Early signals suggest vulnerability intake is increasing several-fold, likely overwhelming OEM backlogs designed for pre-Mythos volumes
Project Glasswing is exactly the kind of coordinated effort cybersecurity has needed, particularly for operators of critical infrastructure, industrial systems, and the connected device ecosystems that underpin financial services, energy, healthcare, and defense.
It brings together leading technology companies: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks to identify and patch vulnerabilities discovered by frontier AI systems like Claude Mythos before they can be widely exploited. That is a meaningful step forward, but it also reveals something deeper:
Security now breaks down not at discovery, but at the speed of risk remediation and enforcement across the full device stack.
What Mythos has already done (in weeks).
The specifics are worth sitting with. During pre-release testing, Anthropic’s Mythos Preview autonomously identified thousands of previously unknown zero-day vulnerabilities across every major operating system (Windows, macOS, Linux distributions, FreeBSD, and OpenBSD) and every major web browser (Chrome, Firefox, Safari, and Edge).
Some of these flaws had survived decades of human security review. Mythos uncovered a 27-year-old vulnerability in OpenBSD, an operating system famous for its security hardening. It found a 16-year-old bug in FFmpeg, a library embedded in virtually every media pipeline on the internet. On its first attempt, the model reproduced working exploits in over 83% of cases.
At the time of Anthropic’s April 7th announcement, over 99% of those discovered vulnerabilities remained unpatched. The volume of findings has overwhelmed traditional patch cycles at coalition vendors Microsoft, Apple, and Google, who have reportedly expanded their security response teams. Anthropic itself had to contract professional security firms just to help manage responsible disclosure.
And that is with one model, used by eleven organizations, over a few weeks. Now imagine what happens when similar capabilities proliferate to every OEM (and every adversary) on a global timeline.
Early signals from real codebases.
Mythos is the most visible case, but it is not the only one. The industry-wide step-change is already showing up in public disclosures, maintainer commentary, and codebase-level data from frontier-model-assisted vulnerability research. Four recent data points are worth sitting with together:
Linux kernel: a 2x–5x surge, then another order of magnitude.
Greg Kroah-Hartman, lead maintainer of the Linux kernel stable branch, described the step-change directly at KubeCon Europe in March 2026. The kernel security list has gone from roughly 2–3 reports per week two years ago, to about 10 per week over the last year, to 5–10 per day since the beginning of 2026. That is a 2x–5x increase versus last year’s rate, and a 12x–35x increase versus the older baseline. Critically, Kroah-Hartman said most of those newer reports are correct (not AI slop) and the kernel security team has had to bring in more maintainers to keep up. His exact words: “Something happened a month ago, and the world switched. Now we have real reports.” He noted the same shift across open-source security teams industry-wide.
Firefox: more vulnerabilities in two weeks than any single month of 2025.
For Mozilla’s Firefox, Anthropic published a much clearer before/after signal. In a two-week collaboration with Mozilla, Claude Opus 4.6 found 22 vulnerabilities, 14 of them high severity. Anthropic reports that those 22 findings exceeded what Firefox received in any single month of 2025, and the 14 high-severity bugs represented almost one-fifth of all high-severity Firefox vulnerabilities remediated across the entire year. This was not Mythos. It was a prior-generation frontier model. It is a preview of what Mythos-class capability does to a mature, well-audited codebase’s inbound backlog.
Broader open source: hundreds became thousands in months.
At the ecosystem level, Anthropic reports that Opus 4.6 had found and validated more than 500 high-severity vulnerabilities in production open-source codebases by February 2026. Two months later, Mythos Preview identified thousands of zero-day vulnerabilities across every major operating system and browser in a matter of weeks. The industry is moving from “hundreds across OSS” to “thousands across critical software” on a timeline measured in months, not years.
FreeBSD: one public Glasswing CVE so far as a capability proof point.
On March 26, 2026, NVD published CVE-2026-4747, a serious FreeBSD RPCSEC_GSS vulnerability identified as the first public CVE explicitly tied to Project Glasswing. That data point does not give us backlog volume for FreeBSD, but it does confirm the capability: a frontier model, deployed inside a coordinated disclosure program, producing publicly-tracked, real-world critical findings in an established operating system.
Taken together: this is not a forecast. The inbound rate has already shifted, across multiple major codebases, before Mythos-class capabilities reach general availability. OEM security programs that were designed for the pre-2026 rate are going to see disclosure volumes their triage workflows were never built to absorb.
Glasswing = Early-access participants
Project Glasswing organizations see vulnerabilities first. They triage alongside frontier AI systems. They coordinate fixes across ecosystems while the rest of the market remains unaware that the vulnerability exists. They gain time and operational runway to staff up, retool, and rehearse faster remediation workflows before the broader disclosure wave hits.
Everyone else who isn’t in Glasswing
Eventually, CVEs are disclosed publicly. Patches are released. Smaller OEMs whose hardware runs in hospitals, utilities, and critical infrastructure inherit security risk under compressed timelines, against adversaries who have been preparing for this moment, and without the coalition’s head start on process redesign.
This asymmetry matters because it is not just about who sees the vulnerability first. It is about who has re-architected their remediation operations to absorb the volume that is coming.
The gap is not discovery. It is execution.
Frontier AI vulnerability discovery systems are no longer theoretical. Anthropic’s Mythos, Google’s Big Sleep agent (which autonomously discovered an exploitable vulnerability in SQLite in 2024), and the finalists of DARPA’s AI Cyber Challenge, which demonstrated autonomous vulnerability discovery and patching at scale, mark a new capability threshold.
As similar capabilities proliferate (including to adversaries), the window between discovery and exploitation collapses. What once took months is moving toward days.
AI has fundamentally changed the equation:
Vulnerability discovery is accelerating
Exploit development timelines are collapsing
Volume is increasing (more than 48,000 CVEs were published in 2025 alone)
The bottleneck is no longer the search for vulnerabilities.
It is how quickly organizations can remediate that risk and verify each fix is running on every device in the field.
Most OEM security programs were not built for this.
They were designed for dozens of critical vulnerabilities per month, human-paced triage, and sequential patch cycles.
They are now facing hundreds or thousands of findings, parallel exploit paths, and shrinking windows between disclosure and attack. Research from Root.io’s 2026 Shift Out Benchmark Report found that only 4% of security teams have achieved zero CVE depth in their backlog. Qualys reports that 49.4% of organizations still rely on monitoring followed by manual response workflows, creating a structural delay between disclosure and remediation that attackers can reliably exploit.
The structural deficit is not new, but it is about to become acute. Industry benchmarks like GitGuardian's 2022 State of Secrets Sprawl report put the ratio of application-security engineers to developers at roughly 1:100. Each AppSec engineer already supports a hundred developers on average. When Mythos-class capabilities reach broader distribution, that ratio will not be sustainable. OEMs will face a simple choice: scale remediation capacity dramatically, or accept that their backlog will grow faster than their ability to close it.
Scaling through hiring is not a realistic option. Skilled security engineers are scarce, expensive, and take 12–18 months to onboard into a mature remediation workflow. The math does not work at the timelines the threat environment is demanding.
This is not a tooling problem. It is an operational design problem.
The organizations that hold up will not chase more AI tools.
They will rewire a single domain: vulnerability remediation, rebuilt as VulnOps.
VulnOps is to vulnerability management what DevOps was to software delivery. It is a fundamental reorganization of how the work flows, not a new layer of tools dropped on top of the existing process. That means:
Automating triage and prioritization so engineers are not reading every advisory manually
Parallelizing remediation workflows across codebases, firmware trees, and dependency graphs
Integrating security fixes directly into CI/CD pipelines with automated verification gates
Using agents to augment (not replace) engineering capacity, carrying the coordination and verification work end-to-end
Treating remediation as a measurable, instrumented business process, not a ticket queue
Agentic remediation platforms are already reaching the market: Cogent Security raised $42M in early 2026 specifically to build this layer, and Root.io, Pixee, and Qualys are pushing similar architectures. The category is forming in real time. The organizations that treat VulnOps as core infrastructure rather than as a pilot will enter the Mythos proliferation window on stronger operational footing.
First as pilots, and then as core infrastructure.
Why risk will persist post-Glasswing.
Glasswing is a $100M coalition of the world’s largest technology companies. Yet those companies represent a fraction of the connected devices manufactured by OEMs globally.
The long tail dominates: a large share of internet-exposed devices comes from smaller OEMs, ODMs, rebranded hardware vendors, and legacy manufacturers (none of whom are Glasswing participants). Even if the coalition secures the majority of core software dependencies (Linux, Windows, cloud stacks, and browsers), it does not guarantee devices in the field will be patched, firmware will be updated, or vulnerable OEM implementations will be fixed.
Glasswing secures the core: the operating systems, browsers, cloud infrastructure, and foundational open-source libraries that coalition members build and maintain. But most of what runs in the real world is embedded below that layer, in firmware, chipsets, and device controllers, or built on top of it by OEMs and vendors who were not in the room (often as forked or modified versions of the main branch).
Consider what this looks like in practice. A hospital runs hundreds of connected medical devices from dozens of manufacturers. A utility operates thousands of industrial controllers with firmware from vendors who may not even be in business anymore. An enterprise network ships traffic through routers, gateways, and IoT devices from manufacturers who receive CVE disclosures through generic notification lists and respond at their own pace (if they respond at all).
None of these devices get patched faster just because Anthropic fixed a Linux kernel bug.
The question is not just who finds and fixes vulnerabilities first. It is how those fixes are enforced across the full device ecosystem.
Identifying vulnerabilities does not secure systems. Remediating risk and verifying fixes are running in the field secures systems.
Even when patches exist:
Devices are not updated, or updates lag behind disclosure by weeks or months
Firmware integrity is not enforced, so there is no way to prove the patched code is what is actually running in the field
Supply chains introduce cascading delay between fix and field: chipset vendor patches, then OEM integrates, then distributor ships, then operator deploys
Runtime state is not verified after deployment, so drift goes undetected
Devices often lack authenticated update mechanisms entirely, so even well-intentioned patches cannot be trusted
Security does not fail at the point of discovery.
It fails at the speed of risk remediation and enforcement of what is actually running on the device.
Glasswing signals a fundamental shift.
Cybersecurity is no longer primarily about discovering and fixing vulnerabilities. It is about enforcing a trusted state across distributed, real-world systems at scale.
The organizations that hold up in an AI-accelerated threat environment will not simply be those that patch fastest. They will be those who can verify and enforce that only trusted, authorized software runs continuously across every device in their ecosystem. That is a different operational posture than what most OEM security programs were designed to deliver.
Glasswing centralizes discovery advantage. The industry still needs distributed enforcement across the long tail.
What this means for OEMs not in the coalition.
The proliferation of Mythos-class capabilities is not a future risk. The window is closing now. OEMs that were not part of Glasswing’s initial cohort cannot wait for disclosures to flow downstream and hope the patch cycle catches up. When thousands of critical zero-days start entering the public disclosure pipeline over the coming quarters (and the early signals above show they already are) the engineering organizations that survive will be the ones that have already rebuilt their remediation operations as VulnOps.
In an AI-accelerated world, resilience will depend on three things:
Scaling risk remediation capacity by moving from human-paced triage to machine-assisted VulnOps, so that a hundred incoming findings do not consume the entire security engineering team for a week
Enforcing device trust continuously by verifying what firmware is actually running in deployed devices, not just at manufacture, so that a patched codebase actually translates into a patched fleet
Operating at machine speed by integrating security into build and release pipelines so that fixes reach the field without cascading delay through the supply chain
Each of these requires investment in tooling, in process redesign, and in cultural change. None is optional. The OEMs that start now will enter the Mythos disclosure window with operational leverage. The OEMs that wait will find themselves drowning in advisories their engineering organizations cannot process at the required cadence.
Advantage will not come from access to AI tools alone.
It will come from closing the gap between fix and field (at machine speed) and with consistent enforcement.
Bottom line.
Glasswing centralizes discovery advantage for the world’s largest technology companies. That is a meaningful head start, and the coalition deserves credit for the transparency and coordination behind it.
But the long tail of devices (in firmware, connected hardware, OEM implementations, and the critical systems that were not in the room) is where risk persists: where patches arrive late, updates do not reach the field, and runtime state goes unverified. That is where most real-world compromises will originate over the next eighteen months.
Glasswing secures the core. The rest of the market must build its own execution advantage, because in an AI-accelerated world, speed of risk remediation and consistent enforcement across the device stack are the only durable controls.
That is the problem we are solving at Immutaverse.
