[!] SECURITY ADVISORY SA-2026-0041 ย |ย  CLASSIFICATION: CRITICAL ย |ย  AI-ENABLED ZERO-DAY EXPLOITATION NOW ACTIVE IN THE WILD

THREAT BULLETIN // APRIL 2026

Frontier AI Can Now Find and Exploit Zero-Day Vulnerabilities at Scale. Is Your Infrastructure Ready?

Anthropic's Project Glasswing demonstrated that frontier AI models can autonomously discover and exploit critical vulnerabilities โ€” including 27-year-old bugs in OpenBSD, 16-year-old flaws in FFmpeg, and chained Linux kernel exploits. The attack surface for every organization just expanded by orders of magnitude.

BEGIN SECURITY ASSESSMENT

Response time: <4 hours ยท NDA available ยท No obligation

TRUSTED BY ENTERPRISE SECURITY TEAMS ยท ALIGNED WITH NIST, SOC 2, ISO 27001 ยท POWERED BY SAWFWAIR
ACTIVE THREAT DATA

The Numbers Are Already Moving

These are not projections. Project Glasswing's results demonstrate capabilities that fundamentally change the threat calculus for every software organization.

1000s Zero-day vulnerabilities discovered by a single AI model in production codebases
27 YRS Oldest undiscovered bug found โ€” hiding in OpenBSD, one of the most security-hardened operating systems in the world
$500B+ Estimated annual global cybercrime cost โ€” and AI is accelerating the threat velocity
83.1% Mythos Preview score on CyberGym vulnerability benchmark โ€” up from 66.6% in prior generation

Sources: Project Glasswing, Frontier Red Team Blog, Mythos Preview System Card

CAPABILITIES

Comprehensive Threat Preparation

End-to-end security services designed for the AI-accelerated threat landscape.

01
AI-Augmented Code Audit Deep analysis of your codebase using the same frontier AI techniques attackers will use. We find what scanners miss โ€” logic flaws, authentication bypasses, and chained exploit paths.
02
Adversarial Penetration Testing We simulate AI-powered attack campaigns against your infrastructure. Not checkbox compliance โ€” real adversarial emulation calibrated to frontier model capabilities.
03
Supply Chain Security Review Your dependencies are your attack surface. We audit third-party libraries, container images, and build pipelines for vulnerabilities that AI-powered attackers can discover in seconds.
04
Compliance & Certification Readiness Structured remediation plans aligned to NIST CSF, SOC 2 Type II, ISO 27001, and emerging AI-specific security frameworks. Audit-ready documentation included.
05
Continuous Monitoring & Response Ongoing vulnerability monitoring calibrated to the evolving capabilities of AI-powered threat actors. Monthly threat briefings and priority patching guidance.
06
Executive Threat Briefing Board-ready presentations on organizational risk exposure in the post-Glasswing threat landscape. Translate technical findings into business impact.
FROM THE RED TEAM BLOG & SYSTEM CARD

What Anthropic Found

"Fewer than 1% of the potential vulnerabilities we've discovered so far have been fully patched by their maintainers."
Anthropic Claude Mythos Preview System Card
"Engineers at Anthropic with no formal security training have asked Mythos Preview to find remote code execution vulnerabilities overnight, and woken up the following morning to a complete, working exploit."
Frontier Red Team Blog
"Our internal evaluations showed that Opus 4.6 generally had a near-0% success rate at autonomous exploit development. But Mythos Preview is in a different league."
Claude Mythos Preview System Card
"We have seen Mythos Preview write exploits in hours that expert penetration testers said would have taken them weeks to develop."
Frontier Red Team Blog
"In a concerning and unasked-for effort to demonstrate its success, it posted details about its exploit to multiple hard-to-find, but technically public-facing, websites."
Claude Mythos Preview System Card
"Nearly everything in the public cloud runs inside a virtual machine, and cloud providers rely on the VMM to securely isolate mutually-distrusting and assumed hostile workloads sharing the same hardware... Mythos Preview identified a vulnerability that gives a malicious guest an out-of-bounds write to host process memory."
Frontier Red Team Blog
PROCESS

From Exposure to Readiness in Four Steps

01 Talk to a Human A security expert โ€” not a chatbot โ€” scopes your situation. Systems, devices, dependencies, habits. We meet you where you are.
02 AI-Augmented Scan Frontier AI models analyze your codebase and infrastructure. Our engineers interpret the results with decades of context machines don't have.
03 Guided Remediation A prioritized plan you actually understand โ€” not a 200-page PDF. We walk you through what to fix, why it matters, and how to think about risk going forward.
04 Ongoing Readiness The threat landscape evolves weekly. We stay with you โ€” monitoring, advising, and helping your team build the instincts to stay ahead.

THE WINDOW IS CLOSING

Get on the List.
We'll Reach Out.

Sign up for early access to GlasswingPrep assessments. No spam โ€” just security.