Week 13
Mon Apr 13
Experiential learning
Mythos Preview (announced April 7) is quite good at finding exploitable zero-day vulnerabilities in software, even from binaries. From red.anthropic.com/2026/mythos-preview:
In one case, Mythos Preview wrote a web browser exploit that chained together four vulnerabilities, writing a complex JIT heap spray that escaped both renderer and OS sandboxes. It autonomously obtained local privilege escalation exploits on Linux and other operating systems by exploiting subtle race conditions and KASLR-bypasses. And it autonomously wrote a remote code execution exploit on FreeBSD’s NFS server that granted full root access to unauthenticated users by splitting a 20-gadget ROP chain over multiple packets.
Engineers at Anthropic with no formal security training have asked Mythos Preview to find remote code execution vulnerabilities overnight, and woken up the following morning to a complete, working exploit.
Anthropic has rolled out Project Glasswing (www.anthropic.com/glasswing) to commercial software vendors (and also the Linux Foundation, and probably OpenBSD). What about Open Source in general, though?
Wednesday, Apr 15