Cisco’s AI Bug Hunt: 1.8 Billion Lines of Code in 8 Weeks, Powered by Frontier Models Too Dangerous to Release

Neither model was available to the general public at the time of Cisco's announcement. Anthropic had deemed Claude Mythos Preview too dangerous for unrestricted release specifically because of its offensive cyber capabilities, opting instead to provide it only to a handpicked consortium of industry partners under strict oversight . OpenAI's approach with Daybreak was slightly broader—offering tiered access levels, including a gated "GPT-5.5-Cyber" tier reserved exclusively for red-team use—but the most powerful capabilities remained restricted to vetted organizations like Cisco, CrowdStrike, and government agencies .

Cisco's internal harness for these models, the Cisco Foundry Security Spec, was tested across six frontier AI models to ensure it could work in a model-agnostic way. In Cisco's own words, "The model is the accelerant; the harness is the engine" .

The Charter Partnerships: Project Glasswing and Daybreak

Cisco is a founding charter member of both major industry efforts to weaponize frontier AI for defensive cybersecurity.

Anthropic's Project Glasswing: Launched in April 2026, Project Glasswing gives a carefully selected group of partners access to Claude Mythos Preview under strict conditions. The goal is to find and patch vulnerabilities in critical software before attackers can exploit them. Charter participants include AWS, Apple, Google, Microsoft, Nvidia, CrowdStrike, the Linux Foundation, and Cisco . The initiative operates through a coordinated disclosure framework where identified vulnerabilities are responsibly reported to software maintainers .

OpenAI's Daybreak: Announced on May 11, 2026, Daybreak is OpenAI's direct institutional counter to Project Glasswing. Built on GPT-5.5 and Codex Security, it bundles three model tiers behind a security-tuned agent framework designed to automate code review and patch validation at scale. Cisco joined as a charter ecosystem partner alongside Cloudflare, CrowdStrike, and Palo Alto Networks .

The two initiatives represent a fundamental philosophical split in the AI industry. Anthropic has argued that controlling access to the most dangerous models is the best way to boost global cybersecurity, while OpenAI has pushed for broader, tiered access—including to government agencies at all levels—to flood the zone with AI-assisted defenders .

The Operational Rationale: Defensive Urgency

Cisco's stated motivation was straightforward: AI-powered attacks are no longer theoretical, and defenders cannot afford to move at human speed. When Anthropic announced it was withholding Claude Mythos Preview, it simultaneously revealed that the model had already identified weaknesses in critical software infrastructure underlying the internet and broader economy . The implication was clear: if defensive teams didn't use these models first, adversaries would eventually get access to equivalent capabilities.

Cisco framed the 1.8-billion-line scan as a race against that inevitability. The company noted that frontier models "are finding vulnerabilities at a scale that has never been achieved before, and it's not one and done. These things are going to continue to find new vulnerabilities" . By running the scan across its entire portfolio, Cisco aimed to get ahead of attackers who might use similar models to identify the same weaknesses—but with malicious intent.

The Awkward Silence: Cisco Won't Reveal the Bug Count

Despite the fanfare about speed and scale, Cisco systematically avoided answering the most important question: how many vulnerabilities did the models actually find? Multiple reports confirm that Cisco "refused to reveal the total number of vulnerabilities" discovered, offering no tally, no severity breakdown, and no count of critical or exploitable findings .

This silence creates an obvious credibility problem. If the models found thousands of serious bugs, disclosing that number would validate the entire exercise—but it might also alarm customers and regulators. If they found relatively few, the eight-weeks-versus-eight-years framing collapses. Either way, Cisco chose to keep the number private while praising the "transformative power" of the AI scanning effort .

The Policy Shift: Predictable Disclosures for an AI-Accelerated World

One concrete, actionable change did emerge at Cisco Live 2026: starting in July, Cisco is abandoning its previous ad-hoc vulnerability disclosure model in favor of a predictable, scheduled approach. The company will now publish security advisories on the 1st and 3rd Wednesdays of each month, accompanied by a seven-day advance notice that lists which technologies and platforms will be covered in each release .

The rationale is tied directly to the AI scanning program. Cisco's Product Security Incident Response Team (PSIRT) expects AI-accelerated vulnerability discovery to dramatically increase the volume of findings, and a twice-monthly cadence is designed to give enterprise customers the predictability they need to plan patching cycles rather than scrambling to respond to surprise advisories . If no security publications are planned for a given release window, Cisco will communicate that as well .

What the UK Evaluators Found: Capability Is Doubling Every 4.7 Months

While Cisco was scanning its own codebase, the UK's AI Security Institute (AISI) was independently evaluating the two models Cisco used—and the findings were sobering. In a series of evaluations published between April and June 2026, AISI found :

• Claude Mythos Preview is "substantially more capable at cyber offence than any model we have previously assessed." The UK government cited this finding directly in an April 2026 open letter from Secretary of State Liz Kendall and Security Minister Dan Jarvis to all UK business leaders, urging boards to treat AI-enhanced cyber risk as a first-order governance responsibility . Mythos Preview achieved a 73% success rate on expert-level capture-the-flag (CTF) tasks—a first for any model the institute has evaluated .

• GPT-5.5 completed AISI's 32-step corporate network attack simulation end-to-end, a benchmark the institute estimates would take a human expert roughly 20 hours. The model also saturated many of AISI's suite of 95 narrow capture-the-flag cyber tasks, rendering basic benchmarks insufficient to meaningfully measure frontier-model cyber risk . On expert-level advanced tasks, GPT-5.5 achieved an average pass rate of roughly 71%, compared with approximately 69% for Mythos Preview and around 52% for the previous-generation GPT-5.4 .

• The overall trend is accelerating: AISI found that frontier AI models' ability to complete cyber tasks autonomously is now doubling every 4.7 months, down sharply from an 8-month doubling interval the institute recorded in November 2025. Both Claude Mythos Preview and GPT-5.5 substantially exceeded even this steepened trend line .

The implications of a 4.7-month doubling rate are stark. If the trend holds, within roughly a year and a half, AI systems could autonomously complete cyber tasks that today require teams of expert human operators working for weeks or months. AISI noted that newer checkpoints of both models had already saturated the existing 95-task evaluation suite, producing "highly uncertain time horizons" because the benchmarks could no longer measure the full extent of the models' capabilities .

The Bigger Picture: A Defensive-Arms-Race Logic

Cisco's announcement, taken together with the AISI evaluations, paints a picture of an industry that has accepted—and is actively participating in—an AI-fueled defensive arms race. The same frontier models that can scan 1.8 billion lines of code for vulnerabilities can, in theory, be used by attackers to find and exploit those same vulnerabilities faster than any human red team.

The logic of both Project Glasswing and Daybreak is that the best defense is to give the most capable models to the most responsible organizations first, under tight controls, so they can patch critical infrastructure before the offensive capabilities proliferate. Cisco's 1.8-billion-line scan is the largest real-world test of that thesis to date. The company's decision to withhold the actual bug count, however, leaves the rest of the industry with a tantalizing but incomplete proof-of-concept—and a new, AI-driven disclosure cadence that suggests the volume of findings was significant enough to require a permanent operational change.