





















Written by Rich Mogull, Chief Analyst, CSA.
I don't really know who coined it, but for the past six months or so we've been tossing around the term "Vulnpocalypse." We use it to describe the inflection point where LLMs are able to discover zero day vulnerabilities, and create zero day exploits, faster than we can patch. It's the core asymmetry that drove me to write my Core Collapse blog post.
Our very own CISO in Residence (and CEO of Knostic), Gadi Evron, was one of the first to change my thinking about this based on a LinkedIn post (covered in Security Boulevard by Alan Shimel). The concept was also mentioned prolifically at the [un]prompted AI security conference.
And today, it's here, thanks to two announcements by Anthropic.
The first is Mythos Preview: a non-public frontier model with a massive improvement in its ability to find and exploit software vulnerabilities. The second is Project Glasswing, Anthropic's program for getting that capability into the hands of critical industry partners and open source maintainers before equivalent capabilities show up elsewhere.
This is exactly the moment I described in Core Collapse. The math hasn't changed, but the timer just started. Some folks are already calling this the beginning of the Vulnpocalypse. It's a term I should hate; it's the kind of hyperbole I generally despise, but this time I suspect the superlatives are warranted. Don't panic, but don't sit still. Mythos exists, and through Glasswing Anthropic is leveraging it to make us all safer, but we can't just sit and wait. We have a window, and there is real work we can start doing today.
Mythos Preview is a non-public Anthropic model with dramatically improved capabilities for discovering and exploiting software vulnerabilities. In Anthropic's own testing it found and exploited zero-days in every major operating system and every major web browser it was pointed at, including a 27-year-old bug in OpenBSD (an operating system specifically known for its security engineering). Many of the bugs it found were 10 or 20 years old. This isn't a marginal improvement, it's in a different league.
They didn't, at least not on purpose. These are emergent properties from teaching models to code well and code securely. You can't build a model that's genuinely good at writing and reviewing software without it also getting good at understanding how software breaks. If I teach you how to build a lock, you'll learn how to pick a lock. Credit to Anthropic for recognizing the implications early, being transparent about them, and working with competitors and partners to address the fallout. That's not how this industry always behaves, and it matters.
Bad enough to take very seriously, not bad enough to panic. A few data points from Anthropic's writeup:
This is what Core Collapse predicted: a capability that was previously gated behind years of specialized expertise is now a wide enabler, across skill levels. That's the part that changes the math.
No. Not at all. That isn't how ANY of this works. Frontier models like Mythos don't run on a laptop, they run on massive, purpose-built infrastructure with dedicated neural networks and enormous compute capacity. The code that was stolen earlier was for Claude Code, which is a client that talks to the models. You can have every line of that client and still be nowhere near running Mythos yourself. That's also why Anthropic can tightly control who uses Mythos, monitor how it's used, and throttle or cut off abuse. It's exactly that control that makes Glasswing possible.
That said, Mythos is a wake up call. We should absolutely assume nation-states will eventually build equivalently capable models, and that some fraction of these capabilities will make their way into open-weight models over time. Glasswing buys us time. It does not buy us forever.
Glasswing is Anthropic's program for releasing Mythos Preview in a controlled way to a limited set of critical industry partners and open source maintainers with the explicit goal of letting defenders harden the most important systems before equivalent models are broadly available. The thesis is that in the long run, powerful language models benefit defenders more than attackers, because fixing bugs scales better than exploiting them. I think they're right about the endgame. The question is what happens in the transitional period.
The catch is that "fix the code" and "fix the problem" are not the same thing. Anthropic's framing assumes that if we can patch the bugs, we've solved it. Anyone who has actually tried to get an enterprise to deploy a critical patch across its estate knows better. You could fix every open source project on GitHub today, harden every major operating system, and still leave tens of thousands of organizations exposed, because they can't patch fast enough, can't patch at all, or don't even know what they're running.
And that's before we get to the long tail: decades of custom enterprise code, legions of unpatchable consumer devices, home routers nobody will ever touch again, and OT environments that are already a disaster on a good day. This is where the Vulnpocalypse actually lives. Not in the code on GitHub. In the deployment gap.
Yes! And I don't say that lightly. Y2K was handled because we treated it as a systemic problem with a hard deadline and put national-level resources behind it. We need to be thinking the same way here with nation-level resiliency, coordinated hardening of critical infrastructure, and systemic advancements in software supply chain and patch management. Leaving every organization to fend for itself is not a plan. However, we also can't wait for governments to help; this will move too quickly, and governments… have a lot going on these days.
Quite a bit, actually. Buried in the Mythos Preview writeup is one of the most important findings for defenders: Mythos Preview identified a number of Linux kernel vulnerabilities, buffer overflows, use-after-frees, double-frees, many remotely triggerable. And after several thousand scans, it could not successfully exploit a single one of them remotely. Where it succeeded was in local privilege escalation, against a weaker boundary.
Read that again. Defense in depth held. The Linux kernel's mitigations, the boring, unsexy work of years of hardening, turned "exploitable vulnerability" into "unexploitable vulnerability" even against a model that was explicitly trying. This is the path forward. Hardening works. Boundaries work. The exploit-finding floor is dropping, but the cost of turning a bug into a working attack is still a function of how much defensive engineering sits between the bug and the asset.
A lot, actually. These are starting points, not a finished program. We will publish more research over time with more detailed recommendations, but here's where I'd focus right now. (I’m not pretending these are easy! All of this is hard at scale, but I don’t see other options.)
If you run critical infrastructure or build widely-used open source, get engaged with Glasswing directly if possible. If you don't, your priorities are inventory, patch velocity, and segmentation, in that order. None of this is new advice. What's new is that the cost of getting it wrong is about to go up.
Core Collapse was my feeble attempt to describe how and why this could work. Mythos is what it looks like when it arrives. Anthropic deserves credit for seeing the consequences clearly and for building Glasswing as a serious attempt to get ahead of them, but Glasswing alone won't save us, because the problem isn't just the code. It's everything downstream of the code.
The defenders who start moving now, on inventory, patching, segmentation, and general hardening, get to use the transitional period. The ones who wait get to live through the Vulnpocalypse the hard way. I know which one I'd rather be.
Start today. Start small if you have to. But start.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。