This is an announcement which scares the shit out of my senior managers (highly technical ex Googlers): https://www.anthropic.com/glasswing
Will OpenWRT consider contacting them to get access to their AI security scanning? They offer an open source program: https://claude.com/contact-sales/claude-for-oss
Why?
The page explains very little. In fact, the second link never mentioned security scanning.
Basically, such tools, if and when they reach the wrong people, can be used by total unskilled people to find and exploit security issues which were previously missed by multiple security audits.
They give specific examples from OpenBSD and Linux, including chaining of security issues to gain privilege escalation on Linux.
It's not as if exploit toolkits and paying shady entities for zero-days didn't exist before. Bugs happen, stay on top of it, there's nothing else you can do anyways.
The issue is that this tool takes bug hunting and exploitation to a whole new industrial level that doesn't require much expertise. Any “script kiddy” can use it if they get their hands on it.
Other AI tools demonstrated ability to disassemble machine code and ability to comprehend ancient code (e.g. COBOL) to find security bugs in it and write exploits for them.
I've been in this industry for four decades now, this is a new and scary level.
Have you also read https://www.anthropic.com/claude-for-oss-terms?
Some more reading ;- ) https://red.anthropic.com/2026/mythos-preview/
See https://lists.openwrt.org/pipermail/openwrt-devel/2026-April/044693.html, specifically the section "Open Source sponsoring".