Claude's Project Glasswing Changes the Clock. Here's What SMBs Should Actually Do About It.

On April 7, 2026, Anthropic announced Project Glasswing — a cybersecurity initiative built around a model called Claude Mythos Preview that Anthropic judged too dangerous to release publicly because of its cybersecurity capabilities.

Mythos has already identified thousands of zero-day vulnerabilities across critical infrastructure, including flaws in every major operating system and every major web browser. One flaw — in OpenBSD, a security-hardened Unix variant used in firewalls worldwide — had been sitting undiscovered for 27 years. Another, in FFmpeg, the library that underpins nearly all video processing on the internet, had been missed by automated testing tools that had hit that exact line of code over five million times.

A model found them in thousands of agentic runs that each cost under fifty dollars.

That's not the story most business leaders heard. Most heard "AI finds security bugs, good news." The actual story is more complicated and — for SMB leaders — more actionable than the coverage suggests.

What actually happened

Project Glasswing is a coalition. Anthropic plus eleven launch partners — AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks — plus over forty additional organisations maintaining critical software. They have privileged access to Mythos to find and fix vulnerabilities in their systems and in the open-source stack the whole internet depends on.

Anthropic committed $100 million in model usage credits and $4 million in direct donations to open-source security organisations. Mythos itself will not be released publicly.

The deliberate read: Anthropic decided that the defensive head start was worth giving up the commercial release. The more ominous read: they believe similar capabilities will emerge from other labs within months rather than years.

Why the default read is wrong

The default read is "the tech giants are fortifying the stack, so the rest of us are safer." This is partially true and badly incomplete.

It's true that patching a 27-year-old bug in OpenBSD makes firewalls worldwide stronger. These are real public goods.

What it misses is the asymmetry of the transition. Defenders are racing to use AI to find and fix bugs before attackers can use similar AI to find and exploit them. The race isn't between good defenders and inert attackers. It's between good defenders with early access and attackers who will get equivalent capabilities from somewhere — a competitor lab, an open-weights release, a determined nation-state — and won't be constrained by responsible disclosure norms.

Bruce Schneier, writing about Glasswing, captured the asymmetry. The current advantage to defenders is a finding-versus-exploiting gap: finding a vulnerability to fix it is easier for an AI than finding it and operationalising it into an attack. That gap is real, and it's the single best piece of news in this story. But it is a gap, not a wall.

What this means for a business leader: the clock changed. The threat landscape of 2027 will be the threat landscape of 2024 multiplied by AI throughput. Defenders who were prepared get further ahead. Defenders who were barely hanging on fall further behind, at speed.

The sharper frame for SMBs

Most Glasswing commentary has been written for large enterprises with dedicated security teams. That's a small fraction of the economy. For everyone else — SMBs, mid-market firms, professional services — three things matter more than the headline.

Patches arrive faster now, but only if you accept them. The immediate effect is that the open-source components your business runs on will have more vulnerabilities found and patched at faster pace. But patches don't apply themselves. If your cadence was "when we remember" or "when the vendor forces us," the Glasswing effect passes you by.

The attacker's toolkit is changing, and your defences weren't designed for it. Even if Mythos itself never leaks, the capabilities it demonstrates will emerge elsewhere. When they do, the cost of running automated vulnerability discovery against any internet-facing surface drops toward the cost of inference. The "nobody would bother targeting us" defence was always weak. It's now obsolete.

AI agents in your business expand the surface area. At the same time defensive AI is getting dramatically better, businesses are deploying AI agents — with credentials, tool access, and autonomy — at a pace that has outpaced governance. Mythos-class capability in the hands of an attacker who finds a prompt injection path into one of your agents is not theoretical. It's the next twelve months.

What this means for how you run security

Most SMB security conversations orbit the same controls: MFA, backups, endpoint protection, phishing training, some log review. These remain necessary. What Glasswing signals is that a second layer is no longer optional.

Software supply chain discipline. You need to know what third-party software your business runs at an actual-dependency level. When a vulnerability is disclosed in a component you're running, the time between disclosure and patch-applied needs to be measured in days, not quarters.

AI agent inventory and governance. Every AI agent in your environment is a new identity with credentials, access, and autonomy. Each needs an owner, a scope, and an audit trail. Most SMBs don't know how many they have. This inventory is the single highest-ROI security exercise you can run this quarter. It costs nothing but time.

Adversary simulation. Tabletop exercises that assume 2023 attacker sophistication rehearse the wrong game. Run simulations against what your environment looks like to an AI-augmented attacker. A prompt-injection tabletop against one of your deployed agents is a useful hour.

A patching cadence you can defend. Not aspirational. Actual, documented, measured in hours to days for critical systems.

Where it breaks

Coverage has been overheated. Some of the Mythos coverage has read like marketing copy repeated as journalism. Some specific claims — particularly around what the model can do versus what the scaffolding around it is doing — have been disputed by independent security researchers. Take the capability trajectory seriously without treating any single launch as the singular inflection point. The inflection is a curve, not a cliff.

$100M sounds like a lot. It isn't, at global scale. Open-source maintainers are still chronically under-resourced. A more mature conversation — which I expect regulators to start forcing — is whether security for critical software should be public infrastructure, not a philanthropic side project of frontier labs.

What I'd do this quarter

First, an honest inventory of the third-party software your business depends on, with patching ownership named for each. If you can't produce this in a week, you have a gap that matters more than any new tool purchase.

Second, an AI agent inventory. Every agent, assistant, or AI-enabled feature, with an owner, a scope, and a credential-handling policy. One working session with your ops lead and IT provider.

Third, a tabletop for an AI-augmented attack against your environment. A prompt-injection attack on an agent that has access to your CRM, your email, or your file storage. What happens, who notices, how fast do you contain it, what do you tell your customers.

Fourth, a conversation with whoever handles your cyber insurance about AI governance expectations in your next renewal. The insurers are moving faster than most SMBs realise.

The deeper thing

Glasswing isn't the story that AI is suddenly dangerous. It's that AI has compressed the cycle between capability and consequence to a point where the old cadence of security — annual audits, quarterly patches, training that runs once a year — no longer fits the landscape.

The SMBs that do well in the next three years won't be the ones with the biggest budgets. They'll be the ones who accept that security is now a monthly rhythm, not an annual event. Inventory monthly. Controls tested monthly. Tabletop quarterly. Governance reviewed whenever an agent gets added to the stack.

That rhythm isn't expensive. It's just different. And the businesses that develop it early — before their insurer demands it, before their largest customer demands it, before an incident demands it — will spend the rest of the decade compounding the advantage.