Project Glasswing Proves That "Just Patch the Criticals" Is Dead. Here's What Comes Next.

Anthropic's Project Glasswing has shown that AI can now chain together vulnerabilities and exploit software faster than almost any human. That changes everything about how security teams need to think about their attack surface, and it makes comprehensive asset visibility and contextual vulnerability management more critical than ever.

What Is Anthropic's Project Glasswing?

Project Glasswing is a $100 million cybersecurity initiative that uses an unreleased AI model called Claude Mythos Preview to find and fix critical software vulnerabilities before attackers can exploit them.

Anthropic launched the initiative on April 7, 2026, backed by twelve major technology and finance companies: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Roughly 50 organizations in total have access to the program.

The initiative exists because the Mythos model is too effective at breaking things. During initial testing, the model found thousands of high-severity vulnerabilities across every major operating system and web browser. It uncovered a 27-year-old OpenBSD bug and a 16-year-old FFmpeg flaw that had eluded millions of automated security tests.

On CyberGym's vulnerability reproduction benchmark, Mythos scored 83.1%, compared to 66.6% for Claude Opus 4.6, Anthropic's previous best model.

Anthropic didn't mince their words when describing the security impact of Mythos - "AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities" (Anthropic).

Key takeaway: Anthropic restricted Mythos from public release specifically because of its offensive security capabilities. That decision alone tells you where AI capabilities stand right now.

Why Glasswing Changes Everything About Vulnerability Management

Project Glasswing isn't just a story about a powerful model finding bugs. It's a warning about how vulnerabilities are actually exploited in the real world, and why most organizations are fundamentally unprepared.

Mythos doesn't just identify individual bugs. It chains together three, four, sometimes five separate vulnerabilities into sophisticated exploit sequences, autonomously, without human direction (Anthropic). One of its most striking findings was in the Linux kernel: multiple chained vulnerabilities that, individually, might not have raised alarms. Collectively, it enabled full privilege escalation from an unprivileged user to complete system control.

That's the part that should keep security teams up at night. Not the individual CVEs. The chains.

Anthony Grieco, Cisco's Chief Security and Trust Officer, called it "a profound shift and a clear signal that the old ways of hardening systems are no longer sufficient" (SiliconANGLE).

Anthropic warned that these capabilities won't stay contained: "Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely" (Fortune).

This is the new reality. Attackers, whether human or AI-assisted, won't politely exploit one vulnerability at a time. They will find the path of least resistance through your environment, chaining together low- and medium-severity issues that your existing tools told you were safe to deprioritize.

Why "Patch the Criticals" No Longer Works

For years, the standard playbook has been straightforward. Scan for vulnerabilities, rank by CVSS score, patch the criticals, move on. It's how most security teams operate, and it's how most vulnerability management tools are built.

Glasswing just showed us why that approach is broken.

A medium-severity vulnerability in isolation might sit in your backlog for months. It's not critical. It's not actively exploited. Your scanner says it's a 5.4, no worries, you'll get to it eventually. But that same medium-severity vulnerability, combined with an overly permissive service account, a misconfigured network policy, and an unpatched library on an adjacent host, becomes a full compromise chain.

Mythos found these chains automatically. An attacker with access to the same class of AI tooling will do the same.

The problem isn't that security teams are negligent. The problem is that the tools most teams use don't show them the context. They see a flat list of CVEs sorted by severity. They don't see how those CVEs relate to each other, what assets they sit on, how those assets are connected, what permissions flow between them, or what the actual blast radius looks like if an attacker chains them together.

This is the gap JupiterOne was built to close.

How JupiterOne Helps You Prepare for a Post-Glasswing World

JupiterOne provides a comprehensive, graph-based view of your entire cyber asset landscape - every device, user, application, vulnerability, permission, and the relationships between them. That relationship context is what transforms vulnerability management from a checkbox exercise into actual security.

Here's what that means in practice:

1. See the chains, not just the CVEs. JupiterOne maps relationships between assets, vulnerabilities, identities, and configurations. When a medium-severity vulnerability sits on a host with access to production data, connected via an overly permissioned service account, you see the full picture, not just a CVSS score in a spreadsheet.

2. Prioritize by actual risk, not theoretical severity. A critical vulnerability on an isolated, air-gapped test server is less urgent than a chain of mediums on an internet-facing production system with access to sensitive data. JupiterOne's graph lets you prioritize based on the real-world context of your environment, not just the number on the CVE.

3. Understand blast radius before an incident. If a vulnerability is exploited on a specific asset, what can an attacker reach from there? What other systems are connected? What data stores? What identities? JupiterOne answers these questions proactively, not during an incident response scramble.

4. Continuous, automated asset inventory. You can't defend assets you don't know even exist. JupiterOne continuously discovers and catalogues your cyber assets, AI agents, non-human identities, cloud resources, SaaS applications, endpoints, identities, code repositories, and their interconnections. No spreadsheets. No quarterly audits that are outdated before they're finished.

5. Query-driven investigation. JupiterOne's query language (J1QL) and AI query agent let security teams ask the questions that matter: Which hosts have unpatched vulnerabilities AND direct access to production databases? What service accounts have admin privileges across multiple environments? Show me every asset within two hops of this compromised endpoint.

Jim Zemlin, CEO of the Linux Foundation and a Glasswing partner, framed the interconnected nature of the problem: "Open source software constitutes the vast majority of code in modern systems, including the very systems AI agents use to write new software" (CyberScoop). The dependencies run deep. If you can't see the connections between your assets, their vulnerabilities, and the permissions that link them, you can't defend against the kind of chained exploitation that Glasswing has brought into sharp focus.

But We Don't Use AI, Does This Apply to Me?

Absolutely. And it's worth separating two distinct threats, because they're often conflated.

The first threat is AI used offensively against you. This is what Project Glasswing demonstrated. Attackers, or the AI tools they wield, will chain vulnerabilities across your environment whether you've adopted AI or not. Your attack surface doesn't get smaller because you haven't deployed an AI agent. It gets more dangerous because the people probing it now have AI-assisted tools that can find and exploit chains of vulnerabilities faster than any human team can patch them.

This is the threat that makes comprehensive asset visibility and contextual vulnerability management non-negotiable for every organization, regardless of AI adoption.

The second threat is the new attack surface created when your organization does adopt AI. This is the AI Attack Surface Management (AI-ASM) challenge, and it's growing fast.

The numbers tell the story:

Every AI agent your organization deploys, whether it’s a coding assistant, customer service bot, workflow automator or data pipeline agent, creates a non-human identity with API keys, service accounts, and permissions that connect to systems across your environment. A compromised agent looks exactly like a working one.

Frank Teruel, COO of Arkose Labs, put it plainly: "Not only do enterprises need to distinguish between malicious and authorized agents, they need the visibility and attribution capabilities to know what those agents are doing once they're inside" (Arkose Labs).

JupiterOne treats every AI agent as a first-class cyber asset, each with its own identity, permissions, API connections, and relationships mapped in the graph alongside every other asset in your environment. Whether you're managing the risk of AI being used against you or managing the attack surface of AI you've chosen to adopt, the answer starts with visibility.

JupiterOne has also released an MCP Server that enables AI-powered security workflows while keeping security controls in place, letting you use AI agents to strengthen your security posture, with full visibility into what those agents are doing.

What Should Security Teams Do Right Now? 

Anthropic chose not to release Mythos Preview to the public. That restraint tells you something about where AI capabilities are right now. But Anthropic also said the quiet part out loud: "Project Glasswing is a starting point. No one organization can solve these cybersecurity problems alone" (Anthropic).

The capabilities that make Mythos exceptional today will be standard in frontier models within a year or two. The attackers exploiting your environment will get better at finding chains, faster at pivoting, and harder to detect.

Here's how to get ahead of it:

1. Get complete asset visibility. You can't defend what you can't see. Map every asset, identity, permission, and connection in your environment. This is table stakes.
2. Think in graphs, not lists. Stop managing vulnerabilities as a flat backlog sorted by CVSS score. Understand how vulnerabilities, assets, and permissions relate to each other. The chains are what kill you. The connections are what matter.
3. Assess blast radius proactively. For every critical asset, know what an attacker can reach if they compromise it. Answer that question before the incident, not during it.
4. Inventory your AI agents. If you've adopted AI tools, treat every agent as an asset with its own identity and attack surface. That includes sanctioned tools and shadow AI.
5. Define and enforce the exact controls that match your environment. Generic compliance frameworks weren't written for your infrastructure. Use tools like JupiterOne's CCM and AI Control Author to translate framework requirements into technical controls mapped to your actual assets and monitor them continuously, not just at audit time.
6. Monitor continuously. Your environment changes daily. New assets, new permissions, new vulnerabilities, new connections. Static audits aren't enough.

The 97% of enterprise leaders who expect an AI-agent security incident this year aren't being pessimistic. They're reading the room. The question is whether your team has the visibility to understand your actual risk, the chains, the context, the blast radius, or whether you're still staring at a list of CVEs hoping the criticals are enough.

JupiterOne gives you the map. Start using it before you need it.

Frequently Asked Questions
‍

What is Claude Mythos Preview?

Claude Mythos Preview is an unreleased frontier AI model from Anthropic that scores 83.1% on CyberGym's vulnerability reproduction benchmark. It found thousands of high-severity vulnerabilities across every major operating system and web browser during initial testing. Anthropic restricts access to roughly 50 organizations through Project Glasswing because of its offensive security capabilities.

Why won't Anthropic release Mythos publicly?

Anthropic determined that Mythos can find and exploit software vulnerabilities at a level that surpasses most human security researchers. Making it publicly available would give that same capability to attackers. The company restricts access to a vetted coalition of twelve technology and finance partners through Project Glasswing to keep offensive use controlled while maximizing defensive impact.

What is vulnerability chaining and why does it matter?

Vulnerability chaining is when multiple individual vulnerabilities, each potentially low or medium severity on their own, are combined into a single exploit path that achieves a far more serious outcome. Mythos demonstrated this by chaining multiple Linux kernel vulnerabilities to escalate from an unprivileged user to full system control. Traditional vulnerability management tools that prioritize based on CVSS score alone miss these chains entirely.

How does JupiterOne help with vulnerability chaining?

JupiterOne's graph-based platform maps the relationships between assets, vulnerabilities, identities, and configurations across your entire environment. This lets security teams see how vulnerabilities on different assets could be chained together, prioritize based on real-world exploitability rather than isolated severity scores, and understand the blast radius of any potential compromise path.

What is AI Attack Surface Management (AI-ASM)?

AI-ASM refers to the practice of discovering, inventorying, and managing the security risks introduced when organizations deploy AI agents. Each agent creates non-human identities, API connections, and data access patterns that expand the attack surface. JupiterOne treats AI agents as first-class cyber assets, mapping their identities, permissions, and connections alongside all other assets in the environment.

What is the JupiterOne MCP Server?

The JupiterOne MCP Server is a secure, standards-based integration that lets AI tools like Claude and OpenAI agents access real security and IT data from JupiterOne. It enables AI-powered security workflows while maintaining access controls, allowing security teams to use agentic AI for defence without sacrificing visibility or governance.