Securing the Vote Against Autonomous AI

As Anthropic's Project Glasswing identifies thousands of vulnerabilities, election officials must race to patch the gap before November

Those of you who know me, know that I’m generally not one who raises concerns unnecessarily. But there are two important developments in the technology world that election officials and stakeholders need to pay close attention to, one in the short term and one in the long term.

I’ll talk about the short-term concern in this post as it’s got the most immediate implications for the 2026 midterm elections.

If you follow tech news, you probably heard about Anthropic’s Project Glasswing. Anthropic has developed a new model, which they have not released to the public. This model, called Claude Mythos Preview, has such powerful cybersecurity implications, that Anthropic has decided to give access to this new model to a limited group of other tech companies.

Here’s the quick summary from Anthropic:

Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser. Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely. The fallout—for economies, public safety, and national security—could be severe. Project Glasswing is an urgent attempt to put these capabilities to work for defensive purposes.

So basically, Anthropic is giving access to this incredibly powerful new model to other tech companies, to effectively give the other tech companies the time to use this powerful new model to patch up their systems. Given that the new model is not public, and that access is limited to only Anthropic and a handful of other tech companies, it’s hard to really evaluate the risks that a model like this poses — in particular the risks that it might pose to election cybersecurity.

Kevin Roose of the New York Times wrote about Project Glasswing earlier this week, and he provided some important details in his reporting.

The company’s executives say Claude Mythos Preview is already capable of carrying out autonomous security research, including scanning for and exploiting so-called zero-day vulnerabilities in critical software programs, flaws that are unknown even to the software’s developer. These efforts can often be triggered by amateurs with simple prompts. The company claims that the new model has already identified “thousands” of bugs and vulnerabilities in popular software programs, including every major operating system and browser.

What this means is that AI models that are now begin developed by large tech companies appear to be able to find and possibly exploit vulnerabilities in software systems. “Amateurs” (which I guess means pretty much anyone with a computer and access to a model like this) could use this new tech to attack election software and systems.

That’s the threat that AI now represents to election infrastructure.

While Anthropic is not releasing this model to “amateurs,” there’s no reason to believe that others, in particular other nations that have adversarial relations with the United States, are not racing to develop AI models that represent such powerful threats to election cybersecurity. In fact, I think that we are at the point where we need to assume that our adversaries have access to models like Mythos Preview and that they will actively use them in this election cycle.

Thus, I don’t think that this is a threat that can easily be ignored for the 2026 midterms.

What can we do? There’s some obvious advice for election officials in the short term. There’s no doubt that the tech companies with access to Mythos Preview are racing to use it to identify and patch vulnerabilities in their software and their systems. Thus election officials and election tech vendors should pay close attention to system updates and system patches, and to the extent possible, keep all software systems up to date.

For election technologists and policy makers, we all should work to persuade Anthropic to add election technologies to the critical systems they are testing Mythos Preview on, and perhaps add election technology firms to Project Glasswing. We can’t ignore the threat that AI systems like these pose for election technologies and as we are on the cusp of a major federal election in November, we have to make sure that all voting technologies are as robust as possible to the threats that these new models pose.

So I think that there’s a lot of work ahead to ensure that U.S. election infrastructure as as robust as possible to these new threats. That these threats are coming at us during a major federal election cycle is concerning. But with appropriate and immediate steps by election officials, election technology companies, and stakeholders, with collaboration from Anthropic and the tech industry, we should be able to act quickly to keep our election infrastructure secure in 2026.

However, there is a longer-term technology development looming that we’ll need to also start to focus attention on — but that’ll be my next post.