You're Still Reading the Advisory. The Attacker Already Left.
By Sean Martin, CISSP
Lens Four — Where business, innovation, and messaging come into focus
April 14, 2026
Listen to this article, read by TAPE9
I look at the world of cybersecurity regularly through three lenses: the business operations and programs lens, the innovation and market lens, and the messaging and language lens. The fourth lens — the one that connects all three — is mine. This week, all three are pointed at the same thing.
On April 7, 2026, Anthropic announced Project Glasswing, deploying its unreleased frontier model, Claude Mythos Preview, to a coalition of 12 vetted technology and financial companies — Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks — plus roughly 40 additional organizations that build or maintain critical software infrastructure.1 The model had already identified thousands of zero-day vulnerabilities across every major operating system and web browser,1 including a 27-year-old bug in OpenBSD, a 16-year-old flaw in FFmpeg that had survived five million automated test runs, and a 17-year-old remote code execution vulnerability in FreeBSD that grants unauthenticated root access to any machine running NFS — found and exploited fully autonomously, with no human involved after the initial prompt.2
The announcement was framed as defense. The industry received it as a watershed. Both framings are accurate. Neither is sufficient.
LENS ONE — BUSINESS OPERATIONS & PROGRAMS
Who gets the intelligence first — and what does everyone else do while they're waiting?
The access architecture of Project Glasswing creates a two-tier security intelligence landscape — and most organizations are in the second tier.
The 12 founding partners are among the most well-resourced security organizations on the planet. Every one of them already operates mature vulnerability management programs, dedicated red teams, and enterprise-grade security operations centers. They received access to a model that, according to Anthropic's own Frontier Red Team assessment, developed working exploits 181 times on the Firefox 147 benchmark compared to just 2 for the prior generation model — a 90x capability leap.2 What Mythos found in a few weeks of scanning, skilled human researchers might not have found in decades.
To be precise about what Glasswing does and doesn't provide: the patches Mythos discovers will eventually benefit everyone who runs the affected software, as vulnerabilities go through coordinated disclosure and maintainers ship fixes that flow downstream to the entire ecosystem.1 A patched FreeBSD kernel helps every FreeBSD deployment on the planet. That is genuinely valuable. But the 12 partners and 40 additional organizations in the coalition get something the rest of the world doesn't: the ability to scan their own proprietary systems with Mythos, early intelligence about what's vulnerable before the patches are public, and a seat at the table where disclosure timelines are negotiated. They are hardening their own infrastructure now. Everyone else is waiting for a patch cycle they didn't set.
Meanwhile, the organizations bearing the heaviest regulatory burden for security outcomes — community hospitals, regional utilities, municipal governments, mid-market manufacturers, financial cooperatives — are waiting for safeguards that don't yet exist before Mythos-class capability reaches them directly. Anthropic has stated it will not make Mythos Preview generally available until new safety controls can be built and verified.1
That transition timeline is measured in months. The threat environment is measured in minutes. The CrowdStrike 2026 Global Threat Report documents the gap: average eCrime breakout time fell to 29 minutes in 2025 — a 65% acceleration from the prior year — with the fastest recorded breakout at 27 seconds, and data exfiltration beginning within four minutes of initial access in one documented intrusion. AI-enabled adversary attacks increased 89% year-over-year.3
The vulnerability side is equally unforgiving: 131 new CVEs published every day, the median time from disclosure to exploitation now under five days, and 28% of exploited vulnerabilities weaponized within 24 hours of disclosure.4 BeyondTrust's security team noted that AI-assisted tooling has already compressed exploitation windows to minutes — using current-generation tools already in the hands of threat actors, before Mythos existed.5 Glasswing helps the 12 scan and harden their own systems faster than any human team. But downstream patches arrive on a disclosure timeline the 12 helped set, and reach organizations on whatever patch cycle those organizations can afford to run.
Casey Ellis, CTO and founder of Bugcrowd, sharpened that point further: recent AI cyber advances have succeeded largely by living in the places the security community stopped looking a decade ago. While the industry focused on application security and vulnerability triage, attackers — and now AI tools — have been exploiting forgotten firmware and routers whose manufacturers went out of business years ago.16 "Integration into actual production becomes the battlezone. Lag is real. Bureaucracy is real. Supply chains are real."16 That's not just a critique of Glasswing. It's a description of the terrain Glasswing cannot reach — and where the organizations outside the coalition face the longest wait.
The WEF Global Cybersecurity Outlook 2026 named "widening cyber inequity" as one of its defining themes — noting that as attacks grow faster, more complex, and more unevenly distributed, organizations and governments face rising pressure to adapt amid persistent sovereignty challenges and widening capability gaps.6 That was before Glasswing. Now the gap has a specific shape: 12 organizations with early intelligence and direct scanning access, and everyone else waiting for patches to flow through a disclosure process they didn't design, on a timeline they didn't set.
Jim Zemlin of the Linux Foundation articulated the intended counterargument: advanced security capability has historically been a luxury reserved for organizations with large budgets and dedicated teams, and Project Glasswing is designed to change that by giving open-source maintainers access to these tools for free.7 That instinct is right, and the patches are real — a fixed FreeBSD kernel benefits every organization running it. But "patches will eventually flow downstream" is a different promise than "your organization can scan its own systems now." The hospital running a vulnerable NFS configuration today can't direct Mythos at its own infrastructure. It's waiting for a patch to arrive, and then waiting for its own IT team to deploy it — a team that is almost certainly not part of this coalition.
In a conversation on the Redefining CyberSecurity Podcast, Ed Skoudis — President of the SANS Technology Institute — noted that within months, AI will surpass all human vulnerability researchers combined.8 That observation reframes the Glasswing timeline entirely. The head start being offered to the 12 is not measured against where the industry is today. It's measured against where adversary AI will be in six months.
LENS TWO — INNOVATION AND MARKET
Does Project Glasswing change the game — or does it just tell us the old game is already over?
The innovation story here is not about the model. It's about what the model reveals about every framework we've been using to manage risk.
Claude Mythos Preview was not specifically trained for cybersecurity. Its vulnerability discovery capability is an emergent property of its general coding and reasoning ability.1 When a general-purpose AI can autonomously chain three, four, or five vulnerabilities into a working exploit at a cost under $2,000 and complete the work in under a day,2 the gap between "finding a bug" and "deploying a weapon" collapses. Historically, converting a known vulnerability into a working exploit took skilled researchers days to weeks. That timeline has been substantially compressed.9
This has cascading implications beyond the security stack. The 17-year-old FreeBSD NFS vulnerability Mythos found and exploited autonomously means that every enterprise running NFS-dependent workloads has been operating under a false assumption of safety for nearly two decades. That's not a security team problem. That's a board-level infrastructure assumption problem. Anthropic has disclosed that fewer than 1% of the vulnerabilities Mythos identified have been patched.2 Thousands found. The coordinated disclosure clock is running on the remainder.
This pressure lands hardest on the CVE and CVSS system — infrastructure that was never built for this pace or this pattern. Mythos chains five CVEs into a single novel exploit. CVSS scores each of those five CVEs individually. The chained risk is not the sum of five scores. It's a category the scoring system doesn't have a number for.4
NIST published a preliminary draft of its Cybersecurity Framework Profile for Artificial Intelligence — NISTIR 8596 — in December 2025, the product of a yearlong effort involving more than 6,500 contributors.12 The comment period closed January 30, 2026. Glasswing was announced April 7. The Cyber AI Profile that will eventually tell organizations how to think about AI in their security programs was built before anyone outside Anthropic knew what Mythos could do. That's not a failure of NIST. That's the pace problem made structural.
Forrester's analysis noted that nation-states have spent decades compiling zero-day stockpiles built on the assumption that finding vulnerabilities others can't find is a durable competitive advantage.13 Mythos breaks that assumption. China's 15th Five-Year Plan, unveiled in March 2026, sets ambitious AI and cybersecurity goals. Its amended Cybersecurity Law encourages AI for cybersecurity — while providing the legal foundation for restrictive information controls and surveillance.14 The same capability race Anthropic is trying to get ahead of defensively is being run offensively by state actors under no such constraints.
The 12 Glasswing partners are all US and Western companies. The WEF GCO 2026 found that confidence in national cyber response varies from 84% in the Middle East and North Africa to just 13% in Latin America and the Caribbean.6 Those regions are running the same vulnerable software. They are not in the coalition.
LENS THREE — LANGUAGE AND MESSAGING
What does it mean when the most important security announcement in years is also a $30B revenue milestone?
The language of Glasswing is the language of urgency, equity, and defense. The structure of Glasswing is something more complicated.
The messaging around Project Glasswing is carefully constructed and largely sincere. Anthropic published a 244-page System Card for a model it isn't releasing — an act of transparency with no precedent in the commercial AI industry.2 The company disclosed that in rare interactions, earlier versions of Mythos took actions they appeared to recognize as disallowed and then attempted to conceal them.2 It disclosed that Mythos had been used in an autonomous Chinese state-sponsored espionage campaign that achieved 80–90% autonomous tactical execution across approximately 30 targets.10 This is not the behavior of an organization trying to hide the ball.
And yet: the same day Anthropic announced Glasswing, it disclosed annualized revenue exceeding $30 billion — up from roughly $9 billion at the end of 2025 — along with a multi-gigawatt compute deal with Google and Broadcom, and reports the company is evaluating an IPO as early as October 2026.10 Both the altruism and the commercial timing are real. That's precisely what makes the messaging worth examining.
The "equity" framing deserves scrutiny. Free access for open-source maintainers to scan their code is not the same as free access for every organization that depends on that code to triage, patch, and respond at machine speed. The open-source code gets better. The patch deployment lag in organizations that can't afford Glasswing-tier tooling does not. Picus Security's analysis identified the core tension: Glasswing addresses the discovery problem. It does not address the remediation problem.18 Those are different problems with different resource requirements.
The 90-day disclosure window was designed around human-speed discovery. Mythos finds thousands of vulnerabilities in weeks. Anthropic has committed to a maximum 135-day window on its own disclosures.11 But the average patch deployment timeline for resource-constrained organizations is currently 20 days from disclosure.4 When a Mythos-class model reaches adversaries — credible estimates say months, not years10 — that 20-day lag may already sit inside the exploitation window.
Logan Graham, Anthropic's frontier red team lead, said it plainly: "The real message is that this is not about the model or Anthropic. We need to prepare now for a world where these capabilities are broadly available in 6, 12, 24 months. Many of the assumptions we've built the modern security paradigms on might break."15 That is the most important sentence in the entire Glasswing announcement. And it gets the least airtime.
BETWEEN THE LENSES
If the intelligence gap is real — who bridges it, and at what cost?
The coalition sets the timeline. Everyone else works within it.
The three-lens view of Project Glasswing produces a single, coherent picture: a genuine capability leap being deployed through a structure that concentrates early intelligence among the organizations least likely to need it most urgently. The 12 partners will harden their own systems and scan their own infrastructure with capabilities no one else can access yet. The open-source patches they help generate will flow downstream to everyone — and that matters. But the organizations most exposed to what Mythos enables will receive those patches on a timeline the coalition set, and deploy them on whatever patch cycle they can afford. The frameworks they rely on to manage risk were built on assumptions this model just broke, and no one asked them whether those assumptions still held.
THE FOURTH LENS
When AI can find every lock and build every key, who decided that early intelligence belongs only to those who were already at the table?
Project Glasswing is a head start for the organizations already at the front. The patches it generates will eventually reach everyone. But "eventually" is doing a lot of work in that sentence — and the gap between early intelligence and downstream patch availability is exactly where the exploitation window lives.
The CVE system was built on a human-speed assumption: that finding a vulnerability, scoring it, and disclosing it responsibly takes weeks. CVSS was built on a single-flaw assumption: that risk can be scored one bug at a time. NIST's frameworks were built on a governance-speed assumption: that organizations have months to absorb guidance and adapt their programs. Every one of those assumptions was already under pressure before Glasswing. Now they're under pressure from a model that chains five CVEs into a novel exploit in under 24 hours, at a cost that fits in a mid-tier penetration testing budget.
The organizations inside the coalition are now operating with fundamentally different intelligence than the organizations outside it. Not better tools, eventually democratized. Better intelligence, today — about the specific vulnerabilities in the specific code that runs the world's infrastructure — plus the ability to scan their own proprietary systems before anyone else knows what's in them. The 135-day maximum disclosure window means that by the time some of those vulnerabilities become public, the patch deployment timeline for a resource-constrained hospital or regional utility — averaging 20 days from disclosure to patching under current conditions4 — may already be inside the exploitation window.
The accountability question doesn't sit cleanly in one place. It sits in the gap between Anthropic's disclosure timeline, the partner organizations' infrastructure priorities, the standards bodies' governance pace, and the organizations that simply weren't in the room. That gap is not a product of bad intent. It is a product of a capability leap that arrived faster than any coordination structure was designed to absorb.
What the industry needs to be asking right now: Are the 90-day disclosure windows, CVSS scoring rubrics, and NIST framework update cycles being stress-tested against Mythos-class discovery velocity? Are the organizations bearing the most regulatory accountability for security outcomes — healthcare, critical infrastructure, financial services outside the top tier — being engaged in parallel with the 12 partners, not sequentially? And when the next model crosses this threshold — which every credible estimate says is months away — will the answer to "who gets the defense first" still be determined by who was already at the table?
A joint briefing published April 12 by the Cloud Security Alliance CISO Community, SANS, and the OWASP GenAI Security Project — involving more than 250 named CISOs and practitioners — concluded that in the near term, security organizations are "likely to be overwhelmed" by threat actors using AI to find and exploit vulnerabilities faster than defenders can patch them.17 The briefing recommends that organizations re-evaluate risk tolerance for operational downtime, prepare for staff burnout from disclosure volume that will "exceed anything we have experienced before," and begin building toward what they call a "Mythos-ready" security program.17 That is arguably the clearest practitioner signal yet that the gap between the coalition and everyone else is operational, not theoretical.
The glasswing butterfly's transparent wings let it hide in plain sight. The vulnerabilities Mythos finds are like that — invisible until suddenly, unavoidably visible. What Project Glasswing has made visible is not just the vulnerabilities in the code. It's the vulnerabilities in the system we built to manage them.
Explore more at seanmartin.com.
Topics Covered in This Analysis
Project Glasswing, Claude Mythos Preview, Anthropic, AI vulnerability discovery, zero-day vulnerabilities, CVE system, CVSS scoring, NIST Cybersecurity Framework, NIST IR 8596, Cyber AI Profile, responsible disclosure, 90-day disclosure window, CrowdStrike 2026 Global Threat Report, WEF Global Cybersecurity Outlook 2026, cyber inequity, open-source security, Linux Foundation, Alpha-Omega, OpenSSF, FreeBSD, OpenBSD, FFmpeg, NFS vulnerability, exploit chaining, autonomous AI exploitation, breakout time, eCrime, nation-state cyber threats, China cybersecurity, Anthropic DoD dispute, frontier AI models, AI safety, dual-use AI, CISO, security program management, vulnerability management, patch management, cyber insurance, critical infrastructure security, healthcare cybersecurity, AI governance, agentic AI security, Casey Ellis, Bugcrowd, Ed Skoudis, SANS Technology Institute, Cloud Security Alliance, OWASP, Sean Martin, ITSPmagazine, Redefining CyberSecurity Podcast, Lens Four
Frequently Asked Questions
What is Project Glasswing and who does it actually protect?
Project Glasswing is Anthropic's initiative to deploy its unreleased Claude Mythos Preview model to 12 major technology and financial partners — plus roughly 40 additional organizations — for defensive security work. The patches it produces flow downstream to everyone through coordinated disclosure. But the coalition partners also get something the rest of the world doesn't: the ability to scan their own proprietary systems now, early intelligence before patches are public, and influence over disclosure timelines.
Why does the CVE and CVSS system struggle with Mythos-class AI vulnerability discovery?
CVE and CVSS were built on single-flaw, human-speed assumptions: one vulnerability found, scored, and disclosed over weeks. Mythos autonomously chains three to five CVEs into a novel exploit in under 24 hours. The chained risk is not the sum of individual CVSS scores — it's a category the scoring system has no number for. The volume and velocity of AI-discovered vulnerabilities also stress the 90-day disclosure window, which was designed for human-pace discovery, not thousands of findings per month.
What is the intelligence asymmetry created by Project Glasswing?
The coalition partners can direct Mythos at their own proprietary infrastructure today, learning what's vulnerable before patches are public and before adversaries know what to look for. Organizations outside the coalition receive the same patches eventually — but on a timeline they didn't set, after a window during which the coalition has already hardened their own systems.
How does the 135-day disclosure window affect organizations outside the coalition?
Anthropic has committed to disclosing vulnerability details no later than 90 days plus 45 days after reporting to the affected party. The average patch deployment timeline for under-resourced organizations is currently around 20 days from public disclosure. Depending on where that window falls relative to adversary capability proliferation — which credible estimates place at months away for Mythos-class tools — those 20 days may already sit inside the exploitation window.
What should organizations outside the Glasswing coalition do right now?
The Cloud Security Alliance, SANS, and OWASP GenAI Security Project's April 2026 joint briefing recommends: shorten patch cycles, enable auto-updates where possible, treat CVE-tagged dependency updates as urgent, run tabletop exercises for multiple simultaneous high-severity incidents, invest in automated remediation pipelines, and begin building toward AI-augmented vulnerability discovery within your own security operations. The briefing frames this as building a "Mythos-ready" security posture — preparing for the world where these capabilities are broadly available to adversaries within months.
References
1. Anthropic, "Project Glasswing: Securing critical software for the AI era," April 7, 2026. anthropic.com/glasswing
2. Anthropic Frontier Red Team, "Claude Mythos Preview," April 7, 2026. red.anthropic.com
3. CrowdStrike, "2026 Global Threat Report," February 24, 2026. crowdstrike.com
4. Security Boulevard, "46 Vulnerability Statistics 2026," March 2026. securityboulevard.com
5. Security Magazine, "What Are Security Experts Saying About Claude Mythos and Project Glasswing?" April 10, 2026. securitymagazine.com
6. World Economic Forum, "Global Cybersecurity Outlook 2026," January 12, 2026. weforum.org
7. Linux Foundation, "Introducing Project Glasswing," April 7, 2026. linuxfoundation.org
8. Redefining CyberSecurity Podcast with Ed Skoudis, President, SANS Technology Institute. redefiningcybersecuritypodcast.com
9. Help Net Security, "Anthropic's new AI model finds and exploits zero-days," April 8, 2026. helpnetsecurity.com
10. VentureBeat, "Anthropic says its most powerful AI cyber model is too dangerous to release," April 7, 2026. venturebeat.com
11. TechInformed, "Anthropic launches Project Glasswing," April 7, 2026. techinformed.com
12. NIST, "NISTIR 8596 (Preliminary Draft): Cybersecurity Framework Profile for Artificial Intelligence," December 16, 2025. csrc.nist.gov
13. Forrester, "Project Glasswing: The 10 Consequences Nobody's Writing About Yet," April 10, 2026. forrester.com
14. The Diplomat, "The Global Implications of China's 5-Year Plan AI Ambitions," March 2026. thediplomat.com
15. Logan Graham, Anthropic Frontier Red Team Lead, via The News, April 2026. thenews.com.pk
16. CyberScoop, "Here's how cyber heavyweights in the US and UK are dealing with Claude Mythos," April 13, 2026. cyberscoop.com
17. Cloud Security Alliance CISO Community / SANS / OWASP GenAI Security Project, "The AI Vulnerability Storm: Building a Mythos-ready Security Program" (Draft), April 12, 2026. labs.cloudsecurityalliance.org
18. Picus Security, "The Glasswing Paradox: The Thing That Can Break Everything Is Also The Thing That Fixes Everything," April 8, 2026. picussecurity.com
About the Author
Sean Martin is a cybersecurity market analyst, content strategist, and advisor with 30+ years across engineering, product development, marketing, and media. Co-founder of ITSPmagazine and Studio C60, host of the Redefining CyberSecurity Podcast and the Music Evolves Podcast. Sean works with CISOs and security leaders, vendors and service providers, go-to-market and marketing teams, and analyst firms to connect technology operations and cybersecurity programs to business outcomes. Connect at seanmartin.com.
Subscribe to Lens Four — Where business, innovation, and messaging come into focus.
