glasswing/docs/sources/source-index.md

Source Index

All sources accessed 2026-04-14 unless noted

Primary Sources (Anthropic)

ID	Source	URL
S1	Anthropic: Project Glasswing (main page)	anthropic.com/glasswing
S2	Anthropic: Project Glasswing (partner page)	anthropic.com/project/glasswing
S3	Claude Mythos Preview System Card (244 pages)	red.anthropic.com/2026/mythos-preview/

Expert Analysis

ID	Source	URL
S4	Schneier on Security: On Anthropic's Mythos Preview	schneier.com/blog/archives/2026/04/on-anthropics-mythos-preview-and-project-glasswing.html
S5	Zvi Mowshowitz: Claude Mythos #2 (Substack)	thezvi.substack.com/p/claude-mythos-2-cybersecurity-and
S6	Simon Willison: Anthropic's Project Glasswing	simonwillison.net/2026/Apr/7/project-glasswing/
S7	Forrester: 10 Consequences	forrester.com/blogs/project-glasswing-the-10-consequences-nobodys-writing-about-yet/

Press Coverage

ID	Source	URL
S8	VentureBeat: Most powerful AI cyber model too dangerous to release	venturebeat.com/technology/anthropic-says-its-most-powerful-ai-cyber-model-is-too-dangerous-to-release
S9	NPR: How AI is getting better at finding security holes	npr.org/2026/04/11/nx-s1-5778508/anthropic-project-glasswing-ai-cybersecurity-mythos-preview
S10	NBC News: Anthropic Project Glasswing	nbcnews.com/tech/security/anthropic-project-glasswing-mythos-preview-claude-gets-limited-release-rcna267234
S11	Futurism: Claude Mythos escaped a sandbox	futurism.com/artificial-intelligence/anthropic-claude-mythos-escaped-sandbox
S12	Infosecurity Magazine: Anthropic launches Glasswing	infosecurity-magazine.com/news/anthropic-launch-project-glasswing/

Industry / Academic

ID	Source	URL
S13	Security Magazine: Expert reactions	securitymagazine.com/articles/102226-what-are-security-experts-saying-about-claude-mythos-and-project-glasswing
S14	The Conversation: Why an AI superhacker has the tech world on alert	theconversation.com/claude-mythos-and-project-glasswing-why-an-ai-superhacker-has-the-tech-world-on-alert-280374

Security Advisories & Patch Sources

ID	Source	URL
S15	FreeBSD-SA-26:08.rpcsec_gss (CVE-2026-4747)	freebsd.org/security/advisories/FreeBSD-SA-26:08.rpcsec_gss.asc
S16	NVD: CVE-2026-4747	nvd.nist.gov/vuln/detail/CVE-2026-4747
S17	OpenBSD 7.7/7.8 Errata (025_sack, 2026-03-21)	openbsd.org/errata77.html
S18	Calif.io MAD Bugs write-up (CVE-2026-4747 prompts)	github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md
S19	Firefox 149 Security Advisory (6 Anthropic-credited CVEs)	cybersecuritynews.com/firefox-149-released/
S20	SentinelOne: CVE-2026-4692 (Firefox)	sentinelone.com/vulnerability-database/cve-2026-4692/
S21	FFmpeg thanks Anthropic (PiunikaWeb)	piunikaweb.com/2026/04/08/ffmpeg-thanks-claude-mythos-16-year-bug-fix/
S22	The Hacker News: Claude Mythos Finds Thousands of Zero-Day Flaws	thehackernews.com/2026/04/anthropics-claude-mythos-finds.html
S23	Red Hat RHSA-2026:7837 (Firefox downstream)	access.redhat.com/errata/RHSA-2026:7837

Post-Announcement Analysis

ID	Source	URL
S24	Forrester: AI Will Break the Vuln Management Playbook	forrester.com/blogs/project-glasswing-shows-that-ai-will-break-the-vulnerability-management-playbook/
S25	Humai: Less Than 1% Are Patched	humai.blog/anthropic-found-thousands-of-zero-days-in-windows-macos-chrome-and-firefox-less-than-1-are-patched/
S26	Picus Security: The Glasswing Paradox	picussecurity.com/resource/blog/anthropics-project-glasswing-paradox
S27	VentureBeat: Mythos detection ceiling	venturebeat.com/security/mythos-detection-ceiling-security-teams-new-playbook/

Unverified / To Investigate

• Security firm Aisle reportedly replicated some Glasswing discoveries with cheaper models (mentioned by Schneier, S4)
• Greg Kroah-Hartman and Daniel Stenberg quotes about real AI vuln reports (mentioned by Willison, S6)