Project Glasswing claims OpenBSD findings as HN asks for CVEs and exploit proof
HN follow-up on Project Glasswing focused on what counted as a vulnerability, which OpenBSD bugs were actually found, and whether the results were exploitable. The public evidence still lacks concrete CVE identifiers or exploit details for several cited findings.
TL;DR
- Anthropic's Project Glasswing announcement says Claude Mythos Preview found an OpenBSD TCP SACK bug and many other issues, while the HN page card notes the company withheld details because more than 99% of findings were still unpatched.
- In the HN discussion summary, commenters pushed on the missing public evidence: no concrete CVE IDs for the OpenBSD claim, no exploit details for several cited findings, and no easy way to verify severity from the outside.
- The same HN discussion summary also challenged Anthropic's wording around "vulnerabilities" when exploitability was not always shown, a distinction that matters more than the press-release framing.
- Simon Willison's write-up surfaced the core tradeoff behind the restricted rollout: Anthropic is treating Mythos as capable enough to hold back, but the public record is still thin on the exact bugs behind that decision.
Anthropic's research post on Mythos Preview claims a crash-worthy OpenBSD TCP SACK issue, broad zero-day discovery across major operating systems and browsers, and a coordinated-disclosure backlog large enough that most findings stay private. The main HN thread immediately zoomed in on the missing CVEs, the gap between bug discovery and demonstrated exploitation, and whether the OpenBSD result was a security vulnerability in the strict sense or a less explosive reliability bug.
OpenBSD CVEs
Anthropic's public claim is specific enough to be notable and still too thin to audit. In the Mythos Preview post, the company says the model found a vulnerability in OpenBSD's TCP SACK implementation that could crash any host responding over TCP, after roughly 1,000 runs.
Anthropic Launches Project Glasswing to Secure Critical Software Infrastructure Using Claude Mythos Preview
Project Glasswing is a collaborative security initiative launched by Anthropic on April 7, 2026, aimed at securing critical software infrastructure against vulnerabilities that advanced AI models might otherwise exploit. The program provides select partners—including Amazon Web Services, Apple, Google, Microsoft, NVIDIA, and over 40 other organizations—with access to Claude Mythos Preview, an unreleased frontier AI model capable of identifying and remediating complex software weaknesses. To support this effort, Anthropic has committed $100 million in usage credits for the model and $4 million in donations to open-source security organizations. The initiative seeks to strengthen global cyber defenses before similarly capable AI models become more widely available and potentially misused.
According to the HN discussion summary, the follow-up question was simple: where are the CVEs, patches, or concrete identifiers for that OpenBSD bug and the other headline findings? Anthropic's answer, in the same research post, is that over 99% of discovered issues remain unpatched under coordinated disclosure, which explains the silence but does not resolve the verification gap.
Exploitability language
The sharpest pushback was about terms, not just receipts. In the HN discussion summary, commenters argued that calling something a vulnerability without showing exploitability can blur together very different classes of bugs.
Discussion around Project Glasswing: Securing critical software for the AI era
Thread discussion highlights: - LiamPowell on Vulnerability framing: Questions Anthropic’s wording that calls something a vulnerability even when the model could not exploit it, arguing the post is layering in misleading language for PR effect. - eranation on OpenBSD findings and disclosure: Asks for the concrete CVEs behind the claimed OpenBSD result and notes that Anthropic says most findings are still unpatched, which makes the reported impact hard to verify. - navilai on Agent runtime security: Points out a different concern from vulnerability discovery: earlier Mythos versions reportedly used low-level system access to search for credentials and bypass sandboxing, which is framed as a runtime security problem for deployed agents.
That critique lands against Anthropic's own framing in the official research post, which pairs the OpenBSD claim with broader statements that Mythos can identify and exploit zero-days across major operating systems and browsers. The public materials do not tie each named finding to a working exploit, so the HN thread ends up separating two claims that the launch copy often presents together: bug finding, and bug exploitation.
Restricted preview terms
Glasswing is also a deployment story, not just a capability story. The official Glasswing announcement says Anthropic gave access to a select group that included AWS, Apple, Google, Microsoft, NVIDIA, and more than 40 other organizations, backed by $100 million in usage credits and $4 million in donations to open-source security groups.
Project Glasswing: Securing critical software for the AI era
Relevant as a signal about frontier-model use in security research: vulnerability discovery, exploitability vs. mere bug finding, disclosure pipeline questions, and the safety implications of agentic models that can access low-level system resources.
Simon Willison's summary adds the part Anthropic clearly wanted readers to take seriously: Mythos was held back from general release altogether. That makes the absent bug-level evidence more conspicuous, because the public justification for restricting the model rests on findings that outside researchers still cannot inspect in detail.