Claude Mythos Found Thousands of Zero-Days in Major OS and Browsers
Anthropic unveiled Project Glasswing. The cybersecurity-focused Claude Mythos automatically discovered thousands of zero-day vulnerabilities in major operating systems and browsers. Access is currently limited to select security researchers, setting a new standard for AI-powered vulnerability detection.
Claude Mythos is a fine-tuned model specialized in vulnerability analysis and exploit comprehension. It handles security-related queries in a research context that general Claude would decline.
Q. Have the discovered zero-days already been exploited?
Anthropic privately disclosed the findings to the affected vendors (Google, Apple, the Linux Foundation, etc.) immediately upon discovery. No public disclosure was made before patches were issued.
Q. Isn't it dangerous for AI to find zero-days?
The dilemma is that attackers can use the same AI. Anthropic decided to go public on the logic that defenders need to know first. Honestly, there's no perfect answer. Defenders using it first is the least-bad option.
Q. Do competitors like OpenAI or Google have similar projects?
Google Project Zero is running AI-assisted vulnerability research. OpenAI has not announced an official project in this area yet.
Conclusion
AI finding zero-days is no longer an experiment. Thousands have already been discovered and patches are in progress. The speed of security research has fundamentally changed.
The next problem is bigger. Where will Glasswing-level capability surface next, and whose hands will it end up in? Defenders using it first versus attackers using it first — that gap will define the security landscape going forward. Delaying patches now is far more dangerous than it used to be.
· Anthropic — Project Glasswing Official Announcement
· Anthropic — Claude Mythos Model Introduction
The figures and details in this article are based on Anthropic's official announcements. Updates made after the announcement may not be reflected.
Last updated: April 2026