[!] SECURITY ADVISORY SA-2026-0041  |  CLASSIFICATION: CRITICAL  |  AI-ENABLED ZERO-DAY EXPLOITATION NOW ACTIVE IN THE WILD

THREAT BULLETIN // APRIL 2026

Frontier AI Can Now Find and Exploit
Zero-Day Vulnerabilities at Scale.
Is Your Infrastructure Ready?

Anthropic's Project Glasswing demonstrated that frontier AI models can autonomously discover and exploit critical vulnerabilities — including 27-year-old bugs in OpenBSD, 16-year-old flaws in FFmpeg, and chained Linux kernel exploits. The attack surface for every organization just expanded by orders of magnitude.

BEGIN SECURITY ASSESSMENT

Response time: <4 hours · NDA available · No obligation

$ TRUSTED BY ENTERPRISE SECURITY TEAMS · ALIGNED WITH NIST, SOC 2, ISO 27001 · POWERED BY SAWFWAIR
ACTIVE THREAT DATA

The Numbers Are Already Moving

These are not projections. Project Glasswing's results demonstrate capabilities that fundamentally change the threat calculus for every software organization.

1000s Zero-day vulnerabilities discovered by a single AI model in production codebases
27 YRS Oldest undiscovered bug found — hiding in OpenBSD, one of the most security-hardened operating systems in the world
$500B+ Estimated annual global cybercrime cost — and AI is accelerating the threat velocity
83.1% Mythos Preview score on CyberGym vulnerability benchmark — up from 66.6% in prior generation

Sources: Anthropic Project Glasswing Announcement, Cybersecurity Ventures, CyberGym Benchmark

CAPABILITIES

Comprehensive Threat Preparation

GlasswingPrep provides end-to-end security services designed specifically for the AI-accelerated threat landscape.

01
AI-Augmented Code Audit Deep analysis of your codebase using the same frontier AI techniques attackers will use. We find what scanners miss — logic flaws, authentication bypasses, and chained exploit paths.
02
Adversarial Penetration Testing We simulate AI-powered attack campaigns against your infrastructure. Not checkbox compliance — real adversarial emulation calibrated to frontier model capabilities.
03
Supply Chain Security Review Your dependencies are your attack surface. We audit third-party libraries, container images, and build pipelines for vulnerabilities that AI-powered attackers can discover in seconds.
04
Compliance & Certification Readiness Structured remediation plans aligned to NIST CSF, SOC 2 Type II, ISO 27001, and emerging AI-specific security frameworks. Audit-ready documentation included.
05
Continuous Monitoring & Response Ongoing vulnerability monitoring calibrated to the evolving capabilities of AI-powered threat actors. Monthly threat briefings and priority patching guidance.
06
Executive Threat Briefing Board-ready presentations on organizational risk exposure in the post-Glasswing threat landscape. Translate technical findings into business impact.
INDUSTRY RESPONSE

What the Security Community Is Saying

"AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats, and there is no going back. Providers of technology must aggressively adopt new approaches now, and customers need to be ready to deploy."
Anthony Grieco SVP & Chief Security & Trust Officer, Cisco
"We've been testing Claude Mythos Preview in our own security operations, applying it to critical codebases, where it's already helping us strengthen our code. We're bringing deep security expertise to our partnership with Anthropic and are helping to harden Claude Mythos Preview so even more organizations can advance their most ambitious work."
Amy Herzog Vice President and CISO, Amazon Web Services
"As we enter a phase where cybersecurity is no longer bound by purely human capacity, the opportunity to use AI responsibly to improve security and reduce risk at scale is unprecedented. When tested against CTI-REALM, our open-source security benchmark, Claude Mythos Preview showed substantial improvements compared to previous models."
Igor Tsyganskiy EVP of Cybersecurity and Microsoft Research, Microsoft
"The window between a vulnerability being discovered and being exploited by an adversary has collapsed — what once took months now happens in minutes with AI. If you want to deploy AI, you need security. That is why CrowdStrike is part of this effort from day one."
Elia Zaitsev Chief Technology Officer, CrowdStrike
"Open source software constitutes the vast majority of code in modern systems. By giving the maintainers of these critical open source codebases access to a new generation of AI models that can proactively identify and fix vulnerabilities at scale, Project Glasswing offers a credible path to changing that equation."
Jim Zemlin CEO, The Linux Foundation
"Over the past few weeks, we've had access to the Claude Mythos Preview model, using it to identify complex vulnerabilities that prior-generation models missed entirely. It's clear that these models need to be in the hands of open source owners and defenders everywhere to find and fix these vulnerabilities before attackers get access."
Lee Klarich Chief Product & Technology Officer, Palo Alto Networks
PROCESS

From Exposure to Readiness in Four Steps

01 REQUEST ASSESSMENT Submit your assessment request. Our team responds within 4 hours with an NDA and scoping questionnaire.
02 AI-POWERED SCAN We deploy frontier AI models to analyze your codebase, infrastructure, and dependencies — the same techniques threat actors will use against you.
03 REMEDIATION PLAN Receive a prioritized, actionable remediation plan with severity ratings, exploit chain analysis, and estimated remediation timelines.
04 VERIFICATION We verify all remediations, provide compliance documentation, and issue a GlasswingPrep security certification for your organization.

THE WINDOW IS CLOSING

Begin Your Assessment
Before Your Adversaries Do

REQUEST ASSESSMENT

— OR —

assess@glasswingprep.com

Response time: <4 hours · Full NDA before scoping · Enterprise and startup plans available