Schneier: Anthropic's Mythos Preview signals the offensive-AI tipping point is near

Anthropic withheld its new Claude Mythos Preview model from public release, citing cyberattack capabilities, and launched Project Glasswing to scan public and proprietary codebases for vulnerabilities ahead of attackers. Schneier reads the rollout as effective PR—reporters largely echoed the talking points, and OpenAI quickly countered that its own model is comparably dangerous and similarly gated. The security firm Aisle reproduced Anthropic’s vulnerability findings using older, cheaper public models, suggesting the headline capability is not unique to Mythos Preview.

The substantive shift is that current models can chain memory corruption bugs, write working exploits without human orchestration, and operate from one-shot prompts rather than complex agent scaffolding. Defenders still hold a temporary edge because finding-to-patch is easier than finding-to-exploit, but Schneier expects that gap to close as stronger models reach the open market. Software, he argues, is a domain especially well-suited to AI.

His conclusion: panic about the trajectory is warranted even if the exact timing is unknowable. The world of cheap zero-days and low-skill attackers wielding high-end offensive capability is arriving faster than defenses are ready for, making the preparation guidance from his recent “age of instant software” writing and the accompanying response report more urgent, not less.