Krux
April 13, 2026
Anthropic's New Model Found a 27-Year-Old OpenBSD Bug
Published: April 13, 2026 at 12:30 AM
Updated: April 13, 2026 at 12:30 AM
100-word summary
Anthropic just launched Glasswing, a cybersecurity coalition with Amazon, Apple, Google, Microsoft, and dozens more, to hunt bugs using Claude Mythos Preview. The unreleased model autonomously found thousands of zero-days, including flaws that sat undetected in OpenBSD for 27 years and FFmpeg for 16. It's not a product you can buy. Access is limited to 40-plus critical infrastructure partners, who get $100 million in usage credits to scan their systems and share findings. The twist: Anthropic built a model powerful enough to expose vulnerabilities at scale, but won't release it publicly for fear it accelerates attacks. The AI security race just became a trust exercise between rivals.
What happened
Anthropic just launched Glasswing, a cybersecurity coalition with Amazon, Apple, Google, Microsoft, and dozens more, to hunt bugs using Claude Mythos Preview. The unreleased model autonomously found thousands of zero-days, including flaws that sat undetected in OpenBSD for 27 years and FFmpeg for 16. It's not a product you can buy. Access is limited to 40-plus critical infrastructure partners, who get $100 million in usage credits to scan their systems and share findings. The twist: Anthropic built a model powerful enough to expose vulnerabilities at scale, but won't release it publicly for fear it accelerates attacks.
Why it matters
The AI security race just became a trust exercise between rivals.