AI models are now finding real security vulnerabilities-and the risks are mounting
Anthropic released a new AI model this week that can identify high-severity vulnerabilities in major operating systems and web browsers. The model, called Mythos Preview, also generates working exploits for the flaws it discovers. The company is limiting access to about 50 organizations through a program called Project Glasswing and has no plans for public release.
The shift marks a turning point. For months, AI struggled with hallucinations and false positives. Now developers maintaining critical infrastructure say the models work.
The volume problem becomes a quality problem
Daniel Stenberg, lead developer of cURL-a 30-year-old data transfer tool used in cars, medical devices, and countless internet services-watched this change unfold in real time. In 2025, his team received 185 vulnerability reports. Less than 5% were legitimate security issues. Most appeared to be AI-generated noise with verbose, elaborate descriptions.
Stenberg stopped paying bug bounties. The signal-to-noise ratio had collapsed.
By early 2026, something shifted. Report volume stayed high, but quality improved dramatically. "Almost all the bad reports are now gone," Stenberg said. Three months into the year, his team found and fixed more vulnerabilities than in each of the previous two years combined.
Stenberg also uses AI himself to scan his own code. In one session, it flagged over 100 bugs that had survived human review and traditional analysis tools.
Maintainers of the Linux kernel-which powers Android and the world's 500 most powerful supercomputers-report similar improvements. Anthropic researchers found critical vulnerabilities in a 20-year-old open-source project using an older model and a simple prompt.
"LLMs have now bypassed human capability for bug finding," said Alex Stamos, chief security officer at Corridor, an AI software security company.
Finding bugs is easier than fixing them
The gap between finding vulnerabilities and patching them is widening. Stenberg says AI excels at the first task but struggles with the second.
Fixing a vulnerability requires judgment calls that take time. "Once we have identified the problem and agree that this is a problem, then actually fixing it is not very hard," Stenberg said. "It's more the entire process up to that step that takes time and energy."
HackerOne, a vulnerability coordination platform, is building an AI agent to autonomously find and repair flaws. But most developers still rely on manual patching.
The workload concerns Stenberg. Maintainers of critical internet infrastructure are already understaffed and underfunded. An influx of legitimate vulnerability reports, even high-quality ones, stretches thin teams further. "It's an overload of all the maintainers who are already often overloaded and understaffed and underpaid and underfunded in many ways," he said.
The offensive-defensive arms race
Current AI models have built-in safeguards against generating working exploit code. But that protection depends on closed-weight models from labs like Anthropic, OpenAI, and Google DeepMind. These models are proprietary and heavily guarded.
Open-weight models-accessible to anyone-are catching up. "The most advanced open-weight models are less than a year behind the most advanced closed-weight models," Stamos said. If adversaries copy an open-weight model and remove safeguards, they could ask it to generate both exploits and attack code.
"Then we're in real trouble because you would be able to ask those models to not just find the bugs, but then to create exploit code," Stamos said.
By keeping Mythos Preview private, Anthropic gives software developers and security teams time to patch vulnerabilities before hostile actors gain access to equivalent tools.
Who actually needs to worry
Daniel Blackford, VP of Threat Research at Proofpoint, said everyday users shouldn't panic about AI-powered vulnerability discovery. "I don't necessarily think that the average computer user needs to be fundamentally worried about this," he said. "They need to be way more worried about not giving their password away because that just happens like all day, every day."
The real pressure falls on developers and maintainers. Jim Zemlin, CEO of the Linux Foundation, said the new capabilities help overworked teams. "These maintainers are already overworked before AI. This just makes their lives a lot better," he said. The foundation is part of Project Glasswing and has begun testing Mythos Preview with core Linux kernel maintainers.
Stenberg, who is not part of Project Glasswing, points out that many critical projects have been excluded from early access. "Things that are actually cornerstones of the Internet" lack the resources or connections to participate.
For developers, the immediate task is clear: patch vulnerabilities faster than attackers can exploit them. AI for Cybersecurity Analysts training can help teams understand how these tools work and integrate them into security workflows. AI Coding Courses also cover automated vulnerability detection and remediation techniques.
Your membership also unlocks:
