Project Glasswing: Securing critical software for the AI era

Original Article ↗ Hacker News Discussion ↗

Pricing, Access, and Who Gets Mythos

  • Mythos Preview pricing ($25 / $125 per 1M in/out tokens) is lower than some OpenAI frontier models but ~5× Opus 4.6.
  • Access is restricted to “participants” (large companies, critical infra, some OSS orgs), not general users.
  • Many see this as the emergence of a “privileged circle” for critical software security, locking out individuals and small orgs.
  • Some argue this is necessary given offensive potential; others see it as anti–open source and concentration of power.

Capabilities and Cybersecurity Claims

  • Anthropic claims Mythos has autonomously found thousands of high‑severity 0‑days across major OSes, browsers, and other software.
  • Supporters point to prior Opus‑found bugs, kernel maintainers seeing a recent jump in high‑quality AI‑generated reports, and upcoming CVEs as evidence this is real.
  • Skeptics see unverified marketing: “thousands” of critical vulns, lack of full public detail, and possible exaggeration of severity or exploitability.

Defenders vs Attackers

  • One camp argues tools like Mythos will eventually favor defenders: run “find critical vulns” until the model finds none, then ship.
  • Others note deployment/patching lag, legacy systems, IoT, and unmaintained enterprise cruft mean attackers still have the edge.
  • Concern that large players can afford massive token spend to harden their stacks, widening the security and economic gap.

Safety, Ethics, and Governance

  • Debate over Anthropic’s “safety-first” positioning: some see genuine caution (non‑release, coordination with govs, Linux Foundation); others see it as self‑serving narrative to justify gatekeeping and anti‑local‑model regulation.
  • Comparisons to nuclear tech and PRISM: non‑US readers worry Mythos becomes a US‑aligned cyber weapon, not just a defensive tool.
  • New system‑card sections on “autonomous saboteur” risk and even psychiatric evaluation of the model trigger both interest and accusations of anthropomorphism.

Developers, Jobs, and Model Quality

  • Many report Opus/Claude Code already finding real vulns and massively accelerating coding; others describe frequent hallucinations and brittle behavior.
  • Some claim internal use at big firms has reached near‑total AI‑generated code; others strongly doubt this and demand evidence.
  • Fears that Mythos‑level tools accelerate elimination of software jobs and further enrich big tech; others say we’re still far from fully replacing skilled engineers.

Hype vs Reality

  • Strong split: some see Mythos as a genuine step‑change (esp. vs fuzzing) and a preview of “zero‑day machines.”
  • Others see a familiar pattern: every new model framed as too dangerous to release, driving hype, investment, and impending IPO narratives.