AI models have moved quickly from producing fanciful errors to becoming effective tools for spotting security flaws in widely used software that powers operating systems and internet-connected devices. Those same capabilities can strengthen software security — or be used by attackers and nation-states to steal data, money or disrupt services.
This week AI lab Anthropic said it developed a powerful new model it believes could “reshape cybersecurity.” The model, Mythos Preview, reportedly found “high-severity vulnerabilities, including some in every major operating system and web browser,” and it produced higher-quality ideas for how to exploit those flaws. That latter ability raises the stakes, because it could make it easier for malicious actors to weaponize findings.
Anthropic is limiting access to Mythos Preview to roughly 50 selected companies and organizations as part of a collaboration it calls Project Glasswing. The company says the model’s misuse risk is high and it does not plan to release this particular model publicly, though it will release other related models. Anthropic says its long-term aim is to let users deploy Mythos-class models safely at scale.
Security professionals note the immediate risk is primarily to cyber defenders and maintainers, not average users. “I don’t necessarily think that the average computer user needs to be fundamentally worried about this,” said Daniel Blackford, VP of Threat Research at Proofpoint, adding that everyday risks like password theft remain far more common.
The Linux Foundation, which hosts the Linux kernel — the core interface between hardware and software that powers many operating systems, Android and major supercomputers — is part of Project Glasswing. Jim Zemlin, the foundation’s CEO, said kernel maintainers have begun experimenting with Mythos to determine how to use it effectively. “These maintainers are already overworked before AI,” Zemlin said. “This just makes their lives a lot better.”
Even before Mythos Preview’s limited rollout, the cybersecurity world has been grappling with a sharp jump in capabilities from commercially available models. Developers and maintainers are racing to patch vulnerabilities flagged with AI, while experts worry about what could happen if these capabilities spread without adequate safeguards.
How hackers have used AI — and how that changed
Improvements in AI’s bug-finding skills became noticeable in early 2026, according to Daniel Stenberg, lead developer of cURL, a 30-year-old open-source data-transfer tool used across internet-connected devices including cars and medical equipment. New cutting-edge models released in late 2025 appear to have driven the change.
Stenberg and many maintainers rely on security researchers — “white hat” hackers — to report vulnerabilities privately, sometimes in exchange for bug-bounty payouts or recognition. But in 2025 his team was overwhelmed by bogus reports that Stenberg suspects were AI-generated. His group received 185 reports that year but found fewer than 5% were genuine security problems; the flood of low-quality reports eventually led him to stop paying out bug bounties for cURL.
Stenberg said the fake reports often had a distinct, overly elaborate style: “You get a 400 line report [when] it’s something that a human would take 50 lines to present.” A HackerOne survey from summer 2025 found nearly 60% of respondents were using, learning, or studying how to audit AI and machine-learning systems.
By 2026 things shifted again. Report volume rose further, but most reports now revealed real problems. Stenberg estimates roughly 1 in 10 reports are security vulnerabilities, with the rest being genuine bugs. In just the first three months of 2026, his team had found and fixed more vulnerabilities than in either of the previous two years.
Stenberg also uses AI directly to find issues in his code. With one click the AI flagged more than 100 bugs that had passed human review and traditional code analyzers, “in almost magical ways,” he said. Other high-profile projects have seen similar changes: Linux kernel maintainers reported a jump in quality of bug reports, and Anthropic researcher Nicholas Carlini used an earlier Anthropic model and a relatively simple prompt to find kernel vulnerabilities and the first critical bug in another long-lived open-source project.
“LLMs have now bypassed human capability for bug finding,” said Alex Stamos, chief security officer at Corridor, an AI-focused security company and former head of security at Yahoo and Facebook. Because much commercial software incorporates open-source components, improvements in open-source bug finding have broad implications across the internet.
Can AI also fix what it finds?
Stenberg welcomes better bug-finding tools but worries about developer capacity. Many maintainers are already overloaded, understaffed and underfunded, he said, and the new deluge of findings can add to their burden. He also noted many critical projects, “things that are actually cornerstones of the Internet,” were not included in Project Glasswing.
Based on experience so far, Stenberg believes AI is better at spotting bugs than at fixing them. Finding a problem is only part of the work; reaching agreement that something is a problem and deciding the right fix often requires careful judgment and coordination. “Once we have identified the problem and agree that this is a problem, then actually fixing it is not very hard and not very time consuming. It’s more the entire process up to that step that takes time and energy,” he said.
Not everyone agrees AI can’t help with fixes. HackerOne is developing an agentic AI product to autonomously find and mend vulnerabilities, indicating some vendors see potential for more end-to-end automation.
Offense vs. defense: where AI fits
“Finding bugs is not making the bugs exploitable,” Stamos said. Finding a flaw is the first step in what security teams call the kill chain; the next step is building a working exploit. Foundation models from top labs like Anthropic, OpenAI and Google DeepMind include guardrails to keep them from producing malicious software and are proprietary, making them harder to repurpose for offense.
The bigger worry is open-weight models — public or easily copied models whose weights are available — catching up to closed-weight models. If malicious actors obtain or reproduce powerful open models and remove safety guardrails, they could not only find bugs but generate exploit code. Stamos noted the most advanced open-weight models are trailing top closed models by less than a year.
Debate over how risky Anthropic is has spilled into U.S. policy. The Pentagon labeled Anthropic a “supply chain risk,” a designation that could bar government agencies and contractors from using the company’s technology. Anthropic is contesting that designation in court. Stamos argued Anthropic’s limited release of Mythos Preview gives developers and the U.S. time to strengthen defenses.
Overall, the rapid improvement of AI in security research is changing how vulnerabilities are discovered and managed. It promises faster, broader detection of flaws but also creates new challenges in vetting reports, prioritizing fixes and preventing misuse as more capable models become widely accessible.