Zscaler Joins Project Glasswing to Harden Infrastructure
Zscaler announces its participation in Project Glasswing, Anthropic's restricted program that grants vetted defenders access to Claude Mythos Preview. Zscaler says Mythos Preview can read code like an expert researcher, chaining weaknesses and producing working exploits far faster than human teams, and reports it has already surfaced thousands of high-severity flaws across major OSes and browsers. The company argues reactive patching is obsolete against AI-driven vulnerability discovery and urges an architectural defense: reduce internet exposure of applications and adopt least-exposure patterns rather than relying solely on firewalls, VPNs, scanning, and detection.
What happened
Zscaler is publicly joining Project Glasswing, Anthropic's restricted initiative, and received access to Claude Mythos Preview to test AI-driven vulnerability discovery against real-world attack surfaces. Zscaler highlights that Mythos Preview can chain logic flaws and generate working exploits at machine speed, surfacing thousands of high-severity flaws during preliminary evaluations.
Technical details
Claude Mythos Preview is described as a frontier code-understanding model that maps program logic, identifies multi-step exploit chains, and synthesizes proof-of-concept exploits far faster than manual analysis. Zscaler emphasizes three practical consequences:
- •It scales parallel scanning of internet-facing assets beyond human capacity, enumerating complex attack graphs.
- •It automates exploit synthesis by linking disparate weaknesses into working chains rather than flagging isolated issues.
- •It reduces time-to-exploit from weeks to hours, compressing the defensive window.
Context and significance
The collaboration signals a turning point for defenders: powerful LLM-style code models are now offensive-grade tools for vulnerability discovery. Zscaler frames this as a systems and architecture problem rather than a tooling-only problem. The post criticizes the thirty-year perimeter model, arguing that firewalls, VPNs, and patching workflows assume human-speed attackers and therefore cannot scale against automated model-driven reconnaissance.
Why it matters for practitioners
Security teams must prioritize exposure minimization and least-exposure architectures for applications and APIs. Traditional investments in incremental scanning or signature detection will be insufficient as automated adversaries dramatically shorten the window between discovery and exploitation. Expect increased emphasis on design patterns that remove public-facing surfaces, stronger identity- and policy-based access, and proactive threat modeling that accounts for AI-accelerated attack techniques.
What to watch
Watch for practical tooling and frameworks that codify least-exposure patterns, and for more defenders to request controlled access to models like Claude Mythos Preview to harden critical systems. Also monitor disclosure and coordination practices as AI finds larger volumes of high-severity issues.
Scoring Rationale
This is a notable security development: a frontline model demonstrating rapid exploit discovery forces a strategic shift for defenders toward exposure minimization. The story affects security engineering practices but is not a new model release or industry-shaking regulation.
Practice interview problems based on real data
1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problemsStep-by-step roadmaps from zero to job-ready — curated courses, salary data, and the exact learning order that gets you hired.
