Oh that reminds me of when the tech guy for my department at the University of Michigan told me, in 1997 or so, how they couldn’t put out-of-the-box Windows machines on the network since the UM network was constantly being probed, the tech people had to install the security updates first. (I don’t recall a lot of Macs, so if he commented about Apple I don’t recall it.) I did have a NeXT box from an uncle and I left it on on the network in my dorm room all the time and it never had problems (possibly it was just too arcane to hack, but I like to think it was just too awesome).
1 Like
Yes! I think it was the in the XP era, but an unpatched Windows machine back then could be compromised in less than 20 minutes merely by being put on the network. Macs were never vulnerable in that way, though back then, it probably was mostly that there were too few for the attackers to target them than that they were so much more secure.
1 Like
I have a question about Glasswing and I fully state it is out of a little knowledge and a ton of ignorance, which often leads to faulty assumptions and really off-base and wrong-headed questions.
I don’t really understand how it works. Is it brute force? Does it just try everything? Is it an LLM running off a database of exploits? My confusion is that I thought … maybe networks? or machines? or please someone??? was decent at stopping brute force attacks (“too much traffic, shut that down!”). So would this work in the wild? (Or there are probably lots of nifty ways to work around throttling and having your target notice you.)
This from one of the posts here (one of Charlie Garrison’s posts), though, made me pause:
“A 16-year-old flaw in FFmpeg that had survived five million automated test runs without detection.“
Wow. So either those test runs weren’t very good (but the testers, who I assume know their stuff, thought they were) or Glasswing is really much better. (But if it’s an LLM and it does attack permutations really well, isn’t it just a larger brute force attack?)
I guess it is time to replace my old Intel-inside powerbook (11 years old or so, works fine!!!) with the newer M5 version. (I will miss the stickers on it.)
(I have been curious about this topic and am glad to see it discussed here, since trying to filter across the internet and find good sources these days is a bit overwhelming, especially when the topic is outside your area.)
1 Like
To be fair, these tests were performed without any kind of firewall or NAT between the computer and the Internet.
And yes, there were (and probably still are) botnets that spend all their time looking for unprotected systems like this, waiting to pounce on anything they detect.
According to Anthropic’s press releaes, it analyzed all that code and used its intelligence to discover all those exploits.
But Anthropic has a history for scary doom-and-gloom self-serving press releases. And nobody (so far) has publicly reviewed any part of that list of vulnerabilities. So we don’t know how many are real and how many are hallucinations. And we don’t know how many of those anecdotes are fiction, written for the press release.
We saw similar self-serving press releases when Chat GPT was first announced. It didn’t result in the doomsday scenario they were strongly implying.
So, I’d say that this is something to pay attention to, but don’t freak out and don’t assume that corporate press releases are true until they’ve been reviewed by trusted independent third parties.
2 Likes
Here’s some support for the Mythos claims, along with an interesting point of view—security will go to those who can afford to spend enough on it.
So did they have five million experienced network engineers code test suites and run each against the code base? No, they did not.
Did they have a team design five million different test suites and run them? No, they did not.
In all likelihood, they ran a simple fuzzer against the running software for five million cycles.
That’s like trying to guess a password five million times and then saying that, because you couldn’t get it in five million guesses, anyone else who guesses it must be amazing.
I’m not impressed.
Oh! There was a bug in 300-year-old OpenBSD code!!! Well, all code has bugs.
I’m not impressed.
“We’d prove it to you if we could, but our software is JUST TOO INCREDIBLY DANGEROUS TO LET PEOPLE LIKE YOU WORK WITH IT!!!1!!”
This reminds me of all the proprietary cryptographic algorithms that were “just too good” to allow researchers to have access to the them. Spoiler: they all ended up being seriously flawed.
Maybe Mythos is everything people are ringing their hands about. Maybe it’s just another incremental step forward in exploit tools. The more I see hypetrain nonsense like “five million test suites” and “found a bug in ancient OpenBSD code” the more I think the emperor is probably wearing an off-the-rack Men’s Warehouse suit.
2026-04-15T12:58-10:00: edit to correct FreeBSD->OpenBSD
3 Likes
If it was all hype, wouldn’t that have been pretty easily determined already by at least one of the large companies or organizations that they’ve allowed to have access to it?
Maybe. Or maybe they had to sign NDAs to get access. Or maybe they want to confirm the reports before saying anything (it may take a long time to verify this many reports, especially if they’re not easily understood).
1 Like
If this paper and the people who participated in its writing is any indication, the Mythos threat goes beyond PR-hype and hand-wringing…
+1 for link to fuzzing, since I’m not well-versed in security, have not heard of it, and am delighted to read about it at the level of that Wikipedia article!
I’m aware of at least one developer that investigated the BSD bug and found it had been patched. I consider that public verification. I also watched a conference talk by Anthropic staff demonstrating BSD flaw (bug) - I found that pretty convincing. But more than both of those; I have a friend at Anthropic who stated “cyber security landscape has radically changed” - he has no need to provide me with “corporate press-speak”.
The decades-old balance between attackers and defenders has shifted. The announcement of “GPT‑5.4‑Cyber” is likely to make that shift even more extreme. There is debate about which direction that balance has shifted, but there is no doubt that it has shifted.
If you believe the recent press-releases, the balance has shifted in favour of the defenders - I don’t believe that. I believe the attackers have access to models powerful enough to find vulnerabilities - that have that access today - they don’t need access to Mythos or GPT‑5.4‑Cyber. Those attackers are not constrained by corporate governance, delayed release cycles, etc like defenders are. The attackers can move much more quickly. And they are not just attacking personal devices; they are attacking infrastructure. Personally, I find it more than a little concerning. 
It feels like there’s a difference here between open source and closed source. With closed source, only the company making the app has access to the actual source code, whereas the attackers can only interact with the public facing side of the app or system. With open source, both attackers and defenders can throw everything they have at the underlying source code to identify vulnerabilities.
2 Likes
Another viewpoint worth reading and supporting. In essence:
- AI has made it possible for people to “vibe-code” useful software for themselves.
- This software relies on open source code maintained for free by volunteers. (And the mega corporations also rely on such software without supporting its development, in general.)
- There has not been a security focus on this open source code that we now all rely on, leaving it vulnerable to the AI tools like Mythos and whatever bad actors are getting up to.
- Which leaves the entire internet and all the economic activity it generates at risk.
- The conclusion is that the mega corporations should financially support the groups that maintain the open source code we all rely on, in order for those coders to be able to devote the time, and maybe get access to Mythos, to find and repair security flaws before the bad actors do, or we’re all in deep do-do.
Hopefully this link will allow you to read the article from today’s NYT: https://www.nytimes.com/2026/04/15/opinion/mythos-open-souce-internet.html?unlocked_article_code=1.bVA.RRd4.0KhBN_o7p4sw&smid=url-share
- The most popular open source projects are routinely analyzed by the security community, precisely because they are used in a wide variety of popular projects. This was the case long before AI vibe-coding became a thing.
- Mega corporations do financially support and maintain the biggest and most popular open source projects. For instance, IBM is a massive contributor to the Linux kernel.
2 Likes
When it comes to infrastructure; it’s more nuanced than that. One of the guys I chat with is working on security in the energy sector. They (energy companies) rely on a lot of proprietary hardware, and for that reason they take the same stance - we’re relatively safe from attackers. But according to my mate (who is very concerned about their head-in-sand beliefs); what they are missing is that much of the same hardware (eg legacy micro-controllers) can be purchased on eBay for $100 - the attackers can pull it apart and prod it all day long to find the vulnerabilities. That has been true for a long time, but now the speed of finding the vulnerabilities has increased XX-fold. Attackers then create an exploit and turn their attention to the infrastructure.
This is one of the critical points of imbalance. The energy companies aren’t even paying attention to the threat, much less doing anything about it. My mate is at least speaking with Anthropic to find how “infrastructure companies” can also be come part of Project Glasswing. Thankfully Anthropic is happy to have that conversation. The difficult conversation is with management of energy companies.
Personally, I am very concerned about the real threat to the infrastructure our society depends upon; and I am very reassured that people (I know) are actively working to improve the situation.
2 Likes
I’m not sure that there is anymore. From the Mythos whitepaper linked in the first post:
REVERSE ENGINEERING
The above case studies exclusively evaluate the ability of Mythos Preview to find bugs in open source software. We have also found the model to be extremely capable of reverse engineering: taking a closed-source, stripped binary and reconstructing (plausible) source code for what it does. From there, we provide Mythos Preview both the reconstructed source code and the original binary, and say, “Please find vulnerabilities in this closed-source project. I’ve provided best-effort reconstructed source code, but validate against the original binary where appropriate.” We then run this agent multiple times across the repository, exactly as before.
We’ve used these capabilities to find vulnerabilities and exploits in closed-source browsers and operating systems. We have been able to use it to find, for example, remote DoS attacks that could remotely take down servers, firmware vulnerabilities that let us root smartphones, and local privilege escalation exploit chains on desktop operating systems. Because of the nature of these vulnerabilities, none have yet been patched and made public. In all cases, we follow the corresponding bug bounty program for the closed-source software and conduct our analysis entirely offline.
This isn’t directed at anyone specific, but there still seems to be a lot of doubt about some of the claims Anthropic has made about Mythos. Some people (not necessarily here, but elsewhere) still take the “I’ll believe it when I see it” route, even though many of the specific claims have already been verified, and not just in an obscure technical journal article.
For example, the NY Times article from 04/15/26 (“It’s the End of the Internet as We Know It”) that was posted earlier in this thread included this sentence, which confirms that two of the most incredible claims made for Mythos were indeed real and not PR hype (my emphasis added):
“According to Anthropic, Mythos found a 27-year-old vulnerability in OpenBSD and a 16-year-old vulnerability in FFmpeg, buried in a line of code that, Anthropic says, other automated security tools had glossed over five million times. (Both organizations say they have fixed the issues identified.)”
So why the doubters?
Both organizations said they fixed it when? After seeing the report? Or many years ago?
Is it reporting something that could legitimately be exploited of current up-to-date installations? Or is it a problem with servers running old code?
The press releases are very shy of details. And they use a lot of click-bait inflammatory language.
If you saw a press release like this discussing any other subject, you’re write it off as spam, but because it’s about computer security, everybody is panicking.
1 Like
These were zero-day vulnerabilities Mythos uncovered, thus not already patched. Besides the few that were considered most serious and used as examples, there were “thousands” of others. At the time of the announcement (April 7), Anthropic said that 99% of the vulnerabilities that Mythos had uncovered remained unpatched. There is a fair amount of responsible details provided if you want to read through it, plus dozens of other follow up articles and explainers since then.
True, but they’d still have to get to the asset they were trying to compromise. Energy companies’ internal generation, transmission, and distribution computing infrastructure assets are isolated from the public internet. Not saying it’s impossible by any means, but there is a substantial barrier to executing the exploit once one is developed.