On 16 July 1945, the Trinity test lit up the New Mexico desert and the world changed forever. On 7 April 2026, Anthropic announced Project Glasswing. No flash. No mushroom cloud. But the same sickening realisation: something exists now that cannot be un-invented.

Project Glasswing is a coalition of Anthropic, AWS, Apple, Google, Microsoft, CrowdStrike, Palo Alto Networks, NVIDIA, and others, built around a single model: Claude Mythos. A frontier AI that can find and exploit software vulnerabilities better than virtually any human alive.

Not theoretically. Not in a sandbox. In the real world. In every major operating system. In every major web browser. Thousands of zero-day vulnerabilities, some of which survived decades of human review and millions of automated security tests. Found and exploited autonomously. No human in the loop.

This is AI's Manhattan Project moment. And the parallels are more uncomfortable than they first appear.

The Good Guys Built It First

The Manhattan Project was a race. The Allies knew that nuclear fission was theoretically possible, and they knew the Axis powers were working on it. The entire programme was predicated on a simple, terrifying logic: if this thing is going to exist, it had better exist in our hands first.

Project Glasswing follows the same logic. Anthropic built Mythos and, instead of releasing it or selling it, assembled a defensive coalition of the most capable security organisations on the planet. They committed $100M in usage credits. They brought in the Linux Foundation and over 40 organisations that maintain critical open-source infrastructure. They published their findings.

That is the right call. And it is temporary.

Because here's what the Manhattan Project taught us: monopolies on world-changing capabilities don't last. The US had a nuclear monopoly for four years. The Soviet Union tested its first bomb in 1949. Within two decades, five nations had nuclear weapons. Today, nine.

The difference with AI is that the proliferation timeline isn't measured in years. It's measured in months. If Anthropic can build Mythos, so can OpenAI, Google DeepMind, Mistral, and every well-resourced state actor. The race isn't starting. It's already underway.

Where the Analogy Breaks Down (and Gets Worse)

The Manhattan Project had a natural brake: material constraints. You needed enriched uranium or plutonium. You needed centrifuges, reactor facilities, and supply chains that were extraordinarily difficult to build in secret. Those physical constraints slowed proliferation for years.

Mythos has no equivalent constraint. There is no enriched uranium. There is no centrifuge. There is compute, data, and engineering talent, all of which are globally distributed and getting cheaper by the month.

A nuclear weapon requires a nation-state level of resources. An AI model that can chain zero-day exploits to get root on a Linux box requires a well-funded lab and a few months of focused training. The barrier to entry is orders of magnitude lower.

That is what makes this scarier than 1945. The capability will proliferate faster, to more actors, with fewer controls. And unlike a nuclear weapon, you can use it quietly. No satellite can photograph an AI model running an exploit chain.

The Knowledge Gap Just Evaporated

Until last week, finding a zero-day exploit in a major operating system required deep, rare expertise. The kind of person who could read kernel code, identify a subtle memory corruption bug, and chain it with three other flaws to achieve privilege escalation was one in ten thousand. Maybe one in a hundred thousand.

We've already seen what happens when less capable models get pointed at this problem. People have been throwing existing AI models at bug bounty programmes for the past year, hoping to get lucky. Occasionally they did. A real vulnerability found by a model that didn't truly understand what it had found. But mostly what they generated was noise: low-quality, AI-generated reports that overwhelmed the people trying to maintain critical software.

The cURL project, one of the most widely deployed pieces of software on Earth, shut down its HackerOne bug bounty programme in January 2026 specifically because of this. After years of success and 87 confirmed vulnerabilities, the programme was killed by what maintainer Daniel Stenberg called "AI slop": a flood of poorly researched, often completely fabricated vulnerability reports generated by people running AI models they didn't understand against code they'd never read. The signal-to-noise ratio became unsurvivable.

That was the warm-up act. People using blunt AI tools to fish for bugs they couldn't verify themselves.

Mythos is something entirely different. It doesn't fish. It doesn't generate slop. It reads the code, identifies the vulnerability, understands the context, builds the exploit chain, and verifies it works. Autonomously. The operator doesn't need to understand the exploit. They don't need to read the code. They don't need a decade of experience. They need access to the model.

This is the equivalent of handing nuclear launch codes to anyone with a laptop. The knowledge barrier that kept the most dangerous cyber capabilities in the hands of a small number of skilled humans has collapsed overnight.

The difference between the cURL bug bounty slop and Mythos is the difference between a child throwing rocks at a wall and a demolition engineer placing charges. One is annoying and occasionally dangerous. The other brings the building down.

The model is the expertise. And expertise, unlike uranium, can be copied.

You Can No Longer Trust Your Own Eyes

Here's where this stops being an abstract security discussion and starts being personal.

We've spent two years watching deepfakes improve. Synthetic voices. Generated video. Cloned identities. Interesting demos, mostly. Concerning, occasionally.

Now combine those capabilities with a model that can autonomously compromise systems, manipulate logs, fabricate evidence, and craft targeted exploits tailored to your specific infrastructure.

An email from your CEO? Could be synthetic. A video call with your supplier? Could be generated. The security audit that says you're clean? Could have been manipulated by something that understands your systems better than your own team does. The bank transfer confirmation you just received? Could be the final step in an exploit chain that started six weeks ago.

This is the tipping point. Not a gradual erosion of trust, but a cliff edge. The verification mechanisms we've relied on for decades, human review, visual confirmation, "I saw it with my own eyes", are no longer sufficient.

We're entering an era where you need cryptographic proof of everything, or you have proof of nothing.

The Arms Race Has Started

The uncomfortable truth about arms races is that defence always lags offence. It's easier to find one hole than to patch every possible hole. Mythos can scan millions of lines of code and find the single flaw that matters. Defenders have to secure all of them.

The Manhattan Project led to a nuclear arms race that lasted decades and nearly ended civilisation twice. The cyber equivalent will be faster, less visible, and harder to control through treaties because you can't inspect an AI model the way you can inspect a missile silo.

Project Glasswing is the first serious attempt to give defenders a head start. But it is a head start, not a solution. The next 12 to 18 months are going to be brutal. Expect:

  • A spike in sophisticated attacks as offensive capabilities proliferate beyond responsible actors
  • A collapse in the value of traditional security audits that rely on human review alone
  • A scramble by enterprises to understand what "AI-native security" actually means
  • Regulatory panic as governments realise the threat landscape has shifted faster than policy can adapt
  • A reckoning for the SaaS model as organisations realise that every additional system in their stack is another target

The Structural Problem Nobody Wants to Talk About

This is where the conversation shifts from security to architecture.

Most businesses today run on a patchwork of a dozen or more SaaS products. Each with its own security model. Its own data handling. Its own update cycle. Its own API integrations. Its own attack surface.

Every one of those systems is a target. Every integration point is a potential vulnerability. Every third-party vendor is a dependency you don't fully control. Every API key is a door.

In a pre-Mythos world, the complexity was manageable because exploiting it required human expertise and time. In a post-Mythos world, an AI model can map your entire attack surface, identify the weakest link across all twelve systems, and chain exploits across integration points faster than your security team can read the morning's alerts.

The businesses that survive this era will be the ones that consolidate. Not because consolidation is fashionable, but because reducing your attack surface is now a survival strategy.

One platform that runs your core operations is inherently more defensible than twelve disconnected tools held together with API keys and optimism. Not because one platform is invulnerable, but because one platform has one security model, one update cycle, one perimeter to defend. Twelve systems have twelve of each, and the gaps between them are where the exploits live.

This isn't about any specific vendor or product. It's about architectural thinking. If your business infrastructure looks like a sprawl of point solutions connected by brittle integrations, the question isn't whether you'll be compromised. It's when, and whether you'll even know about it.

Oppenheimer's Words

After Trinity, Robert Oppenheimer famously quoted the Bhagavad Gita: "Now I am become Death, the destroyer of worlds."

Dario Amodei, Anthropic's CEO, hasn't said anything quite so dramatic. But the subtext of Project Glasswing is the same: we built something that changes the balance of power, and we're trying to make sure it's used for defence before it's used for attack.

The difference is that Oppenheimer had decades before proliferation became uncontrollable. Amodei has months.

What You Should Do

If you're a business leader reading this, three things:

  1. Assume you're vulnerable. Not as a thought exercise. As a planning assumption. If a model can find zero-days in Linux, Windows, and every major browser, your custom web app is not the exception.

  2. Audit your architecture, not just your code. How many systems do you depend on? How many integration points exist? How many third-party vendors have access to your data? Every system you can eliminate is an attack surface you no longer have to defend. Every integration you can remove is an exploit chain you've broken.

  3. Start preparing for a world where trust requires proof. Digital signatures, cryptographic verification, zero-trust architecture. These aren't buzzwords any more. They're the minimum viable security posture for a post-Mythos world.

The era of "move fast and break things" is over. We've entered the era of "move carefully, or get broken."

If you're thinking about consolidating your technology stack, reducing your attack surface, or understanding what this shift means for your business, I'd welcome the conversation.