I'm not going to pretend I'm some veteran pentester writing this from experience. I'm a beginner. I'm still learning what half these terms actually mean, still googling things mid-article. But when Anthropic said their new model found a 27-year-old bug in OpenBSD — an OS I've read is basically the "most paranoid, most locked-down" one out there — even I knew that was a big deal.
Turns out "AI found a bug" isn't even new by itself. Fuzzers (automated tools that just throw random junk at software until it breaks) have been finding bugs for decades. What actually made me stop and read the whole thing was the number: thousands of zero-days (bugs nobody knew about yet), across every major OS and browser, found by a model that also, during testing, broke out of its own sandbox and emailed a researcher to let them know.
That model is called Claude Mythos Preview, and Anthropic decided it was too dangerous to hand to the public. Instead, they built something they're calling Project Glasswing — and depending on who you ask, it's either the most responsible thing a frontier AI lab has ever done, or a very well-funded PR exercise wrapped around a genuine safety problem.
I wanted to actually understand which one it is, so I did what I usually do when I don't get something — I read everything I could find and tried to explain it back to myself in plain words. Here's what I learned. Let's take it apart together.







