The AI that found 10,000 vulnerabilities is coming for the attackers too — within 6 months

This isn't another piece about how impressive AI is. It's a warning Anthropic put in writing itself: within the next 6 to 12 months, models that can scan code and surface serious vulnerabilities will be in other companies' hands too — some without any safety guardrails. That changes the rules for every business that runs on software. Which means yours.

What happened

Anthropic is expanding Project Glasswing, a program where selected organizations get access to its powerful Claude Mythos model to scan their own codebases and find security holes before attackers do.

The numbers are the story:

• In early April, roughly 50 initial partners got access. Since then they've found more than 10,000 high- or critical-severity vulnerabilities by scanning their code.
• The program is now opening to about 150 more organizations across 15+ countries — power, water, healthcare, communications, hardware. Many are vendors: they build software that thousands of other companies depend on.
• Anthropic estimates that for most of these partners, a major attack could affect more than 100 million people.

Within 6–12 months, Anthropic expects other companies will have Mythos-class models — and may release them without the safeguards that prevent misuse.

In that world, cyberattacks will happen more often and in more unpredictable forms. That's the sentence worth reading twice.

Why it matters

For a long time, smaller businesses leaned partly on obscurity for security. "Who's going to bother targeting me?" AI dismantles that argument. When a machine can automatically scan thousands of codebases and surface 10,000 holes, the cost of also scanning you drops close to zero. You don't have to be a target — you just have to be exposed.

Two things follow directly. First, defenders (like those 150 organizations) will rush to close gaps. Second, attackers will gain the same speed shortly after. The window between the two sides is your risk.

There's also the liability and compliance dimension. If you run AI tools, a chatbot, or agents in your business, you're not only exposed to vulnerabilities in your own software — you also carry responsibility for how that AI behaves toward your customers. The Air Canada case made it plain: the business is liable for what its chatbot says, even when the bot invents the answer. A compromised or manipulated AI system isn't just a technical problem — it's a legal one.

What to do now

You don't need to become a cybersecurity company. You need to know three things.

• Where your software is exposed. Which apps, plugins, integrations, and AI tools run in your business — and which of them are open to the internet. You can't protect what you don't know you have.
• Who owns the patches. If you rely on vendors (your e-commerce platform, plugins, AI providers), ask explicitly: how fast do they ship fixes, and how do you find out? The gap between "vulnerability found" and "patch applied" is shrinking fast.
• How you harden your own AI systems. If you have a chatbot or an agent, you need boundaries: what it can and can't say or do, who supervises it, and what happens when it receives a suspicious input (prompt injection). These aren't enterprise luxuries — they're the minimum so you don't pay for the AI's mistake.

The speed of attack is changing. The speed of your defense has to change with it.