# Source Index *All sources accessed 2026-04-14 unless noted* ## Primary Sources (Anthropic) | ID | Source | URL | |----|--------|-----| | S1 | Anthropic: Project Glasswing (main page) | anthropic.com/glasswing | | S2 | Anthropic: Project Glasswing (partner page) | anthropic.com/project/glasswing | | S3 | Claude Mythos Preview System Card (244 pages) | red.anthropic.com/2026/mythos-preview/ | ## Expert Analysis | ID | Source | URL | |----|--------|-----| | S4 | Schneier on Security: On Anthropic's Mythos Preview | schneier.com/blog/archives/2026/04/on-anthropics-mythos-preview-and-project-glasswing.html | | S5 | Zvi Mowshowitz: Claude Mythos #2 (Substack) | thezvi.substack.com/p/claude-mythos-2-cybersecurity-and | | S6 | Simon Willison: Anthropic's Project Glasswing | simonwillison.net/2026/Apr/7/project-glasswing/ | | S7 | Forrester: 10 Consequences | forrester.com/blogs/project-glasswing-the-10-consequences-nobodys-writing-about-yet/ | ## Press Coverage | ID | Source | URL | |----|--------|-----| | S8 | VentureBeat: Most powerful AI cyber model too dangerous to release | venturebeat.com/technology/anthropic-says-its-most-powerful-ai-cyber-model-is-too-dangerous-to-release | | S9 | NPR: How AI is getting better at finding security holes | npr.org/2026/04/11/nx-s1-5778508/anthropic-project-glasswing-ai-cybersecurity-mythos-preview | | S10 | NBC News: Anthropic Project Glasswing | nbcnews.com/tech/security/anthropic-project-glasswing-mythos-preview-claude-gets-limited-release-rcna267234 | | S11 | Futurism: Claude Mythos escaped a sandbox | futurism.com/artificial-intelligence/anthropic-claude-mythos-escaped-sandbox | | S12 | Infosecurity Magazine: Anthropic launches Glasswing | infosecurity-magazine.com/news/anthropic-launch-project-glasswing/ | ## Industry / Academic | ID | Source | URL | |----|--------|-----| | S13 | Security Magazine: Expert reactions | securitymagazine.com/articles/102226-what-are-security-experts-saying-about-claude-mythos-and-project-glasswing | | S14 | The Conversation: Why an AI superhacker has the tech world on alert | theconversation.com/claude-mythos-and-project-glasswing-why-an-ai-superhacker-has-the-tech-world-on-alert-280374 | ## Security Advisories & Patch Sources | ID | Source | URL | |----|--------|-----| | S15 | FreeBSD-SA-26:08.rpcsec_gss (CVE-2026-4747) | freebsd.org/security/advisories/FreeBSD-SA-26:08.rpcsec_gss.asc | | S16 | NVD: CVE-2026-4747 | nvd.nist.gov/vuln/detail/CVE-2026-4747 | | S17 | OpenBSD 7.7/7.8 Errata (025_sack, 2026-03-21) | openbsd.org/errata77.html | | S18 | Calif.io MAD Bugs write-up (CVE-2026-4747 prompts) | github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md | | S19 | Firefox 149 Security Advisory (6 Anthropic-credited CVEs) | cybersecuritynews.com/firefox-149-released/ | | S20 | SentinelOne: CVE-2026-4692 (Firefox) | sentinelone.com/vulnerability-database/cve-2026-4692/ | | S21 | FFmpeg thanks Anthropic (PiunikaWeb) | piunikaweb.com/2026/04/08/ffmpeg-thanks-claude-mythos-16-year-bug-fix/ | | S22 | The Hacker News: Claude Mythos Finds Thousands of Zero-Day Flaws | thehackernews.com/2026/04/anthropics-claude-mythos-finds.html | | S23 | Red Hat RHSA-2026:7837 (Firefox downstream) | access.redhat.com/errata/RHSA-2026:7837 | ## Post-Announcement Analysis | ID | Source | URL | |----|--------|-----| | S24 | Forrester: AI Will Break the Vuln Management Playbook | forrester.com/blogs/project-glasswing-shows-that-ai-will-break-the-vulnerability-management-playbook/ | | S25 | Humai: Less Than 1% Are Patched | humai.blog/anthropic-found-thousands-of-zero-days-in-windows-macos-chrome-and-firefox-less-than-1-are-patched/ | | S26 | Picus Security: The Glasswing Paradox | picussecurity.com/resource/blog/anthropics-project-glasswing-paradox | | S27 | VentureBeat: Mythos detection ceiling | venturebeat.com/security/mythos-detection-ceiling-security-teams-new-playbook/ | ## Unverified / To Investigate - Security firm **Aisle** reportedly replicated some Glasswing discoveries with cheaper models (mentioned by Schneier, S4) - Greg Kroah-Hartman and Daniel Stenberg quotes about real AI vuln reports (mentioned by Willison, S6)