By Anthropic’s recent decision to withhold its newest AI model, Claude Mythos Preview, from the public signals a terrifying new reality: AI can now find and exploit decades-old software vulnerabilities faster than humans can patch them.
While Anthropic has shared this tool—alongside $100 million in usage credits—with 50 corporate giants like Apple, Google, and JPMorgan Chase under the defensive “Project Glasswing” initiative, the rest of the internet remains dangerously exposed. Other labs will likely develop similar capabilities within six to 18 months, meaning the threat is about to go mainstream.
The End of the “Détente” For decades, internet security relied on a fragile détente built on scarcity: writing software was difficult, and finding the bugs hidden inside it was equally hard. AI has shattered both of these barriers, leaving two major groups highly vulnerable:
- The “Vibe Coders”: Everyday professionals—dentists, shop owners, and nonprofit directors—are now using AI to generate custom software using simple text descriptions. While empowering, these apps are created without expert security reviews, leaving customer data and systems wide open to newly weaponized AI attacks.
- The Open-Source Backbone: Most of the internet relies on free, open-source software maintained by unpaid volunteers. These veteran programmers keep critical infrastructure running but lack the financial backing, security teams, and access to tools like Mythos to defend against AI-powered threats.
The Power of Mythos in Action To understand the scale of this threat, look at what Mythos uncovered in highly respected, battle-tested software:
- It found a 27-year-old vulnerability in OpenBSD, an operating system famous for its security.
- It discovered a 16-year-old flaw in FFmpeg (a core video streaming tool) that previous automated security scanners missed five million times.
- When tested against the Firefox web browser, Mythos weaponized known bugs with near-perfect success, whereas previous AI models almost always failed.
How We Fix It Anthropic deserves credit for slowing down its release and pledging $4 million to open-source security organizations. However, a much larger systemic shift is required to prevent bad actors from shutting down hospitals, compromising government networks, or taking over small business platforms.
- Equip the Defenders: AI companies must put advanced models like Mythos directly into the hands of the unpaid open-source maintainers who keep the internet functioning.
- Pay the Toll: Every tech giant that builds its fortunes on open-source code must actively invest funding, engineering time, and security expertise back into those projects.
- Make Security the Default: For the millions of new “vibe coders,” security cannot be a premium add-on. AI tools that generate code must be engineered to automatically secure that code by default.
The flaws in our digital infrastructure are now visible. The creators are everywhere. The only question left is whether we will protect all of them, or just the corporations wealthy enough to protect themselves.