Anthropic Claude Mythos 自主挖出數千個零日漏洞:Project Glasswing 如何改寫資安規則 | Anthropic Claude Mythos Finds Thousands of Zero-Days: How Project Glasswing Rewrites Cybersecurity
By Kit 小克 | AI Tool Observer | 2026-04-12
🇹🇼 Anthropic Claude Mythos 自主挖出數千個零日漏洞:Project Glasswing 如何改寫資安規則
Anthropic Claude Mythos Preview 是 Anthropic 最新發布的前沿模型,在一般任務上表現優異,但真正讓資安圈震動的是它的漏洞挖掘能力——這個 AI 在幾週內自主發現了數千個零日漏洞,涵蓋所有主流作業系統和瀏覽器,其中超過 99% 尚未修補。
Claude Mythos 發現了什麼漏洞?
Claude Mythos Preview 完全自主地在 FreeBSD、OpenBSD、主流瀏覽器和關鍵基礎設施軟體中找出了數千個零日漏洞。其中最驚人的案例是一個存在 17 年的 FreeBSD NFS 遠端程式碼執行漏洞(CVE-2026-4747),可以讓攻擊者直接取得 root 權限。這些漏洞不是靠暴力測試找到的,而是 AI 真正理解程式碼邏輯後挖出來的。
什麼是 Project Glasswing?為什麼不公開釋出?
Project Glasswing 是 Anthropic 因應 Claude Mythos 強大能力而推出的資安計畫。簡單來說:這個模型太危險了,不能直接公開。Anthropic 選擇先將 Mythos Preview 提供給有限的合作夥伴,讓防禦方先修補漏洞,再考慮更廣泛的釋出。
參與的組織陣容豪華:AWS、Apple、Google、Microsoft、NVIDIA、CrowdStrike、Cisco、JPMorgan Chase、Linux 基金會等。Anthropic 還承諾投入最高 1 億美元的使用額度,以及 400 萬美元直接捐贈給開源資安組織。
Claude Mythos 對開發者意味著什麼?
這代表 AI 在資安領域的能力已經超越絕大多數人類。對開發者來說有兩層意義:
- 防禦變強:未來的程式碼審查和漏洞掃描工具將整合類似能力,自動找出人類看不到的漏洞
- 攻擊門檻降低:當類似能力的模型被更多人取得,零日漏洞的發現速度會遠超修補速度
這就是所謂的「Glasswing 悖論」——能破壞一切的東西,同時也是能修復一切的東西。
負責任揭露與後續發展
由於超過 99% 的漏洞尚未修補,Anthropic 遵循協調漏洞揭露流程,不會公開任何細節。這是正確的做法,但也引發了一個問題:當 AI 找漏洞的速度遠快於人類修補,我們的整個資安生態是否需要根本性的改變?
Project Glasswing 不只是一個產品發布,它是一個訊號——AI 資安攻防的新時代已經開始。好不好用,試了才知道。
🇺🇸 Anthropic Claude Mythos Finds Thousands of Zero-Days: How Project Glasswing Rewrites Cybersecurity
Anthropic Claude Mythos Preview is Anthropic’s latest frontier model, and while it performs well across general tasks, its cybersecurity capabilities have sent shockwaves through the security community. In just a few weeks, Mythos Preview autonomously discovered thousands of zero-day vulnerabilities across every major operating system and browser—over 99% of which remain unpatched.
What Vulnerabilities Did Claude Mythos Find?
Claude Mythos Preview autonomously identified critical zero-day vulnerabilities in FreeBSD, OpenBSD, all major browsers, and other critical infrastructure software. The most striking example: a 17-year-old remote code execution flaw in FreeBSD’s NFS implementation (CVE-2026-4747) that grants root access. These aren’t brute-force fuzzing results—the AI genuinely understands code logic to find deep architectural flaws.
What Is Project Glasswing and Why Not Release Publicly?
Project Glasswing is Anthropic’s cybersecurity initiative built around Mythos Preview. The core rationale: this model is too dangerous for unrestricted public release. Instead, Anthropic is providing early access to a select group of partners so defenders can patch vulnerabilities before similar capabilities become widely available.
The partner list reads like a who’s who of tech: AWS, Apple, Google, Microsoft, NVIDIA, CrowdStrike, Cisco, JPMorgan Chase, and the Linux Foundation. Anthropic is committing up to million in usage credits plus million in direct donations to open-source security organizations.
What Does This Mean for Developers?
AI cybersecurity capabilities now surpass nearly all human experts. For developers, this has two implications:
- Stronger defense: Future code review and vulnerability scanning tools will integrate similar capabilities, catching flaws humans miss
- Lower attack barriers: As similar models proliferate, zero-day discovery will outpace patching
This is the “Glasswing Paradox”—the thing that can break everything is also the thing that fixes everything.
Responsible Disclosure and What Comes Next
With over 99% of discovered vulnerabilities still unpatched, Anthropic follows coordinated vulnerability disclosure and won’t reveal details. But a deeper question emerges: when AI finds vulnerabilities faster than humans can patch them, does our entire security ecosystem need fundamental restructuring?
Project Glasswing isn’t just a product launch—it’s a signal that the AI cybersecurity arms race has officially begun. As always, you won’t know until you try it yourself.
Sources / 資料來源
- Project Glasswing: Securing critical software for the AI era - Anthropic
- Claude Mythos Finds Thousands of Zero-Day Flaws - The Hacker News
- Anthropic says its most powerful AI cyber model is too dangerous to release - VentureBeat
常見問題 FAQ
Claude Mythos 找到了多少零日漏洞?
數千個,涵蓋所有主流作業系統和瀏覽器,其中超過 99% 尚未修補。最驚人的是一個存在 17 年的 FreeBSD 遠端執行漏洞。
Project Glasswing 是什麼?
Anthropic 的資安計畫,將 Claude Mythos Preview 限定提供給 AWS、Apple、Google 等合作夥伴,讓防禦方先修補漏洞再考慮公開。
Claude Mythos 會公開釋出嗎?
目前不會。Anthropic 認為這個模型的漏洞挖掘能力太強,不適合無限制公開,需要先讓防禦方跟上。
Glasswing 悖論是什麼意思?
能破壞一切的 AI 同時也是能修復一切的工具——AI 讓攻擊和防禦都變強,關鍵在於誰先用到。
延伸閱讀 / Related Articles
- Meta Muse Spark 模型完整解析:Alexandr Wang 操刀的閉源轉向,跑分第四但效率提升 10 倍 | Meta Muse Spark Explained: Alexandr Wang Ditches Open-Source, Ranks 4th But 10x More Efficient
- Vitalik Buterin 本地 LLM 方案實測解析:NVIDIA 5090 跑 Qwen3.5,不上雲也能日常用 AI | Vitalik Buterin Local LLM Setup Explained: Running Qwen3.5 on NVIDIA 5090 — Daily AI Without the Cloud
- Google TurboQuant 實測解析:KV Cache 壓縮到 3-bit,記憶體砍 6 倍還不掉精度 | Google TurboQuant Explained: 3-bit KV Cache Compression Cuts Memory 6x With Zero Accuracy Loss
AI 工具觀察站 — 每日精選 AI Agent 與工具趨勢
AI Tool Observer — Daily curated AI Agent & tool trends
留言
張貼留言