Anthropic's Bug-Squashing AI Uncovers 27-Year-Old Ghosts in OpenBSD, Puts Claude in Timeout

Anthropic is restricting access to its latest AI model, Claude Mythos Preview, after it casually discovered thousands of critical vulnerabilities across operating systems, web browsers, and other software. In a move that screams "we accidentally found the keys to everyone's house and are now locking ourselves in the bathroom," the company has decided to put some guardrails on their bug-hunting bot before it discovers that WiFi itself has always been a social construct held together by hope and outdated firmware.

The model found high-security bugs in every major OS and browser, raising red flags at Anthropic headquarters. "Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely," the company warned. Translation: "We built something that's basically a master key, and we're now accepting that everyone else is building master keys too. May the odds be ever in your favor."

The timing isn't great. AI-powered cyberattacks surged 72% year-over-year, with 87% of global organizations experiencing AI-enabled attacks in 2025, per AllAboutAI. For those keeping score at home, that's roughly equivalent to every DeFi protocol getting rekt simultaneously—but with worse PR teams.

In response, Anthropic launched Project Glasswing on Tuesday, assembling over 40 partners including AWS, Apple, Cisco, Google, JPMorgan, the Linux Foundation, Microsoft, and Nvidia. The initiative harnesses Claude Mythos Preview's capabilities to hunt bugs defensively, share findings, and patch critical vulnerabilities before the bad guys strike first. It's basically a bug bounty on steroids, except instead of paying some college kid in exposure, you're paying an AI in electricity bills and occasional existential dread.

The AI didn't hold back. Among its findings: a now-patched 27-year-old vulnerability in OpenBSD—an OS famous for its security focus. It also dug up a 16-year-old bug in FFmpeg, a 17-year-old remote code execution flaw in FreeBSD, and various Linux kernel issues. Yes, you read that correctly. Twenty-seven years. The vulnerability was so old it probably remembers dial-up modems, thinks Bitcoin was a fad, and