AI Cyber Proliferation

concept Apr 8, 2026

cybersecurityai-riskproliferationnational-security

The risk that AI-powered vulnerability discovery and exploitation capabilities spread beyond actors committed to using them safely, before defensive measures are in place.

The dynamic

As frontier models improve at coding and reasoning, their cybersecurity capabilities improve as a byproduct. AI vulnerability discovery is not a gated capability — it emerges from general model improvements. Once a model reaches sufficient coding ability, it can find and exploit software vulnerabilities autonomously. This means:

Capability proliferation tracks model proliferation
Open-weight models of sufficient capability will carry these skills
The cost and expertise barrier to finding zero-days is dropping rapidly

Current state

Claude Mythos Preview represents a threshold: a model that surpasses all but the most skilled humans. Anthropic chose not to release it generally and instead channeled it into Project Glasswing. But the announcement itself signals that this capability class exists and will recur in future models from multiple developers.

Scale of the threat

The Glasswing announcement estimates global cybercrime costs at roughly $500B per year under current conditions. State-sponsored actors (China, Iran, North Korea, Russia) already target critical infrastructure. AI-augmented attacks could make these more frequent, more sophisticated, and accessible to less-skilled actors.

Mitigation approaches

Temporal advantage: deploy defensive scanning before adversaries gain equivalent capabilities (defensive AI advantage)
Access control: restrict the most capable models (Anthropic’s approach with Mythos Preview)
Safeguard development: detect and block dangerous outputs before making Mythos-class models broadly available
Coalition defense: coordinate scanning across the full attack surface (Project Glasswing)
Government involvement: maintain democratic nations’ lead in AI technology; assess and mitigate national security risks

AI Vulnerability Discovery The cost, effort, and expertise required to find exploitable vulnerabilities has dropped dramatically. Flaws that once required rare specialist knowledge to discover are now accessible to anyone with model access. This shifts the economics of both attack and defense — see AI Cyber Proliferation for the risk side and Defensive AI Advantage for the opportunity. →

AI Vulnerability Discovery

Claude Mythos Preview — the model demonstrating the capability
Defensive AI Advantage — channeling the capability for defense
AI Cyber Proliferation — the risk of capability spread

→

Defensive AI Advantage

Speed. Defenders must deploy AI-assisted scanning before capabilities proliferate to adversaries.
Coordination. No single organization can cover the full attack surface — coalition efforts like Project Glasswing are necessary.
Open-source coverage. Most critical infrastructure runs on open-source software maintained by under-resourced teams. The defensive advantage collapses if these codebases are left unscanned.

→

Defensive AI Advantage

AI Vulnerability Discovery — the underlying capability
AI Cyber Proliferation — the threat that erodes the advantage
Project Glasswing — an attempt to realize the defensive advantage

→

Cybersecurity

AI Vulnerability Discovery — AI models autonomously finding and exploiting software vulnerabilities
Defensive AI Advantage — the thesis that defenders can stay ahead by acting first
AI Cyber Proliferation — risk of capability spread to adversaries

→

Project Glasswing AI models have reached a capability level where they surpass all but the most skilled humans at finding and exploiting software vulnerabilities. Claude Mythos Preview demonstrates this with thousands of zero-day discoveries across every major OS and browser. The capability will proliferate — Project Glasswing aims to give defenders a head start. →

Project Glasswing

Claude Mythos Preview — the model powering Glasswing
AI Vulnerability Discovery — the underlying capability
Defensive AI Advantage — the strategic argument
AI Cyber Proliferation — the risk motivating urgency

→

AI Cyber Proliferation

The dynamic

Current state

Scale of the threat

Mitigation approaches

See also