According to Anthropic, their new Claude Mythos model discovered thousands of zero-day vulnerabilities across every major operating system and web browser. They claim that the model is so powerful they are not releasing it publicly. Instead, they launched Project Glasswing, a coordinated disclosure effort with AWS, Apple, Microsoft, Cisco, Linux kernel maintainers, and other companies.
If you are trying to figure out what this means for your team, you are not alone. The conversation so far has been heavy on fear and light on practical guidance. This session is here to fix that.
SANS faculty and staff have 15 months of real-world experience using current AI models to discover vulnerabilities in penetration tests, finding critical flaws in code that human reviewers already cleared. On Thursday, we are putting that experience on camera so the community can see exactly what this looks like.
What You Will Learn
- What Mythos and Project Glasswing are and why they matter
- Why you do not need access to Mythos to discover serious vulnerabilities with AI
- A live demonstration of AI-assisted vulnerability discovery using a current model against real code
- The vulnerability types AI finds most effectively (IDOR, BOLA, race conditions, authorization flaws, and more)
- Why the next 12 months will likely see accelerated zero-day attacks
- What defenders and security leaders need to do now to prepare
Speakers
Ed Skoudis SANS Technology Institute President
Chris Elgee Principal Instructor, SANS Institute
Joshua Wright Faculty Fellow and Senior Technical Director, SANS Institute
Watch Live
No registration required.
