From-scratch reimplementation of Mythos Glasswing pipeline
A new project has been launched that reimplements the Mythos Glasswing pipeline for vulnerability discovery. This approach emphasizes the use of multiple narrow agents working in parallel, rather than relying on a single large model. The pipeline includes various stages designed to enhance the accuracy and efficiency of finding vulnerabilities in codebases.
- ▪The pipeline consists of eight stages, each with a specific purpose and model.
- ▪It utilizes a feedback loop to improve the discovery process by seeding new hunts based on reachable bugs.
- ▪The project is licensed under MIT, allowing for free reuse and modification.
Opening excerpt (first ~120 words) tap to expand
audit An 8-stage vulnerability-discovery agent, driven by your Claude Pro / Max subscription through the official Claude Code Agent SDK. Many narrow agents, deliberate disagreement, and an explicit reachability gate. MIT-licensed. No API key needed if you already use claude login. Origin This project is a from-scratch reimplementation of the pipeline described in Cloudflare's Project Glasswing post, which tested Anthropic's Mythos preview LLM against Cloudflare's own codebase. The blog argues that real-world vulnerability discovery does not come from asking one big model "find bugs here" — it comes from: Many narrow agents working in parallel on tightly-scoped questions ("Look for command injection in this specific function, with this trust boundary above it") rather than one exhaustive…
Excerpt limited to ~120 words for fair-use compliance. The full article is at GitHub.