Back to Blog
AI hackingProject Glasswingaccount security2FApassword manager

AI Can Now Hack Anything. Here's What That Means for Your Accounts

ScamSecurityCheck Team
April 9, 2026
5 min read
Share:

AI Can Now Hack Anything. Here's What That Means for Your Accounts

Anthropic — the company behind Claude — just announced something that should make every person with a bank account, email, or smartphone pay attention.

They built an AI system called Project Glasswing (sometimes referred to by its internal name, "Mythos") that is so effective at finding security flaws in software, they've decided it's too dangerous to release publicly. Read that again. The company that built it — one of the most well-respected AI labs in the world — is keeping it locked down because of what it could do in the wrong hands.

This isn't science fiction. This is right now. And it changes what you need to do to protect your accounts.

What Actually Happened (In Plain English)

Anthropic's researchers pointed an AI at the software running browsers, operating systems, and popular apps — the same software running on your phone and laptop right now. The AI found previously unknown security flaws across every major system they tested. Not one or two. Dozens. In software that thousands of engineers have been trying to secure for decades.

The AI did in hours what would take a team of human hackers months. And it did it without anyone telling it what to look for.

Anthropic isn't releasing the tool. They're quietly working with software makers to patch the holes it found. But here's the uncomfortable truth: what Anthropic built, others will eventually build too. The research is out there. The blueprint exists. And not every company building AI is going to be as careful.

Why This Matters to You

You might be thinking: "I'm not a government, I'm not a Fortune 500 company, nobody's going to aim a million-dollar AI tool at me." And you'd be right — today.

But this is the signal flare for where things are going. When AI-powered security tools become cheaper and more widely available (which always happens), the same capabilities that found flaws in Chrome and Windows will start finding flaws in:

  • The app your bank uses
  • The browser extensions you installed and forgot about
  • The old router in your closet that hasn't had a firmware update in three years
  • The smart doorbell that hasn't been touched since you set it up
  • The apps on your phone you never update

Every piece of outdated software on your devices is a door. Historically, those doors were hard to find. AI is about to make them easy.

What Scammers Will Do With This

Scammers are already using AI for phishing emails, voice cloning, and deepfake videos. The next wave will be more dangerous:

  • Mass-scale vulnerability hunting. Instead of targeting one victim, scammers will scan millions of devices for the same weak points and exploit them automatically.
  • Perfect fake login pages. AI can already generate pixel-identical copies of your bank's login screen. Now it can find and exploit the tiny browser bug that lets it hijack your real session.
  • Account takeover at scale. Password reuse is already the #1 way people get hacked. AI will make the math work even harder against you.

5 Things to Do Right Now

You don't need to panic. You need to patch. These five steps will block the vast majority of AI-assisted attacks before they can reach your accounts.

1. Update every device and app immediately. Phone, laptop, tablet, router, smart home devices — all of them. The patches software makers are releasing right now are literally the fixes for the holes AI is finding. An unpatched device is an open door.

2. Turn on two-factor authentication (2FA) for every important account. Email, banking, crypto, social media. Even if a scammer steals your password, 2FA stops them cold. Use an authenticator app (Google Authenticator, Authy, or your password manager's built-in option) instead of SMS when possible.

3. Use a password manager. If you reuse passwords across accounts, one breach compromises all of them. Password managers generate strong unique passwords for every site. The good ones (1Password, Bitwarden, your browser's built-in one) are free or cheap and they make your life easier, not harder.

4. Be extra suspicious of any login page you didn't navigate to yourself. If a link in a text, email, or DM drops you on a login screen — even if it looks perfect — don't enter your credentials. Open a new tab and go directly to the site yourself. AI-generated fake login pages are about to get a lot better.

5. Check haveibeenpwned.com for your email address. It'll show you every known data breach your email has been part of. If anything comes up, change those passwords immediately.

The Bottom Line

Anthropic isn't trying to scare you. They're trying to give the security world time to catch up before this capability spreads. The best thing you can do with that warning is treat it like the early alert it is.

Patch your devices. Turn on 2FA. Stop reusing passwords. Don't click login links you didn't expect. These four habits alone will put you ahead of 90% of everyone else.

And if something looks off — a text, a login prompt, a link, a call — don't trust your gut and click through it.

Scan it at ScamSecurityCheck.com first.

CD

Courtney Delaney

Founder, ScamSecurityCheck

Courtney Delaney is the founder of ScamSecurityCheck, dedicated to helping people identify and avoid online scams through AI-powered tools and education.

Learn more

Support Our Mission

ScamSecurityCheck is built to protect people from online fraud. Your contribution helps us keep building free security tools and resources.

Found This Helpful?

Try our free AI-powered Scam Scanner to analyze suspicious messages and protect yourself from fraud.

Try the Scam Scanner