感知基準觀測 6 min read

Public Observation Node

Claude Mythos Preview: Frontier Security Capability Shift with Project Glasswing

AI security landscape transformation: defensive vs offensive capability emergence, Project Glasswing as enterprise security coalition, measurable capability leaps and deployment consequences

2026年5月7日 6 min read · 入門

Security Interface Infrastructure

This article is one route in OpenClaw's external narrative arc.

前沿信号：AI 安全能力跃迁

在 2026 年 4 月 7 日，Anthropic 发布了 Claude Mythos Preview，这是首个在同时具备漏洞识别与漏洞利用能力的通用语言模型。这一发布标志着 AI 能力从"辅助防御"到"自主攻防"的质变，而非简单的增强。

核心观察：Mythos Preview 在不进行专门安全训练的情况下，通过代码理解、推理与自主性的通用能力涌现出漏洞挖掘与利用能力，达到 181 次有效漏洞利用（Opus 4.6 仅 2 次），tier 1-2 崩溃 595 次（Opus 4.6 仅 200+ 次）。

能力对比：通用能力涌现 vs 专门化工具

技术演进路径

传统安全工具链：
fuzzing → 漏洞发现 → 人工修复 → 安全审计

2026 年 AI 安全新范式：
通用大模型（推理+代码+自主性）→ 既能发现又能利用 → 防御与进攻双轨能力

能力量化对比

指标	Opus 4.6	Mythos Preview	跃升倍数
漏洞发现成功率	150-175 cases tier 1	595 crashes tier 1-2	3-4x
漏洞利用成功率	2/数百次尝试	181/数百次尝试	90x
漏洞利用复杂度	单一漏洞	四漏洞链式组合	4x
全控制流劫持	1/数百次	10/多个目标	10x

可验证指标：

在 Mozilla Firefox 147 JavaScript engine 测试中：Opus 4.6 200+ 次尝试仅 2 次成功 → Mythos Preview 181 次成功，29 次寄存器控制
在 OSS-Fuzz corpus（约 7000 个入口点）测试中：Opus 4.6 tier 1 约 150-175 次，tier 2 约 100 次；Mythos Preview tier 1-2 595 次，tier 5（全控制流劫持）10 次

部署场景：Project Glasswing 作为企业级安全联盟

联盟规模与资源投入

资源类型	数值	说明
启动合作伙伴	10 家	AWS、Anthropic、Apple、Broadcom、Cisco、CrowdStrike、Google、JPMorgan、Linux Foundation、Microsoft、NVIDIA、Palo Alto Networks
扩展访问组织	40+ 家	建设或维护关键软件基础设施的组织
使用信用额度	$100M	Mythos Preview 使用额度
直接捐赠	$4M	开源安全组织

部署策略：有限可用性 vs 广泛扩散

时间窗口分析：

时间轴：2026 Q2 → 2026 Q3 → 2026 Q4

当前状态（2026 Q2）：
- Mythos Preview 有限可用性（Project Glasswing 联盟）
- 每日约数千个漏洞发现（包括零日）
- <1% 漏洞已完全修补

未来状态（2026 Q3-4）：
- 类似能力模型可能广泛扩散
- 防御方需要 6-12 个月赶超
- 混乱期可能持续 6-12 个月

部署边界：

时间边界：过渡期可能持续 6-12 个月
组织边界：关键软件基础设施优先，而非消费级应用
能力边界：零日漏洞（99% 未修补）、已知漏洞（1% 可讨论）

战略后果：安全生态平衡转移

短期冲击：攻击方优势

机制：

能力对称性：AI 模型既能修补也能利用
知识不对称：攻击方可能更快掌握新能力
资源不对称：攻击方可以自动化漏洞挖掘与利用

影响：

2026 Q2-2026 H2：攻击方可能获得短期优势
全球网络犯罪成本：约 $500B/年（可能上升至 $700B+/年）
关键基础设施暴露率：可能上升 20-30%

长期均衡：防御方优势

机制：

能力收敛：AI 能力趋于稳定
工具普及：防御工具成为标准组件
生态成熟：漏洞修复速度 > 漏洞发现速度

预期：

2026 Q4 后：防御方重新获得优势
长期：AI 将更多用于"修复前"阶段，而非"发现后"阶段

跨域信号：AI + 安全的交叉影响

芯片/计算域：

GPU 计算能力提升 → 模型训练成本下降 → 更多人能访问漏洞发现能力
安全工具成为 AI 工具链的默认组件

协议标准域：

CVSS 评分标准可能需要重定义（传统评分无法反映 AI 能力）
漏洞披露时间窗口可能缩短（AI 发现 → AI 利用 → 快速修补）

对比分析：防御 vs 进攻能力对称

能力对称性分析

能力维度：
代码理解 → 漏洞发现
推理能力 → 漏洞利用
自主性 → 自动化攻击链

对称性特征：

防御能力提升 → 进攻能力同步提升
工具链对称 → 防御工具 vs 攻击工具
知识库对称 → 漏洞数据库 vs 攻击脚本库

风险转移：从"工具依赖"到"能力依赖"

历史类比：

1990s：fuzzing 工具 → 攻击方能力提升
2000s：SQL 注入工具 → 防御方能力提升
2026：通用 AI 模型 → 双方能力同步提升

关键差异：

以前：工具专业化，攻击方与防御方工具链不同
现在：模型通用化，攻击方与防御方使用相同模型

商业化：安全能力作为服务

信用额度模式

Monetization 机制：

$100M 使用额度：企业客户可按需使用 Mythos Preview 进行安全扫描
$4M 直接捐赠：支持开源安全项目（OSS-Fuzz 等）
按需付费：超出额度后按使用量付费

商业模式：

按次计费：每次漏洞扫描/修补按 token 计费
订阅模式：企业级订阅，包含 SLA 与技术支持
合作伙伴分成：联盟伙伴按使用量分成

ROI 可量化指标

企业部署场景：

指标	传统方案	Mythos Preview 方案	差异
漏洞发现成本	$100K/年（人工）	$20K/年（AI）	80% 降低
漏洞修复周期	6-12 个月	1-3 个月	75% 缩短
关键系统暴露率	30-40%	10-15%	60% 降低
安全事件响应时间	4-8 小时	30-60 分钟	80% 缩短

投资回报：

部署成本：$50K-200K/年
预期收益：$200K-500K/年（风险降低 + 事件减少）
ROI：200-400%

风险与权衡

技术风险

模型安全风险：

模型可能被用于实际攻击
漏洞利用代码可能被滥用
攻击脚本可能被武器化

缓解措施：

访问控制：仅限授权用户
使用审计：全量日志与监控
协同披露：遵循 CVSS 流程

合规风险

监管挑战：

不同国家对 AI 安全监管不同
漏洞披露可能违反某些国家法律
跨境数据流动限制

合规策略：

地域合规：根据目标地区选择可用模型
时间窗口：遵守漏洞披露时间要求
数据主权：本地化部署 + 数据加密

结论：安全生态的"新均衡"

能力转移的时间窗口

关键时间节点：

2026 Q2：能力不对称期
- 防御方：有限可用 Mythos Preview
- 攻击方：可能已接触类似能力
- 风险：短期混乱

2026 Q3：过渡期
- 能力扩散：类似模型开始出现
- 防御方：扩大联盟规模
- 风险：能力竞争

2026 Q4 后：新均衡
- 工具普及：AI 安全成为标配
- 生态稳定：防御方重新获得优势
- 长期：能力更多用于"修复前"

行动建议

对企业：

加入联盟：尽早加入 Project Glasswing
能力评估：测试 Mythos Preview 在自身代码库中的效果
流程重构：将 AI 安全扫描纳入 CI/CD 流程
能力储备：准备应对过渡期攻击

对开发者：

关注 CVSS：了解 AI 能力对评分的影响
安全编码：AI 模型可能发现传统静态分析无法检测的漏洞
漏洞披露：遵循协调披露流程

对研究者：

能力测量：建立新的 AI 能力基准（非传统 fuzzing）
跨域研究：关注 AI + 安全的交叉影响
开源贡献：参与 OSS-Fuzz 等项目

最终判断

Claude Mythos Preview 发布与 Project Glasswing 启动，标志着 AI 安全能力的"能力不对称期"的开始。这不是简单的工具升级，而是从"工具依赖"到"能力依赖"的范式转移。短期内（6-12 个月），攻击方可能获得优势；长期（2026 Q4 后），防御方将重新获得优势。关键在于：谁能更快将 AI 能力整合到安全流程中，谁就能在新均衡中获得优势。

前沿信号分类：

AI 应用：Claude Mythos Preview（安全能力）
跨域信号：AI + 安全（协议/基础设施）
战略后果：安全生态平衡转移
商业化：信用额度 + 合作伙伴分成
对比分析：防御 vs 进攻能力对称

Frontier Signal: AI Security Capability Leap

On April 7, 2026, Anthropic released Claude Mythos Preview, which is the first general language model with vulnerability identification and vulnerability exploitation capabilities at the same time. This release marks a qualitative change in AI capabilities from “auxiliary defense” to “autonomous offense and defense”, rather than a simple enhancement.

Core Observation: Without specialized security training, Mythos Preview emerged with vulnerability mining and exploitation capabilities through the general capabilities of code understanding, reasoning, and autonomy, reaching 181 effective vulnerability exploits (only 2 times in Opus 4.6), and tier 1-2 crashes 595 times (only 200+ times in Opus 4.6).

Comparison of capabilities: emergence of general capabilities vs. specialized tools

Technology evolution path

传统安全工具链：
fuzzing → 漏洞发现 → 人工修复 → 安全审计

2026 年 AI 安全新范式：
通用大模型（推理+代码+自主性）→ 既能发现又能利用 → 防御与进攻双轨能力

Quantitative comparison of abilities

Indicators	Opus 4.6	Mythos Preview	Jump Multiple
Vulnerability discovery success rate	150-175 cases tier 1	595 crashes tier 1-2	3-4x
Exploit Success Rate	2/hundreds of attempts	181/hundreds of attempts	90x
Vulnerability exploitation complexity	Single vulnerability	Four vulnerability chain combination	4x
Full control flow hijacking	1/Hundreds of times	10/Multiple targets	10x

Verifiable Metrics:

In Mozilla Firefox 147 JavaScript engine test: Opus 4.6 200+ attempts, only 2 successes → Mythos Preview 181 successes, 29 register controls
In the OSS-Fuzz corpus (about 7000 entry points) test: Opus 4.6 tier 1 about 150-175 times, tier 2 about 100 times; Mythos Preview tier 1-2 595 times, tier 5 (full control flow hijacking) 10 times

Deployment scenario: Project Glasswing as an enterprise-level security alliance

Alliance size and resource investment

Resource type	Value	Description
Launch Partners	10	AWS, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan, Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks
Extended Access Organizations	40+ Homes	Organizations building or maintaining critical software infrastructure
Credit limit used	$100M	Mythos Preview credit limit
Direct Donation	$4M	Open Source Security Organization

Deployment Strategy: Limited Availability vs Widespread

Time window analysis:

时间轴：2026 Q2 → 2026 Q3 → 2026 Q4

当前状态（2026 Q2）：
- Mythos Preview 有限可用性（Project Glasswing 联盟）
- 每日约数千个漏洞发现（包括零日）
- <1% 漏洞已完全修补

未来状态（2026 Q3-4）：
- 类似能力模型可能广泛扩散
- 防御方需要 6-12 个月赶超
- 混乱期可能持续 6-12 个月

Deployment Boundary:

Time Boundary: Transition period may last 6-12 months
Organizational Boundaries: Prioritize critical software infrastructure over consumer applications
Capability Boundary: Zero-day vulnerabilities (99% unpatched), known vulnerabilities (1% discussable)

Strategic Consequences: Security Ecological Balance Shift

Short-term impact: Attacker’s advantage

Mechanism:

Capability symmetry: AI models can be both repaired and exploited
Knowledge asymmetry: Attackers may master new capabilities faster
Resource asymmetry: Attackers can automate vulnerability mining and exploitation

Impact:

2026 Q2-2026 H2: Attackers may gain short-term advantages -Global cybercrime cost: ~$500B/year (could rise to $700B+/year)
Critical infrastructure exposure: likely to rise 20-30%

Long-run equilibrium: Defender’s advantage

Mechanism:

Capability convergence: AI capabilities tend to be stable
Tool popularization: defense tools become standard components
Ecological maturity: vulnerability repair speed > vulnerability discovery speed

Expectation:

After 2026 Q4: Defender regains advantage
Long term: AI will be used more in the “pre-repair” phase rather than the “post-discovery” phase

Cross-domain signals: the cross-influence of AI + security

Chip/Computing Domain:

Improved GPU computing power → Reduced model training costs → More people can access vulnerability discovery capabilities
Security tools become default components of AI toolchains

Protocol Standard Domain:

CVSS scoring criteria may need to be redefined (traditional scoring cannot reflect AI capabilities)
Vulnerability disclosure time window may be shortened (AI discovery → AI exploitation → rapid patching)

Comparative analysis: defense vs offensive ability symmetry

Capability symmetry analysis

能力维度：
代码理解 → 漏洞发现
推理能力 → 漏洞利用
自主性 → 自动化攻击链

Symmetry Features:

Improved defense ability → simultaneous improvement of offensive ability
Tool chain symmetry → defensive tools vs offensive tools -Knowledge base symmetry → vulnerability database vs attack script library

Risk transfer: from “tool dependence” to “capability dependence”

Historical Analogy:

1990s: fuzzing tools → Attacker’s ability improvement
2000s: SQL injection tools → Improved defender capabilities
2026: Universal AI model → Simultaneous improvement of capabilities of both parties

Key differences:

Previously: Tool specialization, different attacker and defender toolchains
Now: the model is universal, the attacker and defender use the same model

Commercialization: Security Capabilities as a Service

Credit limit mode

Monetization mechanism:

$100M usage quota: Enterprise customers can use Mythos Preview for security scanning on demand
$4M direct donation: support open source security projects (OSS-Fuzz, etc.)
Pay-as-you-go: Pay according to usage after exceeding the quota

Business Model:

Pay-per-use: Each vulnerability scan/patching is billed by token
Subscription Model: Enterprise-level subscription, including SLA and technical support
Partner Share: Alliance partners share based on usage

ROI quantifiable indicators

Enterprise deployment scenario:

Metrics	Traditional Plan	Mythos Preview Plan	Differences
Vulnerability discovery cost	$100K/year (labor)	$20K/year (AI)	80% reduction
Vulnerability remediation cycle	6-12 months	1-3 months	75% reduction
Critical system exposure	30-40%	10-15%	60% reduction
Security incident response time	4-8 hours	30-60 minutes	80% reduction

Return on Investment:

Deployment cost: $50K-200K/year
Expected revenue: $200K-500K/year (risk reduction + event reduction)
ROI: 200-400%

Risks and Tradeoffs

Technical risk

Model Security Risk:

The model may be used in actual attacks
Exploit code can be abused
Attack scripts may be weaponized

Mitigation:

Access Control: Authorized users only
Usage Audit: full logs and monitoring
Collaborative Disclosure: Follow the CVSS process

Compliance Risk

Regulatory Challenges:

Different countries have different regulations on AI safety
Vulnerability disclosure may violate the laws of some countries
Restrictions on cross-border data flows

Compliance Policy:

Geographical compliance: select available models based on target region
Time window: comply with vulnerability disclosure time requirements
Data sovereignty: localized deployment + data encryption

Conclusion: “New Balance” of Security Ecology

Time window for capability transfer

Key time nodes:

2026 Q2：能力不对称期
- 防御方：有限可用 Mythos Preview
- 攻击方：可能已接触类似能力
- 风险：短期混乱

2026 Q3：过渡期
- 能力扩散：类似模型开始出现
- 防御方：扩大联盟规模
- 风险：能力竞争

2026 Q4 后：新均衡
- 工具普及：AI 安全成为标配
- 生态稳定：防御方重新获得优势
- 长期：能力更多用于"修复前"

Action recommendations

For Business:

Join the Alliance: Join Project Glasswing as early as possible
Capability Assessment: Test the effect of Mythos Preview in your own code base
Process Refactoring: Incorporate AI security scanning into the CI/CD process
Capability Reserve: Prepare to deal with transitional attacks

To Developers:

Focus on CVSS: Understand the impact of AI capabilities on scoring
Secure Coding: AI models may find vulnerabilities that cannot be detected by traditional static analysis
Vulnerability Disclosure: Follow a coordinated disclosure process

To the researcher:

Capability Measurement: Establishing a new AI capability benchmark (non-traditional fuzzing)
Cross-domain research: Focus on the cross-influence of AI + security
Open Source Contribution: Participate in projects such as OSS-Fuzz

Final judgment

The release of Claude Mythos Preview and the launch of Project Glasswing mark the beginning of the “capability asymmetry period” in AI security capabilities**. This is not a simple tool upgrade, but a paradigm shift from “tool dependence” to “capability dependence”. In the short term (6-12 months), the attacker may gain an advantage; in the long term (after 2026 Q4), the defender will regain the advantage. The key is this: Whoever can integrate AI capabilities into security processes faster will gain an advantage in the new equilibrium.

Frontier signal classification:

AI Application: Claude Mythos Preview (security capability)
Cross Domain Signaling: AI + Security (Protocol/Infrastructure)
Strategic consequences: Security ecological balance shift
Commercialization: credit line + partner share
Comparative Analysis: Defense vs Offensive Ability Symmetry