96% of applications contain open source components. Most of the vulnerabilities in those components are about to be found.
That’s not hyperbole. It’s the rational conclusion of what Anthropic announced last week. Project Glasswing, and the Claude Mythos Preview model behind it, represents something the security industry has been quietly anticipating: AI that can autonomously discover zero-day vulnerabilities at a scale and speed no human team can match. In a matter of weeks, Anthropic’s model found a 27-year-old vulnerability in OpenBSD and a 16-year-old flaw in FFmpeg that had survived 5 million automated tests without detection.
We view this as a meaningful step forward for the security ecosystem. We also think most organizations are about to discover that the harder problem isn’t finding vulnerabilities. It’s what happens after.
TL;DR
- Project Glasswing marks the arrival of AI-powered open source vulnerability discovery at a scale that will dramatically accelerate CVE volume across critical software.
- The security industry has long had a finding problem. Glasswing upgrades that to a remediation problem.
- The mean time to remediate a critical CVE is already upwards of 60 days. More CVEs against the same remediation infrastructure makes that number worse, not better.
- Even when a community fix exists, organizational ingestion takes time. Regulated industries and teams maintaining long-running applications face this acutely.
- The organizations that come out ahead won’t be the ones that saw more vulnerabilities coming. They’ll be the ones that built the open source software security infrastructure to absorb and remediate them.
What Project Glasswing actually is
Project Glasswing is a coordinated defensive initiative that gives Anthropic’s most capable model, Claude Mythos Preview, to a controlled group of major technology organizations and open source maintainers to find and fix vulnerabilities before malicious actors do. The list of participants includes AWS, Apple, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, NVIDIA, and Palo Alto Networks, alongside the Linux Foundation and more than 40 organizations responsible for critical software infrastructure.
Anthropic has committed $100 million in usage credits to the effort and $4 million in direct donations to open source security organizations. The model is not being made publicly available. That’s a deliberate choice, and an appropriate one: Mythos Preview’s ability to autonomously chain multiple vulnerabilities into working exploits is, as Cisco’s Chief Security Officer put it, a threshold that “fundamentally changes the urgency required to protect critical infrastructure.”
For the security leaders we work with, that framing deserves to be taken at face value. The model found a FreeBSD remote code execution vulnerability that allows unauthenticated attackers to gain root access, fully autonomously, without human guidance after the initial prompt. That capability, in the wrong hands, represents a different category of threat than the industry has operated against before.
The project’s goal is to keep those capabilities in the right hands long enough for the rest of the ecosystem to strengthen its defenses.
The finding problem just got solved. The fixing problem just got harder.
Glasswing ends the scarcity that has historically protected organizations from their own unpatched vulnerabilities.
Vulnerability discovery has always been bottlenecked by human expertise. Skilled security researchers are rare, expensive, and finite. That scarcity was, in a perverse way, a form of protection: most vulnerabilities that were difficult to find stayed unfound. AI-powered discovery at Mythos’s capability level removes that protection. What once required a world-class researcher and months of work can now be done autonomously, at scale, across entire codebases.
Chainguard CEO Dan Lorenc said it directly in The Register’s coverage of the announcement: organizations “probably aren’t ready for the influx of real vulnerabilities and patches they’re going to need to get out quickly.” That’s not a criticism of the initiative. It’s an honest read of where the ecosystem stands.
Wiz’s analysis of Glasswing frames the near-term reality as simply “more CVEs.” That framing is technically accurate but strategically incomplete. More CVEs means more triage. More triage means more engineering hours. More engineering hours means more opportunity for the vulnerabilities you’re not getting to yet to sit open in production.
The industry average mean time to remediate a critical CVE is already upwards of 60 days. That figure predates a world where AI is surfacing thousands of new zero-days across every major operating system, browser, and open source library. Applied against the same remediation infrastructure, an increase in CVE volume doesn’t improve that number. It makes it worse.
The question every CISO should be asking isn’t whether their scanning tools can keep up with the incoming volume. It’s whether their open source software security infrastructure, the layer that actually owns the components when a CVE lands, has the build provenance, managed remediation, and SLA structure to absorb what’s coming.
For most organizations, the honest answer is no.
The upstream dependency most organizations haven’t thought about
When a zero-day is found in an open source library, the remediation clock starts. But that clock doesn’t run directly to a patch in your environment. It runs first to the open source maintainer community producing a fix, then to your toolchain ingesting that fix, then to your environment receiving the update.
That middle step, the open source maintainer community, is already under significant load. The Linux Foundation’s Jim Zemlin, a Glasswing partner, noted that security work has historically been a “thankless task” for maintainers who “didn’t have access to expensive security teams.” cURL founder Daniel Stenberg was candid: AI-generated vulnerability reports already add load to maintainers who are stretched thin, even when the reports are good.
Glasswing is designed to provide those maintainers with AI assistance on the fix side, not just the discovery side. That’s the right intention. But it will take time to work through the system. A surge in discovered vulnerabilities means a surge in demand on maintainer capacity. The window between discovery and community fix will vary significantly by project, by maintainer bandwidth, and by the complexity of the remediation.
This applies to ActiveState’s own model as well. Our remediation SLA is measured from the availability of a community-approved fix. We are tracking the upstream implications of Glasswing closely and will be transparent with customers about what it means for timelines as the situation develops.
What that means for the security leaders we work with is this: the infrastructure you have in place to consume and apply fixes, once they exist, is at least as important as your ability to discover vulnerabilities in the first place. If your open source components are not continuously managed, built from source, and structured to receive updates through a governed pipeline, the bottleneck in your remediation cycle isn’t your scanner. It’s everything that comes after.
The fix exists. Now what?
Even when a community fix is available, most organizations cannot ship it immediately. That gap between fix availability and production deployment is where personal liability accumulates.
Applying a patch to a production system, particularly one that has been running for years, isn’t a mechanical operation. It requires assessment: does this fix introduce a regression? Does it affect a dependency that something else in the stack relies on? Has it been validated against your specific environment and platform configuration? Is there capacity in the current sprint, or does this join a queue behind feature work already committed to stakeholders?
In regulated industries, that process is more structured still. Financial services, healthcare, and critical infrastructure sectors often require formal change management review before a fix can ship, regardless of its urgency. The security team can surface the CVE, the vendor can produce the patch, and the organization can still be 30, 45, or 60 days from a clean deployment.
This isn’t a failure of process. It’s the reality of maintaining and evolving applications that have been in production for years, sometimes decades, carrying architectural decisions and dependency relationships that predate modern open source software security practices. New applications being built today have the advantage of incorporating secure software supply chain principles from the start. Legacy environments don’t have that option.
The answer isn’t to tell engineering teams to move faster. That advice doesn’t survive contact with a full sprint backlog, a change advisory board, or a compliance requirement. The answer is to reduce the manual lift per fix so the queue can actually move.
That means open source components that are continuously managed and pre-validated, where the build provenance is already established and the dependency relationships are already understood. It means remediation that arrives as a governed update through a pipeline your team already trusts, not as a one-off patch that needs to be re-evaluated from scratch. It means the security team and the engineering team operating from the same foundation, rather than the security team handing a list of CVEs to an engineering team that has no structural mechanism to absorb them at speed.
Security and engineering leaders need to be having this conversation now, before the Glasswing-driven CVE volume arrives. The organizations that will manage this well aren’t the ones that react fastest. They’re the ones that built the infrastructure that makes a fast reaction operationally possible.
What this validates
Glasswing confirms what ActiveState has been building against for years: open source software underlies nearly every production system in every enterprise, AI is generating code that depends on those libraries faster than security teams can vet it, and the attack surface is expanding at the rate of every AI code generation prompt your developers execute.
We’ve argued for years that the scan-and-pray model isn’t a security posture; it’s a documentation practice. Glasswing’s framing, and the reaction from security leaders at Cisco, CrowdStrike, and Palo Alto Networks, confirms that the window is compressing and that static security tooling will not hold.
What Glasswing doesn’t address, because it isn’t designed to, is the layer below the application code: the open source components those applications depend on, the transitive dependencies below those components, and the managed build infrastructure required to ensure that when a fix lands, it propagates cleanly through your environment. ActiveState governs open source ingestion at the point of origin, rebuilds every component from source within SLSA Level 3 infrastructure, and manages the CVE backlog against contractual remediation SLAs, so that when a fix is available, your team isn’t starting from zero.
What the prepared organization looks like
The organizations that come out ahead of the Glasswing era won’t be distinguished by how many vulnerabilities they discovered. Discovery is being democratized. They’ll be distinguished by the open source software security infrastructure they built before the volume arrived.
That infrastructure has specific characteristics: open source components built from source rather than pulled from public registries; a governed catalog that ensures developers and AI coding assistants draw from vetted, policy-controlled sources; continuous remediation with contractual SLAs so the CVE backlog doesn’t accumulate to the point where remediation becomes operationally impossible; and immutable provenance, the documented, auditable record of what entered your environment and when, that constitutes a defensible due diligence posture when regulators or your board ask questions.
In 2026, “we had a scanner” is not an answer to that question. Neither is “we were waiting on the community fix.” The standard is a reasonably designed program, and a reasonably designed program is built before the crisis, not assembled during it.
What we’d suggest doing now
This is not a moment for panic. It is a moment for clear assessment.
Get an honest accounting of your open source software security posture before the next wave of Glasswing-sourced CVEs lands in your environment. Understand where your components come from, whether they’re built from source or pulled from public registries, what your current mean time to remediate looks like for critical vulnerabilities, and whether your remediation pipeline, including the engineering capacity and change management processes required to absorb it, can handle a significant increase in volume without reverting to manual triage.
If you’d like to work through that assessment with us, that’s exactly the conversation we’re built for. ActiveState has operated at the intersection of open source software security and enterprise development teams for 20+ years. We’ve seen every cycle of the SDLC. This one is different in velocity. It isn’t different in the fundamentals that determine who comes out ahead.
Frequently Asked Questions
Project Glasswing is Anthropic’s coordinated defensive security initiative, announced in April 2026, that gives a restricted group of major technology organizations and open source maintainers access to Claude Mythos Preview, a frontier AI model capable of autonomously discovering zero-day vulnerabilities at significant scale. Participants include AWS, Apple, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, NVIDIA, Palo Alto Networks, and the Linux Foundation, alongside more than 40 organizations responsible for critical software infrastructure. The goal is to use the model for defensive security purposes, finding and fixing vulnerabilities before those same capabilities reach malicious actors.
Claude Mythos Preview is an unreleased frontier AI model from Anthropic that can autonomously discover and exploit software vulnerabilities at a level competitive with highly skilled human security researchers. Anthropic has not made the model publicly available. Access is currently limited to Glasswing participants and a small group of critical infrastructure organizations and open source maintainers. The model is notable for its ability to chain multiple vulnerabilities into working exploits and to find flaws that have survived years of automated testing.
In the near term, Glasswing will accelerate CVE disclosure rates across open source software as AI-assisted discovery surfaces vulnerabilities that have evaded detection for years. Organizations without managed open source software security infrastructure will face increasing pressure on remediation timelines, developer hours, and compliance posture. This pressure compounds at every layer of the remediation chain: waiting on a community fix, then validating it against your specific environment, then navigating change management to get it into production. The organizations best positioned are those with governed, built-from-source open source components and a managed remediation model already in place before the volume arrives.
Yes, meaningfully so. Regulated industries typically require formal change management review before a security patch can ship, regardless of severity. That process exists for good reason, but it adds time to every remediation cycle. Organizations in financial services, healthcare, and critical infrastructure that are maintaining long-running applications face this constraint acutely. The answer isn’t to short-circuit change management. It’s to reduce the manual assessment and validation work per fix so that the change management process can move at the speed the new threat environment demands.
ActiveState’s contractual SLA is 5 business days for critical CVEs, measured from the availability of a community-approved fix. Glasswing’s near-term effect will be to increase CVE discovery rates, which means the upstream maintainer community will be working through an increased queue of newly discovered vulnerabilities. We are actively tracking the implications of that upstream dynamic and will be transparent with customers about what it means for timelines. The broader point stands: without managed infrastructure designed for continuous remediation, organizations face every layer of that upstream dependency, community fix, organizational validation, and change management, with no structural advantage.
