The Threat
The exploits aren't new.
The speed is.
In April 2026, Anthropic announced Claude Mythos — an AI model so capable at finding software vulnerabilities that they deemed it too dangerous for public release. They launched Project Glasswing with Amazon, Apple, Google, Microsoft, NVIDIA, and the Linux Foundation. The Federal Reserve convened emergency meetings with bank CEOs.
This is the right response to the wrong layer of the problem.
The real problem Glasswing fixes the software. Nobody is fixing the topology.
Glasswing's mission is correct: use Mythos to find and patch vulnerabilities before attackers do. Every patched OS, every hardened browser, every secured API endpoint is better off for it.
But every one of those systems is still sitting on centralized cloud infrastructure, routable endpoints, and carrier-dependent networks that are themselves attack surfaces. The software gets better. The topology stays the same.
The vulnerabilities Mythos is finding have been around for years. The point is what happens when Mythos — or something like it — gets into the hands of bad actors. Every public record accessible through a site with an attack surface on the Internet becomes a target at machine speed. Not one at a time. All of them. Simultaneously. Autonomously.
No amount of code hardening changes the fundamental problem: if a system is reachable from the Internet, it can be found. If it can be probed at machine speed by an AI that chains vulnerabilities autonomously, the window between discovery and exploitation approaches zero.
The architectural answer Remove private content from the Internet entirely.
I would very much like to see all private content removed from the Internet and accessed only through things like mailboxes and dead drops. No more live connections between the unknown and the sensitive.
This is not a new idea. It is the original idea. The ARPANET was designed as a network of independent networks — autonomous systems that could function alone and cooperate when they chose to. We traded all of that for the cloud.
FrogNet restores the original architectural principle: local authority, local computation, local data — with connectivity as a coordination channel between sovereign systems, not a prerequisite for any of them to function.
A FrogNet deployment with an optional Internet uplink gives organizations local application infrastructure that is unreachable by design, with cloud access available when needed — and severable when compromised. The defender is always present. The attacker loses their window the moment the uplink drops.
Two layers, one defense Glasswing hardens the code. FrogNet removes it from the attack surface.
What Glasswing does: Finds and patches software vulnerabilities using AI. Makes every piece of code it touches harder to exploit. Essential work. Necessary. But it assumes the attacker can reach the target.
What FrogNet does: Eliminates the attack surface by architecture. No server to compromise. No endpoint to exploit. No persistent connection between the unknown and the sensitive. The attacker can't find what isn't there.
Together, these represent a complete defensive posture for the AI era — hardened code running on a network that was never reachable in the first place. FrogNet doesn't compete with Glasswing. It completes it.
Why open source now This threat belongs to everyone. The defense must too.
I have been developing FrogNet for years, with the intent of taking it public sooner or later. I have spent more than $500,000 of personal funds building this system. My only income source is social security.
My perception of the threat that Mythos-class attackers represent convinced me that, despite everything I have spent — both time and money — this needs to be in the public domain. Not in five years. Not after a funding round. Now.
The only thing standing between here and open source is approximately $10,000 to file four defensive provisional patents and form the Foundation that will hold them.