Why is Glasswing still a big deal: VulnCheck’s findings reframe Glasswing’s capabilities. The limited number of directly attributable CVEs is just one way of measuring its impact. Industry observers are interpreting Mythos much differently.Melissa Bischoping, a SANS Technology Institute board member and senior Director of security and product research at Tanium, thinks Mythos potential lies elsewhere. According to a breakdown of the Claude Mythos Preview System Card, which Bischoping and her colleagues at Tanium reviewed, the model achieved an unseen exploit success rate. “Jumping from near-zero success to ~72% on the same class of targets suggests exploit development is no longer a high-skill, high-effort bottleneck,” she said, adding that it’s only a matter of time before every other model catches up.While Mythos is being regulated under Glasswing, it has already shown the world what is possible. “The gap between frontier models and open-weight models has compressed from more than a year to a matter of weeks, which means this level of capability is poised to spread rapidly, likely without the same safety guardrails,” Bischoping noted.Bischoping is also concerned about whether organizations can act on what Mythos finds before Mythos is out in the wild. “Agentic patch workflows are possible and can match pace with adversarial AI in a lot of cases, but org politics and change control don’t run at the speed of AI today.”The full picture about the model’s true capability won’t be known before July 2026, when Anthropic will make a full public accounting of what Glasswing found and fixed, Garrity said.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4159617/behind-the-mythos-hype-glasswing-has-just-one-confirmed-cve.html
