The Clock is Ticking

Anthropic locked its model away. The next lab won't.

Anthropic’s newest AI model identified thousands of security vulnerabilities across every major operating system and every major web browser that would let an attacker seize control of systems, access data, or shut operations down.

One LLM can comb through billions of lines of code, some decades old, and now find all the flaws at once.

Claude Mythos Preview wasn’t explicitly designed to have this capability. It emerged from the same improvements in reasoning and code that every AI lab is pursuing right now.

Anthropic took the extraordinary step of refusing to release it—because in the wrong hands, the capability that finds vulnerabilities can exploit them. Instead, the company is partnering with companies, racing to find and patch flaws in enterprise software before other frontier models come online with the same capability.

That window is measured in months, not years.

The vulnerabilities are in the foundational infrastructure underneath everything: the operating systems, browsers, databases, and code libraries that every business, every federal agency, every hospital system, every financial institution depends on. This includes the software companies have built or inherited themselves: legacy applications that haven’t been touched in years, acquired systems whose original architects are all long gone. All of it is exploitable.

What does this exposure actually look like?

Financial systems process trillions in daily transactions on software now known to be exploitable at scale. Last week, Treasury Secretary Bessent and Fed Chair Powell called CEOs from Citigroup, Morgan Stanley, Bank of America, Wells Fargo, and Goldman Sachs into an emergency meeting. They warned the banks not because they are uniquely vulnerable but because they’re systemically important. If the financial system breaks, everything downstream breaks with it.

Hospital systems run MRI machines, infusion pumps, and patient monitoring systems on embedded software that in some cases can’t be without taking the device offline—systems that also control protected patient data. A vulnerability in that software isn’t a data breach. It’s potentially a patient safety crisis.

Law firms hold client privilege on servers running the same operating systems that Mythos found flaws in. A breach doesn’t just expose documents; it can unilaterally waive privilege across everything stored in the compromised system.

Manufacturers run production lines on industrial control systems with software that predates the smartphone. The equipment works, so nobody touches the code. That is exactly the kind of legacy exposure Anthropic flagged as the highest risk.

Government agencies at the federal, state, and local levels, run on the same foundational software as the private sector, but in many cases, older versions of it. Government IT modernization has been chronically underfunded for decades. If enterprise software is exposed, government systems are more exposed.

Every company’s software was built over decades by thousands of different hands. Some of those developers are long gone. Nobody has complete blueprints. There are dependencies buried in the foundation that predate the current leadership team. The flaws were always there.

What changed is that a single model can now find all of them at once.

Some of what Mythos found had been hiding in plain sight for decades:

• A 27-year-old vulnerability in an operating system used to run firewalls and critical network infrastructure — a system known specifically for its security. The flaw would let an attacker remotely crash any machine running it.

• A 16-year-old vulnerability in video processing software that nearly every streaming service and media platform depends on. Every human reviewer and every automated scanner missed it since 2010.

• A 17-year-old flaw that gave an attacker full remote control of a server — no login credentials required, no human involvement after the initial prompt.

If decades of expert review couldn’t find these, the old playbook for cybersecurity isn’t going to hold.

The clock is ticking.

Anthropic saw what’s coming clearly enough that they have refused to release Mythos and are racing to use it defensively instead. Other frontier models are on the same trajectory. Anthropic’s red team lead said publicly that other AI labs are 6 to 18 months from reaching the same capability. When those models arrive — from responsible labs or otherwise — they’ll find the same vulnerabilities in the same software. The window to patch them is now.

Project Glasswing

Anthropic has launched Project Glasswing — a coalition with AWS, Apple, Microsoft, Google, CrowdStrike, Palo Alto Networks, and about 40 other companies — to find and fix these software flaws before the window closes. They’re backing it with $100 million in usage credits and $4 million in direct donations to open-source security organizations.

The deadline isn’t midnight on a specific date. It’s whenever the next lab releases a model with the same capability. You won’t know you missed it until something breaks.

The response is already starting to look like the early phase of a pandemic — government convening the private sector, industries that don’t normally coordinate discovering they share the same exposure, organizations realizing their internal processes aren’t built for the speed this requires.

Y2K is the closest yet imperfect structural parallel — and the reason it’s useful is because people forget what actually happened. The lights stayed on because companies spent an estimated $100 billion in the U.S. alone finding and fixing every two-digit date field in software before midnight January 1, 2000. But those flaws were systematic and identifiable. These are deeply buried, wildly varied, and in some cases so subtle that 27 years of expert review missed them. And unlike Y2K, we’re racing against an unknown clock.

What companies should be doing now.

This isn’t a problem you solve by buying a product. It’s an operational readiness challenge.

Operate at machine speed. The window between a vulnerability being disclosed and a working exploit being available just collapsed from weeks to hours. If your patching cadence is monthly or quarterly, that’s not a process gap — it’s an open door.

Inventory your legacy exposure. Software you’ve acquired, inherited, or aren’t actively maintaining is now findable and exploitable at scale. Every company has systems that “just work” and nobody touches. Those are the ones to worry about first. If you don’t have a complete inventory, that’s the first call to make Monday morning.

Ensure you’re testing your systems against AI-augmented vulnerability discovery. Every vulnerability Mythos found is one existing cybersecurity tools missed. If you're not systematically testing your software and cloud infrastructure against this capability, your security posture is already obsolete.

Prepare your incident response for volume. The number of disclosed vulnerabilities is about to increase dramatically. Most companies are built to handle a few critical reports at a time, not dozens in a compressed window. If your response process depends on manual triage, it will be overwhelmed.

Start using current AI models for defensive security audits. Publicly available frontier models can already identify many of these vulnerabilities. Companies that aren’t running AI-assisted security reviews on their own code are leaving flaws on the table that attackers will find first.

Revisit your crisis and emergency operations plans. If you have one, stress-test it against this scenario. If you don’t, the timeline to build one just got shorter.

This isn’t a cybersecurity story. It’s a leadership readiness story. The scope is massive. The speed of the response has to be something we haven’t seen since the pandemic. The difference is this time, we don’t get to look back and say nobody warned us.