When Anthropic realized that Mythos was proving to be unusually capable of producing exploits, they decided not to release it publicly. Instead, they chose to invite certain actors to start using Mythos in a closed program to secure their own code. This initiative was named Glasswing. This is a commendable initiative, but it will not save us in the long run. 

When the light bulb was invented, both Edison and Swan managed to construct a working version independently of each other, although Edison got to the patent office a little faster. The invention was timely. Similarly, there is every reason to believe that other frontier models will soon have similar capabilities to the Mythos. Perhaps such already exist, but kept secret in development labs. Glasswing can delay the spread, but hardly stop it. 

Who then will get the chance to fix their shortcomings? They are twelve so-called partners: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, Linux Foundation, Microsoft, Nvidia and Palo Alto Networks. These are all large, resourceful players with existing relationships with Anthropic. Eleven of them are large commercial American companies in technology and financial infrastructure. In addition, the Linux Foundation, because it provides Linux, which is one of the world's most widely used operating systems. In addition to these, there is a slowly growing list of other organizations that they also get access to. We don't know exactly what this looks like because it is partly secret, but to date there are about forty of them.  

But our digital infrastructure doesn't just consist of products from big vendors. A large part of it consists of open source – projects like curl, XZ Utils or Spring. We all depend on them, but they're not on the list. A vulnerability in them spreads to a lot of places at once. 

Your and my organization are not on the Glasswing list either. We will continue to take responsibility for the code we write ourselves, with or without Mythos. 

The problem doesn't stop with new code. Beneath the surface are years of accumulated code that has never been reviewed with today's eyes and tools; it's a mountain we have to work on catching up on. But that's a story for another time. 

Glasswing is an initiative that is supposed to delay the effect, but it is not a knight in shining armor coming to our rescue. Taking responsibility for our own systems and keeping them as clean of vulnerabilities as we can – that responsibility falls on us.