Anthropic recently unveiled Project Glasswing =[1]. They built an AI model capable of finding and exploiting zero-day vulnerabilities in every major operating system and browser, decided it was too dangerous to release, and gave restricted access to Apple, Microsoft, Google, Amazon, and about 40 other organizations to scan and patch critical software before comparable capabilities reach adversaries.
The industry responded. Five distinct conversations emerged. Every one of them matters.
None of them addresses the question that matters most to the organizations I spend my days defending.
The Head Start Conversation
Alex Stamos, now at Corridor, estimated the industry has roughly six months before open-weight models match Mythos in bug-finding capability [2]. At that point, every ransomware operator can find and weaponize vulnerabilities without elite skills, at minimal cost, with no traces for law enforcement to follow.
Cisco's Anthony Grieco said AI capabilities have crossed a threshold that changes the urgency required to protect critical infrastructure, and there is no going back [1]. The trajectory is visible in Sergej Epp's Zero Day Clock: median time from vulnerability disclosure to confirmed exploitation dropped from 771 days in 2018 to 20 hours in 2026 [10]. The framing across most of the coverage is: defenders have a temporary window, use it.
The Finding-is-not-Fixing Conversation
Picus Security observed that fewer than 1 percent of the vulnerabilities Mythos discovered have been patched [3]. Their CTO Volkan Erturk put it directly: defenders work at calendar speed while attackers operate at machine speed [3]. Adding more findings to an already overloaded remediation process does not, by itself, solve anything.
IANS Faculty noted that the constraint is not generating patches but deploying them to infrastructure that organizations cannot touch, take offline, or modify without executive approval and cross-functional coordination [4].
The power centralization conversation. Kelsey Piper pointed out that a private company now holds zero-day exploits for almost every major software project [2]. Casey Newton at Platformer named the paradox at the center of Glasswing: the only way to protect us from dangerous AI models is to build them first [2]. Anthropic controls both the threat and the proposed solution, in an environment with minimal regulatory oversight. The governance questions are real, and they are largely unanswered.
The Secure-by-Design Conversation
Jen Easterly argued that Glasswing signals the beginning of the end of cybersecurity as we know it, building on her thesis that AI will fix the flawed software that created the cybersecurity industry [5]. Phil Venables, former Google CISO, said he is short-term pessimistic but long-term optimistic about AI's impact on security [6].
Anthropic frames Glasswing as moving security to the point of creation [1]. The market failure Easterly identifies is real, but framing the cybersecurity problem as approaching resolution gives leadership a permission structure for deferral, and the adversaries operating right now are not waiting for anyone to fix the global codebase.
The Maintainer Crisis Conversation
Greg Kroah-Hartman of the Linux kernel said the world switched about a month ago, from AI-generated slop to real, high-quality vulnerability reports [7]. Daniel Stenberg, who maintains curl, went from shutting down his bug bounty program in January because of AI-generated noise to crediting AI tools with helping fix over 100 real bugs [8]. He is now spending hours per day on AI-generated reports [7]. He also noted that many critical open-source projects were left out of Glasswing entirely [7].
Who Is Not in the Room
Every one of those conversations is happening among people with the resources and the proximity to act on it. Glasswing partners are the largest technology companies on earth. The researchers driving the discourse are elite practitioners and former CISOs at organizations with dedicated security programs and direct lines to Anthropic.
The organizations I work with every day are not in that room. Mid-market companies. Critical infrastructure operators. Organizations in the supply chain that connect to, depend on, or provide services to the enterprises that are in Glasswing.
Wendy Nather called them organizations below the "Cyber Poverty Line," those without the staff, budget, or vendor relationships to participate in coordinated defense at the speed the threat now demands [11]. They do not have access to Mythos. They will not get early notice when Glasswing partners patch a vulnerability in software they also run. They are operating on the same patch timelines, change control processes, and budget cycles they had before last Tuesday.
Thomas Ptacek published a piece before the Glasswing announcement that frames the risk for these organizations better than anything that came after [9]. His argument: AI-powered vulnerability discovery will not stay aimed at high-value targets like Chrome and iOS. Those are well-funded, expertly staffed, and auto-update. Once pointing an agent at a source tree and typing "find me zero days" produces results, attackers will aim at everything.
Operating systems. Databases. Routers. Printers. The targets where patching means someone has to get in a car, drive somewhere inconvenient, and push a physical button.
The cost of finding and weaponizing a vulnerability in your mid-market ERP system just dropped by orders of magnitude, and the people who will exploit it are not just nation-state operators, they are commodity ransomware actors who can now afford to aim at you as well.
The Question Nobody Is Asking
Each of those five conversations addresses something real: whether we can patch fast enough, whether remediation pipelines can absorb the volume, who should control these capabilities, whether better code will eventually solve the problem, who will do the maintenance work. All of them are questions about technology, process, or industry structure.
The question missing from every one of them: will your leadership make the investment decisions that determine whether your organization can absorb what is coming, before it arrives?
The Glasswing partners will be fine. They have the resources and the organizational will to act on what Mythos reveals. The question is whether the CISO at a 2,000-person manufacturer can get executive sponsorship to pull zero-trust controls from the three-year roadmap into the current quarter. Whether a CEO will redirect engineering resources from product features to attack surface reduction when revenue targets are already under pressure.
Those are leadership decisions. They require spending money on a threat that has not materialized in your environment yet, and accepting organizational disruption that nobody will thank you for. The short-term incentives all reward deferral. Overriding them is what courage looks like in practice.
This week, the CSA CISO Community, SANS, and OWASP published an expedited strategy briefing for building a "Mythos-ready" security program [11]. Easterly, Schneier, Inglis, Venables, and Adkins are among the contributing authors. The briefing lays out 11 priority actions, a draft risk register, and an aggressive 90-day implementation timeline.
The briefing tells security leaders what their programs need to become. It cannot answer whether their CEO and board will approve the budget redirections, headcount increases, and operational disruptions required to get there.
The liability question makes the leadership decision harder to defer. The CSA briefing flags it directly: when AI-powered vulnerability scanning becomes broadly available, the legal standard for what constitutes reasonable defensive effort shifts [11]. Boards will face questions about whether they used available tools for defensive scanning, and whether choosing not to constitutes negligence. That is board-level exposure requiring a board-level decision.
My team has tracked attackers using AI-assisted tooling to compress the exploitation window for critical vulnerabilities to a few hours from proof-of-concept to confirmed exploitation, simultaneously across the globe. That was before Mythos, which will move that to minutes at best. The next generation of AI-powered offensive capability will be faster, cheaper, and available to more actors.
The window to prepare is the one you are in right now. The industry will keep debating who gets access to the tool, how to govern the capability, and whether better code will eventually solve the problem.
Those conversations matter, but they will not protect your organization in the next 12 months. Your leadership decisions will.
Bradley Smith is SVP and Deputy CISO at BeyondTrust.
[1] Anthropic, "Project Glasswing: Securing critical software for the AI era," April 7, 2026. https://www.anthropic.com/glasswing
[2] Casey Newton, "Why Anthropic's new model has cybersecurity experts rattled," Platformer, April 8, 2026.
[3] Picus Security, "The Glasswing Paradox: The Thing That Can Break Everything Is Also The Thing That Fixes Everything," April 8, 2026.
[4] IANS Research, "Anthropic's 'Project Glasswing' Exposes the Next Challenge for Vulnerability Management," April 13, 2026.
[5] Jen Easterly, LinkedIn post on Project Glasswing, April 2026.
[6] ReversingLabs, "Claude Mythos AI is coming: Get your AppSec game on," April 10, 2026.
[7] NPR, "How AI is getting better at finding security holes," April 11, 2026.
[8] Chris Hughes, "Vulnpocalypse: AI, Open Source, and the Race to Remediate," Resilient Cyber, April 7, 2026.
[9] Thomas Ptacek, "Vulnerability Research Is Cooked," March 30, 2026.
[10] Sergej Epp, "Zero Day Clock," 2026. https://zerodayclock.com
[11] CSA CISO Community, SANS, [un]prompted, and OWASP Gen AI Security Project, "The 'AI Vulnerability Storm': Building a 'Mythos-ready' Security Program," Version 0.4, April 13, 2026. https://labs.cloudsecurityalliance.org/mythos-ciso/.
