What Anthropic’s Mythos and Project Glasswing Mean for Your Apple Devices

[Moving this previous discussion into Rich’s article comments to keep it all together. -Adam]

I’ve been writing a lot lately about AI and how it’s reshaping the world most people aren’t watching closely enough. This one sits right at the intersection of Apple and that bigger picture — and I think it deserves attention from this community specifically.

Last week I wrote about how AI has fundamentally shifted the balance between those who find security vulnerabilities and those who defend against them — and why the next few years represent a meaningful window of elevated risk, not just for personal devices but for critical infrastructure.

This week, Anthropic announced Project Glasswing.

Apple is a founding partner — alongside Microsoft, Google, Amazon Web Services, Cisco, JPMorganChase, NVIDIA, CrowdStrike, Palo Alto Networks, and the Linux Foundation.

For a community that follows Apple closely: Apple does not join multi-company co-ordinated initiatives lightly. When they do, it’s worth asking why.

What’s Project Glasswing?

Anthropic has developed a new AI model (not publicly available) that can autonomously find security vulnerabilities — the kind that have been hiding undetected for years, sometimes decades. In recent weeks it found thousands of critical vulnerabilities across every major operating system and browser, including:

• A 27-year-old flaw in OpenBSD — one of the most security-hardened operating systems in use

• A 16-year-old flaw in FFmpeg that had survived five million automated test runs without detection

• A chain of Linux kernel vulnerabilities that, when combined, allowed escalation from ordinary user access to full machine control

The initiative exists because those same capabilities will inevitably become more widely available — including to malicious actors. Project Glasswing is an attempt to get defenders ahead of that curve.

Why Apple?

Apple’s software runs on over two billion active devices. A significant vulnerability in macOS, iOS, or Safari — the kind this model can now find autonomously — would be a consequential problem. Their presence as a founding partner suggests they’ve assessed the risk and decided that active participation in the defence effort is worth more than waiting on the sidelines.

The bigger picture

The announcement is both sobering and genuinely hopeful. Sobering because it confirms what CrowdStrike described plainly in the announcement: “The window between a vulnerability being discovered and being exploited has collapsed — what once took months now happens in minutes.” Hopeful because the explicit goal of Project Glasswing is to give defenders a durable advantage in the long run — not just to patch the current gap but to build better security infrastructure for the AI era.

The transition period is the risk. The destination is potentially a more secure world than we’ve had before.

I’ve been thinking and writing about the broader implications of this kind of AI-driven change — for infrastructure, for communities, for how people prepare. If that’s a conversation that interests anyone here, I host a community called Future Together focused on exactly these discussions. Our next online meetup is Tuesday 15 April at 5:00 pm AEST — open to anyone, no technical background required.

Curious what the TidBITS community makes of this. Are Apple’s security teams already using AI for vulnerability detection at scale? Does the scope of the Glasswing partnership change how you think about the risk?

Piece in the NYTimes on this project.

Anthropic strike me as among the more responsible actors in this field, even with the release of their source code (cough). Interesting to see this field testing of collaboration between major players being announced. Coding is probably the leading edge of AI development, a bit of a glimpse into what may be coming for infrastructure as well as medical, scientific research.

I’ve been wrestling over how to respond to this thread for more time than I should.

On the one hand, it’s not the first time that major corporations and other organizations have joined forces to address public security concerns. On the other hand, the velocity and sophistication of cyberattacks that I’ve seen in the last year have increased in a truly sobering (if not terrifying) fashion.

It absolutely makes sense for Apple to join this sort of initiative now. I would be shocked if Apple were not using some sort of AI-informed security countermeasures now, but we are at a stage where development of new, industry-wide “best practices” are required.

Seems like a great idea to me. It was inevitable that these models would grow to a point that they would be able to find security issues more and more quickly. Now Apple et. al. will be able to run the models against their code to find vulnerabilities, probably even get suggestions to patch them, and even if there are a lot of false positives, that’s better than the alternative - which is someone else doing the same thing, not telling Apple about them so they can exploit them for gain.

I don’t even know why this would be controversial.

As a corollary to my last comment, I think that we have finally reached the point where anyone using old, unsuuported equpiment seriously needs to consider either retiring that equipment or limiting its use to tightly controlled, generally unconnected environments.

The bottom line is that the cost of targeting a broad range of obsolete or unsupported technologies is plummeting. It’s like the economics of spam. If the cost of attack toolkits becomes essentially zero, then it becomes trivial for modern day “script kiddies” to deploy surprisingly sophisticated attacks indiscriminately against a lot of targets, never mind the damage that well-funded entities can execute.

In the same way that publicly exposing an unpatched Windows 95 computer on the Internet once would result in compromise within minutes (if not less), I’m confident that some of our most beloved older Apple devices are becoming unacceptable risks.

I wonder, if by the same token, this also means the cost of finding/developing patches to such vulnerabilities is plummeting.
If that effort were indeed to go to near zero, it would become harder to justify why manufacturers can’t be compelled to provide security patches over time periods much longer than just the 2 most recent years.

I think it’s true that the cost of developing patches is decreasing, but thanks to entropy, it’s also true that it is easier to find flaws than to fix them.

While it would be nice to think that the market (or governments) might compel companies to support products longer, I think that substantially increased threat profiles would encourage companies to enforce mandatory updates more ruthlessly rather than support devices longer. Ironically, that is not far from Apple’s current practice.

Of course, I would favor an environment where it becomes commonplace to support older devices longer than is the current practice. I think it would be much easier to do that if there were greater decoupling between OS and apps.

I’m not holding my breath.

Having a good friend that works on their safety team, I confidently claim they are the most responsible. I consider release/leak of source code as completely separate issue from model safety.

The main issue I see at present though is the shifting balance between attackers and defenders of critical infrastructure. It’s only short/medium term situation, but horizon is out far enough that substantial damage could occur in that time.

Which means the question is, what can we do to mitigate those risks?

This is the critical factor. While it technically also means that defenders can move more rapidly, the reality is the existing systems are caught in processes (corporate, compliance, hardware, etc) that are too slow to respond.

What do those “best practices” look like, especially when some of the critical systems are decades old?

For users of Apple equipment, I believe we are relatively safe - issues that are discovered will be fixed and pushed out in reasonable time frame. It’s the systems we connect to with our Apple devices that are of greater concern. How does a bank with COBOL systems from last century react to discovered vulnerabilities (real issue if I’m to believe a recent podcast)?

I don’t think using models is controversial (apologies if I my post gave that impression) - the issue is the balance has shifted in favour of attackers. While both attackers and defenders have access to models, the defenders are trapped by legacy processes which make mitigations too slow.

Granted, Mythos is not publicly available, but Opus 4.6 is also very capable of finding flaws in systems. The attackers already have cutting-edge access.

This is the important observation. But expand that to systems and technologies underpinning critical infrastructure - system that are far from trivial to update.

Yes, that is also true. But generating the fix is only a minor part of the solution. It’s all the processes around getting that fix pushed out, whether due to technical challenges, corporate governance, lost/archived processes, etc - that make the balance favouring the attackers so relevant.

There is also a chain-reaction. There is a long history of one patch triggering a new vulnerability. (That was topic of a podcast I listened to this morning.) Fixing one issue doesn’t really mean making a system more secure; it can even be the opposite.

Many people agree with you. And there are number of projects whose sole purpose is to breathe life into old unsupported hardware. But there are still too many systems that become bricks as technology marches on.

I have a hope that AI generated software will be able to bring life (& better security) to even more old hardware. I also believe we’ll get to that point. But in the meantime, the attackers have the advantage of being able to move more quickly and have access to really powerful models.

There is very real risk ahead. Project Glasswing is a good step, but is it sufficient?

Dave Plummer (retired Microsoft Engineer) shares his own two cents on the Axios hack, Anthropic source code theft, and related topics:

All of this on my mind after fixing up a few things on my mother’s MB Air a week ago. It won’t update beyond Monterey, can’t install latest Safari. I moved her to Firefox which did run as the latest version.

She uses it mainly for streaming now. Has no interest in picking up the Neo (yes I tried). Not looking forward to trying explaining this turn of events.

Welcome to a major escalation in the InfoSec cold war. Anthropic just developed the equivalent of a digital nuclear weapon. How long before the bad guys catch up? Fully expecting to witness opposing A.I.’s doing battle in the not so distant future. How long before the intelligence agencies obtain this tech and use it to further the pursuit of cyber weapons? No doubt they are kicking themselves right now. How many of these exploits did they secretly already have in their arsenal? This is why they were so angry about Snowden. They had Christmas in July in their pocket and Snowden revealed their capabilities to the world taking away their weapons. Before Snowden the intel agencies could hack every system on the planet and many of them had back doors built-in. The rest was a library of secret exploits that Snowden exposed only partially. Every company closed those loopholes. Secrets are only useful if they remain secret. How long before Mythos is stolen or duplicated? What will come next? Can Anthropic be trusted? After all, Claude source code was leaked in a spectacular fashion very recently.

A.I. is going to cause an exponential curve of technological advancement beyond our current ability to comprehend. We don’t even understand our own human consciousness. A.I. researchers do not even understand how it works. We are currently using existing A.I. to build new generations of A.I. as in evolutionary reproduction. Advancements in all forms of science will begin to make astounding leaps forward. Materials science, quantum mechanics, biological science, power generation, new fantastical computers, etc. Are we as a species ready for it? Or are we seeding our own destruction? Everything can be turned into a weapon, is humanity ready for it? Can we adapt that quickly? Can we overcome our violent nature? Regarding history? No we are not ready for this. Not by a long shot. We are being led by a series of autistic madmen born from chemical environmental corruption and hell bent on living forever, merging humanity with machine, and colonizing the stars. They are Humanists who want to become gods. You cannot put the genie back in the bottle once it’s been released. A.I. has escaped Pandora’s Box.

Marcus Hutchins has a somewhat more sober take on Mythos/Glasswing:

fe2e89c50cac6bc11290×1518 265 KB

So much of contemporary discourse is disempowering, it is important to proceed on the basis of concrete facts and known issues, not to diminish the potential impact of a future AI, but human agency is guiding all of this. Act in your own individual way and gain confidence through that. If the issue concerns you, do what you can do on the basis of facts. Speculations and what-ifs can be diverting but can untether you from facts and reality. The first true thing I heard about LLMs was that they are both overhyped and underestimated, I’m focussing on where they are useful - to me. There’s far too much hoo-ha out there, I wouldn’t add to it.

I hope that some non-American public and private organisations get invitations to Project Glasswing meetings. I presume that US and Allied defence organisations are also having Project Glasswing style conferences.

For anybody interested, here is a J.P. Morgan research note on Mythos (the Mary and Jamie mentioned at the beginning are at the highest level of management at JPMorganChase) :

Among many disturbing things in the report—including “the existence of
Mythos, a model with unprecedented cybersecurity capabilities, only became known due to an accidental leak from Anthropic’s own content management system.”—there is a darkly humorous incident…

An AI researcher at Anthropic was eating a sandwich in a park when he got an email from Mythos even though that instance of the model wasn’t supposed to have access to the internet. Mythos developed a multi-step exploit to gain internet access, notified the researcher by emailing them and
then essentially bragged about it on publicly accessible websites. Why? Anthropic doesn’t know for sure but suggests it was “an unasked-for effort to demonstrate its success”.

Oh that reminds me of when the tech guy for my department at the University of Michigan told me, in 1997 or so, how they couldn’t put out-of-the-box Windows machines on the network since the UM network was constantly being probed, the tech people had to install the security updates first. (I don’t recall a lot of Macs, so if he commented about Apple I don’t recall it.) I did have a NeXT box from an uncle and I left it on on the network in my dorm room all the time and it never had problems (possibly it was just too arcane to hack, but I like to think it was just too awesome).

Yes! I think it was the in the XP era, but an unpatched Windows machine back then could be compromised in less than 20 minutes merely by being put on the network. Macs were never vulnerable in that way, though back then, it probably was mostly that there were too few for the attackers to target them than that they were so much more secure.

I have a question about Glasswing and I fully state it is out of a little knowledge and a ton of ignorance, which often leads to faulty assumptions and really off-base and wrong-headed questions.

I don’t really understand how it works. Is it brute force? Does it just try everything? Is it an LLM running off a database of exploits? My confusion is that I thought … maybe networks? or machines? or please someone??? was decent at stopping brute force attacks (“too much traffic, shut that down!”). So would this work in the wild? (Or there are probably lots of nifty ways to work around throttling and having your target notice you.)

This from one of the posts here (one of Charlie Garrison’s posts), though, made me pause:

“A 16-year-old flaw in FFmpeg that had survived five million automated test runs without detection.“

Wow. So either those test runs weren’t very good (but the testers, who I assume know their stuff, thought they were) or Glasswing is really much better. (But if it’s an LLM and it does attack permutations really well, isn’t it just a larger brute force attack?)

I guess it is time to replace my old Intel-inside powerbook (11 years old or so, works fine!!!) with the newer M5 version. (I will miss the stickers on it.)

(I have been curious about this topic and am glad to see it discussed here, since trying to filter across the internet and find good sources these days is a bit overwhelming, especially when the topic is outside your area.)

To be fair, these tests were performed without any kind of firewall or NAT between the computer and the Internet.

And yes, there were (and probably still are) botnets that spend all their time looking for unprotected systems like this, waiting to pounce on anything they detect.

According to Anthropic’s press releaes, it analyzed all that code and used its intelligence to discover all those exploits.

But Anthropic has a history for scary doom-and-gloom self-serving press releases. And nobody (so far) has publicly reviewed any part of that list of vulnerabilities. So we don’t know how many are real and how many are hallucinations. And we don’t know how many of those anecdotes are fiction, written for the press release.

We saw similar self-serving press releases when Chat GPT was first announced. It didn’t result in the doomsday scenario they were strongly implying.

So, I’d say that this is something to pay attention to, but don’t freak out and don’t assume that corporate press releases are true until they’ve been reviewed by trusted independent third parties.

Here’s some support for the Mythos claims, along with an interesting point of view—security will go to those who can afford to spend enough on it.

So did they have five million experienced network engineers code test suites and run each against the code base? No, they did not.

Did they have a team design five million different test suites and run them? No, they did not.

In all likelihood, they ran a simple fuzzer against the running software for five million cycles.

That’s like trying to guess a password five million times and then saying that, because you couldn’t get it in five million guesses, anyone else who guesses it must be amazing.

I’m not impressed.

Oh! There was a bug in 300-year-old OpenBSD code!!! Well, all code has bugs.

I’m not impressed.

“We’d prove it to you if we could, but our software is JUST TOO INCREDIBLY DANGEROUS TO LET PEOPLE LIKE YOU WORK WITH IT!!!1!!”

This reminds me of all the proprietary cryptographic algorithms that were “just too good” to allow researchers to have access to the them. Spoiler: they all ended up being seriously flawed.

Maybe Mythos is everything people are ringing their hands about. Maybe it’s just another incremental step forward in exploit tools. The more I see hypetrain nonsense like “five million test suites” and “found a bug in ancient OpenBSD code” the more I think the emperor is probably wearing an off-the-rack Men’s Warehouse suit.

2026-04-15T12:58-10:00: edit to correct FreeBSD->OpenBSD

If it was all hype, wouldn’t that have been pretty easily determined already by at least one of the large companies or organizations that they’ve allowed to have access to it?

Maybe. Or maybe they had to sign NDAs to get access. Or maybe they want to confirm the reports before saying anything (it may take a long time to verify this many reports, especially if they’re not easily understood).

If this paper and the people who participated in its writing is any indication, the Mythos threat goes beyond PR-hype and hand-wringing…

+1 for link to fuzzing, since I’m not well-versed in security, have not heard of it, and am delighted to read about it at the level of that Wikipedia article!

I’m aware of at least one developer that investigated the BSD bug and found it had been patched. I consider that public verification. I also watched a conference talk by Anthropic staff demonstrating BSD flaw (bug) - I found that pretty convincing. But more than both of those; I have a friend at Anthropic who stated “cyber security landscape has radically changed” - he has no need to provide me with “corporate press-speak”.

The decades-old balance between attackers and defenders has shifted. The announcement of “GPT‑5.4‑Cyber” is likely to make that shift even more extreme. There is debate about which direction that balance has shifted, but there is no doubt that it has shifted.

If you believe the recent press-releases, the balance has shifted in favour of the defenders - I don’t believe that. I believe the attackers have access to models powerful enough to find vulnerabilities - that have that access today - they don’t need access to Mythos or GPT‑5.4‑Cyber. Those attackers are not constrained by corporate governance, delayed release cycles, etc like defenders are. The attackers can move much more quickly. And they are not just attacking personal devices; they are attacking infrastructure. Personally, I find it more than a little concerning.

It feels like there’s a difference here between open source and closed source. With closed source, only the company making the app has access to the actual source code, whereas the attackers can only interact with the public facing side of the app or system. With open source, both attackers and defenders can throw everything they have at the underlying source code to identify vulnerabilities.

Another viewpoint worth reading and supporting. In essence:

• AI has made it possible for people to “vibe-code” useful software for themselves.
• This software relies on open source code maintained for free by volunteers. (And the mega corporations also rely on such software without supporting its development, in general.)
• There has not been a security focus on this open source code that we now all rely on, leaving it vulnerable to the AI tools like Mythos and whatever bad actors are getting up to.
• Which leaves the entire internet and all the economic activity it generates at risk.
• The conclusion is that the mega corporations should financially support the groups that maintain the open source code we all rely on, in order for those coders to be able to devote the time, and maybe get access to Mythos, to find and repair security flaws before the bad actors do, or we’re all in deep do-do.

Hopefully this link will allow you to read the article from today’s NYT: https://www.nytimes.com/2026/04/15/opinion/mythos-open-souce-internet.html?unlocked_article_code=1.bVA.RRd4.0KhBN_o7p4sw&smid=url-share

• The most popular open source projects are routinely analyzed by the security community, precisely because they are used in a wide variety of popular projects. This was the case long before AI vibe-coding became a thing.
• Mega corporations do financially support and maintain the biggest and most popular open source projects. For instance, IBM is a massive contributor to the Linux kernel.

When it comes to infrastructure; it’s more nuanced than that. One of the guys I chat with is working on security in the energy sector. They (energy companies) rely on a lot of proprietary hardware, and for that reason they take the same stance - we’re relatively safe from attackers. But according to my mate (who is very concerned about their head-in-sand beliefs); what they are missing is that much of the same hardware (eg legacy micro-controllers) can be purchased on eBay for $100 - the attackers can pull it apart and prod it all day long to find the vulnerabilities. That has been true for a long time, but now the speed of finding the vulnerabilities has increased XX-fold. Attackers then create an exploit and turn their attention to the infrastructure.

This is one of the critical points of imbalance. The energy companies aren’t even paying attention to the threat, much less doing anything about it. My mate is at least speaking with Anthropic to find how “infrastructure companies” can also be come part of Project Glasswing. Thankfully Anthropic is happy to have that conversation. The difficult conversation is with management of energy companies.

Personally, I am very concerned about the real threat to the infrastructure our society depends upon; and I am very reassured that people (I know) are actively working to improve the situation.

I’m not sure that there is anymore. From the Mythos whitepaper linked in the first post:

REVERSE ENGINEERING

The above case studies exclusively evaluate the ability of Mythos Preview to find bugs in open source software. We have also found the model to be extremely capable of reverse engineering: taking a closed-source, stripped binary and reconstructing (plausible) source code for what it does. From there, we provide Mythos Preview both the reconstructed source code and the original binary, and say, “Please find vulnerabilities in this closed-source project. I’ve provided best-effort reconstructed source code, but validate against the original binary where appropriate.” We then run this agent multiple times across the repository, exactly as before.

We’ve used these capabilities to find vulnerabilities and exploits in closed-source browsers and operating systems. We have been able to use it to find, for example, remote DoS attacks that could remotely take down servers, firmware vulnerabilities that let us root smartphones, and local privilege escalation exploit chains on desktop operating systems. Because of the nature of these vulnerabilities, none have yet been patched and made public. In all cases, we follow the corresponding bug bounty program for the closed-source software and conduct our analysis entirely offline.

This isn’t directed at anyone specific, but there still seems to be a lot of doubt about some of the claims Anthropic has made about Mythos. Some people (not necessarily here, but elsewhere) still take the “I’ll believe it when I see it” route, even though many of the specific claims have already been verified, and not just in an obscure technical journal article.

For example, the NY Times article from 04/15/26 (“It’s the End of the Internet as We Know It”) that was posted earlier in this thread included this sentence, which confirms that two of the most incredible claims made for Mythos were indeed real and not PR hype (my emphasis added):

“According to Anthropic, Mythos found a 27-year-old vulnerability in OpenBSD and a 16-year-old vulnerability in FFmpeg, buried in a line of code that, Anthropic says, other automated security tools had glossed over five million times. (Both organizations say they have fixed the issues identified.)”

So why the doubters?

Both organizations said they fixed it when? After seeing the report? Or many years ago?

Is it reporting something that could legitimately be exploited of current up-to-date installations? Or is it a problem with servers running old code?

The press releases are very shy of details. And they use a lot of click-bait inflammatory language.

If you saw a press release like this discussing any other subject, you’re write it off as spam, but because it’s about computer security, everybody is panicking.

These were zero-day vulnerabilities Mythos uncovered, thus not already patched. Besides the few that were considered most serious and used as examples, there were “thousands” of others. At the time of the announcement (April 7), Anthropic said that 99% of the vulnerabilities that Mythos had uncovered remained unpatched. There is a fair amount of responsible details provided if you want to read through it, plus dozens of other follow up articles and explainers since then.

True, but they’d still have to get to the asset they were trying to compromise. Energy companies’ internal generation, transmission, and distribution computing infrastructure assets are isolated from the public internet. Not saying it’s impossible by any means, but there is a substantial barrier to executing the exploit once one is developed.

With social engineering attacks getting more common and more sophisticated, not to mention the existence of malware targeted to a specific purpose, all it takes to cause a large scale outage is a careless employee putting an infected thumb drive into a work computer.

Ugh, I must have glossed over that while reading.

I wonder if, when we get into the OS 27 cycle, we see a LOT more vulnerabilities listed in the security notes. That could be taken as evidence of Project Glasswing allowing Apple to find more vulnerabilities. But, simultaneously, I could see there being no change at all because Apple wouldn’t have to report vulnerabilities that it caught internally.

According to my mate in the industry - that is one of the core problems. That is common belief held by management, but it doesn’t match the reality. Part of his job is getting management to “wake up” the actual risks they face, rather than hold on to the stance that was only true 20 years ago.

I won’t directly quote what he shared in private chat, but gist is the “air-gapped” systems are protected by armed guards, but the systems haven’t actually been air-gapped for a long time. It’s simply a false sense of security - to make people feel better. He has mimicked real systems in the lab, and demonstrated how vulnerable those systems are. His concern is management won’t react until they see the compromise against real systems - labs are not considered evidence.

In earlier comment, I referenced a developer who validated the bug and the fix. He did so by looking at git commit logs, not chasing press releases. The fix (patch) was clearly present two days after the vulnerability was identified. Of course that doesn’t mean all currently installed versions are patched; that patch will take time to propagate out.

The patch was present two days afterward, or the patch was committed two days afterward?

If the former, then it might have been fixed before the report, maybe quite a while before. If the latter, then the report probably drove the fix.

“Five million!”

“Thousands!”

“99%… unpatched!”

These numbers are all coming straight from Anthropic.

How about this number: one. The number of CVEs directly attributable to Glasswing.

Am I shocked and horrified that some ancient NFS code (is anyone really using NFS anymore?) had a bug? No, it almost certainly has many more.

And what was the true cost of uncovering that bug? That’s something else we’ll only know if Antropic and other large model makers start disclosing the real costs of creating and operating their systems

That’s what the commit log is; when code is committed. I guess the patch could have been written weeks or even years earlier and never committed, but I doubt it.

Yes, NFS is still critical for many orgs. And the fact that it (part of the kernel) could have many more bugs is the point. Those bugs (whether specific to NFS or other parts of the OS) can now be found more quickly and reliably.

The part which I don’t believe is getting enough attention is that Opus (available to everyone) is also quite capable of finding bugs. Maybe not as capable as Mythos, but certainly capable enough to be a concern. Is Mythos “that much better” than Opus to shift the balance back in favour of defenders - maybe. But that’s assuming that all systems and companies that could be attacked are bothering employ stronger defences.

At the beginning of this thread, I mentioned Future Together where we discuss these issues along many others related to our future and how technology is shaping the changes. Join that community if you want to be part of the discussion.

The CSA folks are highly credible and do very good work. The linked piece is directed at heads of IT security, and it rings true.

Interesting. Well, your friend may have more recent information than I do. When I worked for a major southern California electric power provider, the systems definitely were air gapped, but that was over 20 years ago. I was in IT, and there was literally no way to access a generating station’s network without physically going inside the plant. No connection from the private intranet, not even a “secret back door” for us IT folk. It seems odd that energy companies would have enlarged the attack surface in the ensuing years rather than shrinking it, given the risk is even greater now than it was then, but I do not have current knowledge.

fyi:

And I don’t have first-hand knowledge. Like all industries, I suspect the security stance at various companies is different. I’m sure there are some which are still very secure (air-gapped?) 20 years later. But from what I heard, too many of them are not.

Firefox 150 contains fixes for 271 vulnerabilities found with Mythos:

That’s an interesting data point from the perspective of the “open source is better because it has a lot of eyes reviewing it” argument.

Granted, Firefox is much more complex than most commonly used open source programs, but it also has a professional core development team, and its code presumably gets more scrutiny than most open source tools.

A little peek at Mozilla’s process and use of Mythos in detecting Firefox security issues and how they “harnessed” the AI tool to work for them.

Cool. I wonder how many of these bugs were fixed by the recent 150.0.2 (May 7) and 150.0.1 (April 28) releases.

Those releases only mention 7 security fixes and none of them give attribution to Mythos. So maybe it’s too early to start seeing the fixes here.

I thought I saw somewhere that 150 might have been the majority of fixes based on the Mythos-guided coding but cannot find a reference to that. However, it makes sense that Mozilla would not be too public about high and critical vulnerabilities for a while so the user base can get caught up. I also saw that Mozilla policy is to not publicize certain internal-found issues for security, at least not for a while (hence the criticisms about Mozilla not getting CVE codes for many of the Mythos-found issues).

It was version 150. See The zero-days are numbered 

See also Behind the Scenes Hardening Firefox with Claude Mythos Preview - Mozilla Hacks - the Web developer blog

Plus also the existing topic (edited to remove self-reference after this post was moved to this thread.)

Thanks. I didn’t realize that version 150 came after these bugs were found.

According to 150’s security updates, there are 43 fixes. Three are attributed to someone using Anthropic’s Claude. Five are attributed to “the Mozilla Fuzzing Team”. The reset are attributed to individuals.

According to the Mozilla Hacks article, the three CVEs attributed to Claude are “rollup” CVEs, which altogether comprise 316 bugs - the 271 from Claude, plus many discovered by the Mozilla security team.

And now Mythos has been used to find a bug in Apple’s kernel.

An update from Anthropic about Project Glasswing.