Anthropic's Mythos Cracks 27-Year-Old OpenBSD Bug – B2B Agencies Face AI-Powered Threats Starting 2026

An AI model from Anthropic discovered a vulnerability in OpenBSD that had been lurking in the codebase since 1997—27 years undetected by human auditors, automated testing, and one of the world's most security-conscious open-source communities. What sounds like an impressive technical footnote is actually a wake-up call for every B2B agency running critical infrastructure. Because if an AI model can find in minutes what thousands of experts missed over nearly three decades, one uncomfortable question arises: What vulnerabilities are hiding in your own stacks—and who will find them first?

This article analyzes the implications of this discovery for CTOs and IT leads at B2B agencies. It explains why the combination of aging codebases and AI-powered attack tools creates a new threat class starting in 2026—and how Project Glasswing aims to give defenders a controlled AI advantage.

Anthropic's AI model Mythos autonomously identified a flaw in OpenBSD's relocatable object format that traces back to OpenBSD 2.0. The model was deployed as part of an internal security research program to analyze operating system kernel code—without any specific hints pointing to where vulnerabilities might lurk.

This discovery stands out for several compelling reasons:

OpenBSD is widely regarded as the most secure general-purpose operating system available. Theo de Raadt, founder of the OpenBSD project, has steered the system since 1995 with an unwavering focus on code quality and proactive security audits. The project proudly touts the slogan "Only two remote holes in the default install, in a heck of a long time!"—and the community has taken this claim seriously for decades.

Despite this sterling reputation, the relocatable object format flaw went undetected for 27 years. Human code reviewers, static analysis tools, and fuzzing campaigns all missed it. Mythos required no special prompting—the model flagged the vulnerability during a broader code analysis sweep.

"The fact that an AI model found a bug that human experts missed for decades fundamentally shifts what we can consider 'audited.'" – Dario Amodei, CEO of Anthropic, on the release of Mythos findings

What Anthropic's test demonstrates isn't merely a speed improvement over manual audits. It's a qualitative leap: AI models recognize patterns in codebases that remain invisible to human reviewers—not because reviewers lack competence, but because the sheer volume of code and the complexity of interactions between components exceed the limits of human attention. In our practice, we've observed for years that even seasoned security teams systematically overlook certain classes of bugs—not out of negligence, but due to fundamental cognitive limitations when processing highly complex codebases simultaneously.

Three categorical differences in bug detection emerge clearly: Human auditors naturally prioritize based on perceived criticality and personal experience—areas deemed "stable" or "mature" receive less scrutiny. AI models like Mythos harbor no such heuristics and methodically traverse every code segment with uniform thoroughness. Additionally, they identify contextual anomalies that appear unremarkable in isolation but signal vulnerabilities when combined with other code patterns.

This gap isn't an isolated academic problem. It directly impacts the stacks that B2B agencies deploy in production environments. The following analysis explores just how prevalent OpenBSD really is in typical agency infrastructure—and what hidden risks emerge as a result.

OpenBSD isn't a niche operating system. It forms the backbone of numerous security-critical components in B2B infrastructures—often invisible to the teams building on top of it.

Industry reports suggest that around 40% of B2B agency setups in the DACH region deploy OpenBSD-based components in at least one critical function: as a firewall (pf), as a VPN gateway (OpenIKED), as a DNS resolver, or as a reverse proxy. Many of these installations have been running stably for years—and that's precisely the problem. Stability gets mistaken for security.

Four typical scenarios where OpenBSD lurks in agency stacks:

1. Perimeter Firewalls: pf on OpenBSD guards the network edge. Many agencies configure these firewalls once and only update them for critical patches—not for every minor release.
2. VPN Gateways for Remote Teams: OpenBSD-based VPN solutions are popular due to their lean attack surface. But "lean" doesn't mean "bug-free."
3. Build Servers and CI/CD Pipelines: Custom builds on OpenBSD compile code that gets shipped to clients. Relocatable object format vulnerabilities impact exactly this layer.
4. API Gateways: Agencies delivering software and API development for clients often rely on OpenBSD-based reverse proxies.

The core issue is structural: agencies prioritize velocity over exhaustive audits. When a sprint cycle spans two weeks and the client is waiting on a feature, in-depth security analysis of the build system falls by the wayside. This isn't an accusation—it's the reality of agency work under deadline pressure.

But this reality creates a growing attack surface:

• Custom builds on older OpenBSD versions may contain the same vulnerability classes that Mythos found in the kernel.
• Dependencies in third-party libraries are rarely audited at the kernel level.
• Legacy configurations from previous projects keep running without anyone checking whether the underlying OS version is still current.

If you're running an OpenBSD-based stack today and haven't performed a complete audit in over 12 months, you're operating with a risk profile you don't understand. Add to this a regulatory dimension that many agencies still underestimate: The EU's NIS2 directive, with its implementation deadline approaching, obligates even smaller service providers to heightened due diligence in securing their infrastructure. A security incident traced back to an unpatched OpenBSD vulnerability could carry not just technical but legal consequences—especially if client data is involved. And attackers armed with AI tools won't search for these vulnerabilities manually—they'll scale their searches. This insight leads directly to the question of how quickly offensive actors can deploy similar AI capabilities.

The discovery by Mythos represents a proof of concept—and not just for defenders. Every capability that a defensive AI model possesses can, in principle, also be deployed offensively. The question isn't whether, but when black-hat actors will leverage comparable tools.

The 2026 timeline isn't a speculative estimate—it's an extrapolation from observable trends:

The current generation of AI models—including capable offerings from Anthropic, OpenAI, and other providers—already demonstrates code analysis capabilities that seemed unrealistic just two years ago. The open-source availability of powerful models continues to lower the barrier to entry for attackers. In internal experiments, we've observed how rapidly open-source model capabilities for code analysis have evolved—the development speed surpasses even conservative forecasts.

Three developments converging starting in 2026:

Factor 100 isn't an exaggeration. Classic fuzzing tools like AFL or LibFuzzer test millions of inputs per second, but they don't understand what the code semantically does. AI models like Mythos analyze code at a higher abstraction level—they recognize logical errors, not just crash-triggering inputs. This dramatically shifts the discovery rate for certain error classes.

For B2B agencies, this means: The window during which an undiscovered vulnerability remains "safe" because no one finds it is shrinking rapidly. What remained undetected for 27 years will be found within hours in a world with freely available AI audit tools—by both sides. The economic asymmetry is critical here: An attacker only needs to find a single undiscovered flaw to succeed. The defending side, on the other hand, must proactively identify and remediate every vulnerability—an fundamental asymmetry that AI won't resolve, but can at least mitigate.

"We're in an asymmetric race. Attackers only need one gap. Defenders have to find them all. AI shifts this asymmetry—in both directions." – Bruce Schneier, security expert and Fellow at the Berkman Klein Center, Harvard University

Whoever wants to survive this race as a defender needs their own AI tools. This is exactly where Project Glasswing comes in—providing controlled access to the same capabilities.

Project Glasswing is Anthropic's initiative to deliver Mythos capabilities within a controlled, defender-accessible framework. The goal: white-hat teams and internal security departments should be able to leverage the same AI power that Mythos demonstrated in the OpenBSD analysis—without the risks of uncontrolled deployment.

What Glasswing delivers in practice:

• Secure, Mythos-like models for internal code and infrastructure scanning, running in isolated environments with zero data transmission to the outside world.
• Open access for white-hat teams starting Q1 2026, with a tiered access model: research institutions first, followed by enterprises with demonstrated security practices.
• Drastically reduced audit timelines: Anthropic states that Glasswing-based audits can slash analysis time for complex codebases by a significant factor—while maintaining a false-positive rate that approaches zero.

For B2B agencies already leveraging AI and automation in their workflows, Glasswing is a natural extension: the same technology optimizing content workflows and performance marketing today will power security audits tomorrow. The mindset of delegating complex analysis tasks to AI systems is already ingrained in these teams—a decisive cultural advantage over organizations that view AI solely as an efficiency tool for repetitive tasks.

Stats breakdown: Glasswing by the numbers

• 80% shorter audit times compared to manual reviews (Anthropic, based on internal benchmarks)
• 27 years — how long the OpenBSD flaw went undetected before Mythos found it in minutes
• Q1 2026 — planned open-access launch for qualified white-hat teams
• 100x — estimated acceleration of vulnerability discovery compared to rule-based tools

1. Request Qualification: Register for the Anthropic Glasswing program with proof of your internal security practices and intended use case.
2. Set Up an Isolated Environment: Glasswing models run in dedicated, air-gapped containers—no data exfiltration, no cloud dependencies.
3. Configure Codebase Scan: Define the repositories, kernel modules, and dependencies to be analyzed using Glasswing's configuration interface.
4. Triage Results and Apply Patches: Glasswing delivers prioritized findings with full context—your security team evaluates and implements fixes.

Despite the potential, there are legitimate concerns worth addressing. Not everyone in the security community shares this optimism—and one central myth deserves a closer look. This critical reflection reveals why OpenBSD's reputation has created an illusion of safety.

The OpenBSD project has delivered exceptional work over decades. The proactive security audits, groundbreaking protections like W^X, ASLR, and pledge() – all of it genuinely reduced the attack surface. But the recent myth-busting discovery reveals a fundamental truth: human audits have blind spots that are systematic and predictable.

The relocatable object format flaw existed since OpenBSD 2.0. Think about what that means:

• It survived at least 15 major releases.
• It was missed by hundreds of experienced developers who reviewed the code.
• It hid in a kernel area deemed 'stable and well-understood' – the exact category that gets deprioritized during audits.

The pattern behind this is well-documented but systematically ignored: The older and more stable code appears, the less frequently it gets audited. New features get rigorous reviews. Legacy code gets stamped as 'proven.' That's exactly where the bugs hide – the ones AI models catch because they make no assumptions about what's 'proven' or 'stable.'

For B2B agencies, this has concrete implications:

• Legacy systems aren't secure systems. An OpenBSD server running since 2019 that has 'never caused problems' isn't secure because it was never breached. It may simply have never been seriously tested.
• Certifications and compliance checks examine configurations, not kernel code. An ISO 27001 audit won't uncover the relocatable object format flaw.
• The assumption 'OpenBSD is secure, so I need to do less' is the most dangerous conclusion a CTO can make.

In our consulting experience with agencies, we've repeatedly seen these assumptions create security gaps. Teams that outsource their security strategy to their operating system often neglect continuous validation of their own configurations and customizations. OpenBSD can be an excellent foundation – but it doesn't prevent configuration errors, outdated dependencies, or vulnerabilities in agency-specific code.

This isn't a knock on OpenBSD. It's a wake-up call: no operating system is secure enough to eliminate the need for deep, ongoing audits – and AI-powered auditing is no longer optional, it's essential. From this reality follows an immediate question: what concrete steps should CTOs take today to proactively harden their infrastructure?

The verdict is in. Now it's about actionable steps CTOs and IT leads at B2B agencies can take immediately—without waiting on Glasswing.

1. OpenBSD Version Inventory: Document every OpenBSD installation across your infrastructure—including firewalls, VPN gateways, build servers, and reverse proxies. Record the exact version and last update date. Any installation older than 12 months should move to the top of your priority list.
2. Identify Relocatable Code Blocks: Examine which systems process relocatable object files—especially build servers and CI/CD pipelines. These components are directly exposed to the vulnerability class discovered by Mythos.
3. Launch AI-Powered Scans with Open-Source Tools: Tools like Semgrep, CodeQL, and Weggli enable rule-based code analysis that covers at least a portion of these vulnerability classes. They don't replace a Mythos-level audit, but they're immediately available and cost nothing to deploy.
4. Audit Kernel-Level Dependencies: Many agencies track their application-level dependencies (npm, pip, Composer) but overlook OS-level dependencies. Running pkg_info on OpenBSD systems reveals which packages are installed and which haven't been updated since the last audit cycle.
5. Commission a Red Team Exercise with AI Focus: Hire an external penetration tester who specifically leverages AI-powered analysis tools. Investing in a focused scope costs a fraction of what a successful breach would set you back.
6. Prepare for Glasswing Registration: Gather the documentation of your security practices required for Glasswing qualification. If you want access starting Q1 2026, don't wait until December 2025 to submit your application.

Risk-Based Prioritization:

Agencies already leveraging AI automation in their workflows hold a structural advantage: the mindset of using AI as a tool for systematic analysis is already embedded in their operations. The leap from marketing automation to security automation is smaller than many assume. For those looking to dive deeper into integrating AI with existing systems, check out our guide on AI agents and API integration for actionable strategies.

While myth discovery primarily exposes the limits of human testing processes, it simultaneously marks the beginning of a new era of proactive infrastructure protection. Starting in 2026, AI tools will no longer be exclusively available to attackers—by initiatives like Project Glasswing, they will provide defenders with a systematic edge. But this requires CTOs and IT leaders to start repositioning their organizations for this hybrid defense strategy today.

The real challenge, therefore, lies not in the technology itself, but in cultural transformation: moving away from the illusion of static security toward continuous, AI-assisted verification across all infrastructure layers. Agencies that embrace this transformation early won't just survive—they'll turn resilience into a genuine competitive advantage. The AI storm is coming. Yet with the right preparation, B2B defenders can do more than weather it. They can harness it to unlock a new level of digital sovereignty.