bucking hard. [ghm2199] worries the long tail of routers, smart locks, and car fobs—made by companies that can’t afford the “$20,000 of tokens” to fix bugs—will be fish food. Meanwhile [zingababba] predicts “downward pressure” on open source and a world where “0day becomes cheap,” shrinking the time between finding a hole and someone exploiting it. The Hacker News thread is pure popcorn: caution, hype, and existential side-eye all in one binge.
Key Points
- •Anthropic withheld a public release of Claude Mythos, offering restricted access via Project Glasswing due to its powerful cybersecurity capabilities.
- •Anthropic says the Mythos Preview has uncovered thousands of high-severity vulnerabilities, including in every major operating system and web browser.
- •Project Glasswing partners will use the model for local vulnerability detection, black-box testing of binaries, endpoint security, and penetration testing on foundational systems.
- •Anthropic’s Nicholas Carlini reports the model can chain multiple vulnerabilities and helped find an OpenBSD kernel crash bug and Linux privilege escalations; maintainers were notified and patched.
- •An OpenBSD 7.8 errata (025, March 25, 2026) notes a fix for crashes from invalid TCP SACK options, aligning with the example cited in the article.