惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

The Hacker News
The Hacker News
C
Cisco Blogs
P
Privacy & Cybersecurity Law Blog
Cloudbric
Cloudbric
S
Security Affairs
PCI Perspectives
PCI Perspectives
The Last Watchdog
The Last Watchdog
AWS News Blog
AWS News Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
N
News and Events Feed by Topic
W
WeLiveSecurity
T
Tenable Blog
L
LINUX DO - 最新话题
T
Tor Project blog
Help Net Security
Help Net Security
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
P
Proofpoint News Feed
爱范儿
爱范儿
O
OpenAI News
Hacker News - Newest:
Hacker News - Newest: "LLM"
Y
Y Combinator Blog
I
Intezer
C
Check Point Blog
Stack Overflow Blog
Stack Overflow Blog
Recent Announcements
Recent Announcements
Google DeepMind News
Google DeepMind News
S
Securelist
P
Privacy International News Feed
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
V
Vulnerabilities – Threatpost
Schneier on Security
Schneier on Security
量子位
SecWiki News
SecWiki News
L
Lohrmann on Cybersecurity
T
Threat Research - Cisco Blogs
Recent Commits to openclaw:main
Recent Commits to openclaw:main
M
MIT News - Artificial intelligence
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Scott Helme
Scott Helme
H
Help Net Security
Vercel News
Vercel News
云风的 BLOG
云风的 BLOG
Spread Privacy
Spread Privacy
Know Your Adversary
Know Your Adversary
I
InfoQ
TaoSecurity Blog
TaoSecurity Blog
Blog — PlanetScale
Blog — PlanetScale
N
News | PayPal Newsroom
小众软件
小众软件
C
CERT Recently Published Vulnerability Notes

Security

Report: Business email compromise attacks surged dangerously in April Scope Systems confirms cyber incident, says no data loss occurred Instructure breach: ShinyHunters says ‘matter has been resolved’ Rapid7 launches Cyber GRC program to connect compliance with live risk data Australian federal budget 2026: The industry perspective Op-Ed: Microsoft May Patch Tuesday reveals 137 vulnerabilities Federal Budget 2026: The state of cyber security spending for the coming year OpenAI offers EU early access to its cyber security model Exclusive: Aussie firm Earth Systems listed by INC Ransom hacking group Op-Ed: Why Middle East tensions demand immediate action on OT security Aussie schools breach: Instructure boss “reaches agreement” with ShinyHunters to not release data Institute of Public Accountants members hit by data breach Union demands answers on Qantas AI plans 1 in 3 small businesses don't think they're a cyber target, new research finds Exclusive: Aussie toy distributor listed by M3rx ransomware Exclusive: Australian Computer Society investigating possible breach after ShinyHunters hack claims The industry speaks – part 2: World Password Day 2026 Aussie schools breach: The Instructure hack “transcends an isolated IT incident” Exclusive: Aussie car part importer Strategic Imports allegedly breached by threat actors New South Wales, other states, investigating Instructure/Canvas data breach Australian Cyber Security Centre warns of ClickFix campaign leveraging Australian infrastructure Queensland Department of Education confirms students & staff impacted by ShinyHunters data breach ACMA takes action against SpinTel & Yomojo over mobile number fraud violations The Industry Speaks, Part 1: World Password Day 2026 Qualys and Converge tie cyber insurance pricing to real-time security posture Fakeout: Iranian APT caught hiding behind Chaos ransomware activity Exclusive: Australian energy management firm allegedly breached by SafePay Real estate giant Cushman & Wakefield confirms cyber incident, Qilin and ShinyHunters claim attack CrowdStrike expands Project QuiltWorks as more partners join AI security coalition Hacked: ALS discloses cyber incident, unauthorised access to IT systems Microsoft the main target of AI phishing attacks, report uncovers Attackers increasingly turning to trusted security tools to compromise Aussie victims Exclusive: Champion Homes confirms customer data compromised in “cyber event” Australia, Japan commit to partnership to meet cyber security challenges & strengthen cyber defences NSW Treasury cyber incident contained, impact no longer ‘significant’ WA rental scam surge: Tenants targeted with fake $500 discount trap Aussie Information Commissioner launches Privacy Awareness Week 2026 Unregistered branded text messages to be labelled ‘Unverified’ from 1 July Exclusive: Major Australian jewellery brand confirms cyber incident Watch this! Komari server monitor tool abused by hackers Act Now! ACSC warns of active exploitation of cPanel & WHM critical vulnerability Exclusive: Kiwi electrical contractor confirms cyber attack Exclusive: Prime Properties listed as breach victim by M3rx ransomware DigiCert launches AI Trust architecture to secure agents, models, and content Winners of the 2026 Australian Cyber Awards unveiled Op-Ed: Redefining performance in the AI-powered SOC NZ council cyber attack leads to ID and financial data being exposed Alert! Wave of fake toll, parking scams impacting countries worldwide, including Australia and New Zealand Vect unveiled: Inside an emerging ransomware group’s affiliate network Exclusive: Gelatissimo confirms unauthorised access, investigates DragonForce hack claims Aussie ice-cream franchise Gelatissimo suffers alleged hack by DragonForce Anthropic Mythos: The model, the myth and the mundane​ Report: Aussie small businesses doing it tough as job scams double, losses rise Cyber attacks on medical devices pose ‘significant’ impact on real-life patient care Twisted Firestarter! Aussie, US, and UK cyber agencies warn of Cisco malware campaign Generation Life informs customers of “cyber incident” as owner shares incident with ASX CBA launches new scam-finding AI agent Sri Lankan government hack sees $3.7m destined for Australia stolen CrowdStrike extends cloud threat detection to Google Cloud Hey big spender! Microsoft to invest $25bn in Australian AI infrastructure Genetec marks Sydney milestone with visit by high commissioner of Canada to Australia Rental platform under fire for collecting excessive personal data Exclusive: SA genealogical research firm confirms cyber incident following SafePay ransom claims PentenAmio announces acquisition of Armour Communications Exclusive: Aussie passports compromised in alleged Favelle Favco data breach Cutting edge: Anthropic’s Claude Mythos preview is a ‘double-edged sword’, expert says Treasury staffer charged for NSW government data breach Op-Ed: AI won’t patch the holes in your SOC Game on! More than a third of FIFA World Cup 2026 partners expose Aussies to email fraud risk Dark web markets: A complete Aussie identity costs as little as $200 Exclusive: NSW-based Strata Republic allegedly breached by Kairos ransomware group Mortgage fraud now harder to detect thanks to AI McGraw Hill confirms ShinyHunters breach, won’t confirm if any Aussie customers impacted Update now: Active exploitation of Nginx UI vulnerability CVE-2026-33032 underway National Defence Strategy 2026: Spending on military cyber capability to reach at least $15bn Exclusive: Qld pharmacy chain allegedly breached by Kairos ransomware Op-Ed: ASIO has broken its silence on cyber crime, and you should listen Too-hard basket: NIST to scale back CVE updates as vulnerabilities soar OpenAI launches GPT 5.4-Cyber in response to Anthropic Glasswing NZ racehorse auction stalled by cyber attack Op-Ed: Microsoft April Patch Tuesday reveals 167 vulnerabilities ADF joins international military exercise focused on cyber resilience and multi-domain operations OpenAI CEO’s home targeted in attempted drive-by just days after Molotov attack Exclusive: Aussie communications company Mastercom ‘aware’ of INC Ransom claims Booking.com confirms cyber incident, customer reservation data potentially compromised Report: Majority of CISOs not ready for the next big cyber attack WASTED! GTA developer Rockstar Games confirms hack as ShinyHunters demands ‘pay or leak’ Exclusive: Gunra ransomware lists Eric Davis Dental as breach victim Op-Ed: Why zero trust for OT should start at the boundary, not the boiler room Exclusive: NSW pharmacy management firm allegedly breached by INC Ransom US Treasury launches intelligence-sharing initiative with crypto companies Citigroup says AI speeds up new account openings Cyber war: Pro-Iranian hackers vow to fight on despite a fragile ceasefire with the US Exclusive: Victorian resort hotel allegedly breached by Space Bears ransomware Game on! Nationwide student competition aims to tackle Australia’s cyber skills gap Exclusive: Anubis ransomware gang claims hack of WA-based Shine Aviation Ransomware group claims hack of legal giant Jones Day Anthropic, partners announce Project Glasswing cyber security initiative Exclusive: Aussie tech firm Seeing Machines confirms potential cyber security incident Space Bears claims cyber attack on Sydney dental clinic
Why Anthropic’s Project Glasswing matters, and what CISOs need to know
David Hollingworth · 2026-04-13 · via Security

Anthropic’s latest AI model can find vulnerabilities at speed and scale. Here’s why industry experts consider Claude Mythos to be a “watershed moment” for the industry and a wake-up call for developers.

AI firm Anthropic announced its latest AI model last week, but declined to release it to a wide audience.

Instead, Claude Mythos will be released as an exclusive preview to a select group of technology and cyber security companies as a tool to identify software vulnerabilities at scale.

You’re out of free articles for this month

To continue reading the rest of this article, please log in.

The reason? It’s too good at what it does. According to the company, the model has already found vulnerabilities in operating systems and web browsers alike, some of which have been around for decades, but had not been identified before.

In fact, 99 per cent of what Claude Mythos found had not been patched at all, making it a potentially dangerous tool in the wrong hands.

A zero-day tsunami

“The model is extremely effective at identifying software vulnerabilities that could lead to zero-day exploits,” Danny Jenkins, CEO and co-founder of cyber security firm ThreatLocker, said on LinkedIn.

“That same capability that helps defenders conduct penetration testing will also be used by attackers to find and exploit weaknesses at scale. Critical infrastructure systems are especially vulnerable, as many still rely on legacy systems the model can easily exploit.”

Jenkins, however, believes the focus on using AI to fight AI is incorrect.

“While defenders should certainly use the same penetration testing tools that attackers use, the conversation of AI stopping AI risks is distracting us from something more immediate,” Jenkins said.

“There are proven steps that organisations can deploy today that do not depend on AI, and we must do so with urgency because Anthropic won’t delay release indefinitely.”

Jenkins said that companies should instead focus on application containment to ensure that platforms can’t bypass traditional controls.

“My advice is straightforward: focus on controls that limit software behaviour, not just controls that detect what’s already happened,” Jenkins said.

“Focus on what you can do today to make yourself more secure, rather than waiting for the next innovation.”

Doug Britton, EVP and chief strategy officer of RunSafe Security, called Anthropic’s announcement a “watershed moment for AI’s runaway zero-day discovery and exploitation”.

“AI is now uncovering memory safety bugs at massive scale, including vulnerabilities that have been hiding in production code for over 25 years – the problem isn’t just that these bugs exist, it’s that they’re being found faster than organisations can fix them,” Britton told Cyber Daily.

“That means the traditional model (find, patch, repeat) can’t keep up anymore. Security has to shift from trying to eliminate every bug to protecting systems even when those bugs are still there.”

Britton added that the Claude Mythos Preview and Project Glasswing news shattered the illusion that just because software has been tested, it is therefore safe.

“OpenBSD has been audited and fuzzed an uncountable number of times over 26 years by world-class researchers,” Britton said.

“Mythos still found a remotely exploitable bug. If that’s possible there, it’s possible anywhere.”

Britton’s also concerned that this leap in technology could make traditional incident response mechanically impossible due to a “tsunami of zero-days across critical software”.

What a CISO needs to know

A more salient question for CISOs than what Anthropic’s new model may mean now, according to Douglas McKee, director of vulnerability intelligence at Rapid7, however, is a more practical and immediate one.

“CISOs do not need to decide this week whether Anthropic’s model changes the entire market,” McKee said in a blog post.

“They do need to ask a more practical question: if my environment starts surfacing materially more vulnerabilities tomorrow, what happens next?”

The answer, McKee said, is probably an uncomfortable one.

“That is where this news becomes relevant. AI-driven discovery does not reduce the need for an exposure-led security model. It increases it. The organisations that benefit most will not be the ones with the biggest pile of findings. They will be the ones that can connect those findings to business-critical assets, internet exposure, identity paths, existing detections, remediation workflows, and validation,” McKee said.

“A good board-level translation is that faster discovery only has value if the organisation can prioritise effectively, remediate quickly, and prove that the fix reduced real exposure. Otherwise, the result is more volume and more noise.”

Cyber DailyWant to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

Tags: