Defending against Mythos-era threats

On April 7, 2026, Anthropic announced Claude Mythos Preview — a frontier model that can autonomously find zero-day vulnerabilities in every major OS and browser, and write working exploits. Project Glasswing brings these capabilities to defenders. For organizations using AI coding agents, this changes the threat model.

What happened

Mythos found a 27-year-old OpenBSD bug, a 16-year-old FFmpeg bug, and thousands more
It autonomously writes exploits: JIT heap sprays, ROP chains, KASLR bypasses
Anthropic chose not to release Mythos generally
Project Glasswing brings these capabilities to defenders at AWS, Cisco, CrowdStrike, Google, Microsoft, the Linux Foundation, and more

"What once took months now happens in minutes with AI." — Elia Zaitsev, CTO, CrowdStrike

Three structural shifts

1. The patch-as-roadmap problem

When AI can turn a CVE patch into a working exploit in hours, every disclosed vulnerability is immediately weaponizable. Customers can no longer rely on patch cycles alone. They need runtime defense that does not depend on knowing about the vulnerability in advance.

2. AI coding agents are both targets and tools

Developers use AI agents to write code at unprecedented speed. Attackers use AI agents to find and exploit vulnerabilities at unprecedented speed. Both sides use the same agents. The agents themselves become the new attack surface. Hijacking an agent is more valuable than ever.

3. Friction-based defenses are weakening

Defense mechanisms that worked because exploitation was tedious for humans are weakening against tireless AI. Hard barriers (zero-knowledge architecture, structural defenses, capability constraints) become more important than soft barriers (rate limits, complexity, "would take weeks of expert work").

Where Crawdad fits

Crawdad is not a vulnerability scanner. It does not compete with Mythos, Glasswing partners, Snyk, Checkmarx, or Cisco AI Defense. Those tools find vulnerabilities in code. Crawdad protects the AI agents that write, read, and execute code.

Runtime defense layer for AI agents

Indirect prompt injection (L3): Catches hidden instructions in tool results, web pages, documents
Output validation (LLM-as-Critic): Catches hijacked agents whose responses do not match user intent
Exploitation request detection: Flags when an agent is being asked to write exploit code (ROP chains, heap sprays, KASLR bypasses, CVE exploits)
CVE tracking: Visibility into CVE references in agent traffic
Behavioral baselines: Alerts when an agent deviates from normal behavior
Process activity monitoring: Tracks sensitive file access by agents

Crawdad complements vulnerability scanning

Vulnerability scanners scan code at rest. Crawdad scans traffic in motion through your AI agents. Together, you protect both the code and the agents that touch it.

Crawdad is the runtime defense layer for AI agents. It catches indirect prompt injection, hijacked responses, exploitation requests, and behavioral anomalies in real time, without sending your data anywhere. It complements vulnerability scanning by protecting the agents that read, write, and execute code.

What to do now

For developers using AI coding agents

Route your AI agents through a runtime defense layer
Enable output validation to catch hijacked agents
Track sensitive file access by agents
Watch for exploitation request patterns in agent traffic

For security teams

Do not rely on patch cycles alone
Deploy runtime defense that does not depend on knowing the vulnerability in advance
Treat AI agents as non-human identities with their own risk profiles
Monitor agent behavior continuously, not just at deployment

For open source maintainers

Crawdad is free for OSS maintainers. The Linux Foundation and Apache Software Foundation are getting funding for OSS security. We add to that effort by protecting the AI agents OSS maintainers use.

curl -fsSL https://getcrawdad.dev/install.sh | sh

Home → · Docs → · OSS program →