Ghost CMS had never had a critical vulnerability. Not one. 50,000 GitHub stars, a decade of security-conscious developers trusting it with their content. The kind of platform people move to when they’re worried about WordPress security.
Then Anthropic’s red team pointed Claude at it — and 90 minutes later, it was over.
CVE-2026-26980: a blind SQL injection in Ghost’s Content API. Unauthenticated. An attacker could read the admin database, create admin accounts, and take full control of any Ghost installation. No special tools required — just a VM and standard utilities.
This wasn’t a contrived lab test. Nicholas Carlini, Anthropic’s Frontier Red Team researcher, did the demo live. Ghost wasn’t picked because it was weak. It was picked because it was strong.
Your site probably isn’t Ghost. That’s not reassurance — it’s the problem.
What Anthropic actually announced
On April 7, Anthropic unveiled Project Glasswing — a defensive coalition with AWS, Apple, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, NVIDIA, and Palo Alto Networks. The roster alone tells you how seriously they’re taking this.
At the center of it: Claude Mythos Preview, which Anthropic describes as “currently far ahead of any other AI model in cyber capabilities.” It’s not a product — Anthropic says they “do not plan to make Claude Mythos Preview generally available.” Coalition members get access for defensive work. Everyone else gets the warning.
Here’s what Mythos did in controlled testing:
- Found thousands of zero-day vulnerabilities across every major OS and every major web browser
- Discovered a 27-year-old bug in OpenBSD — a system famous for its security track record
- Found a 16-year-old bug in FFmpeg that survived 5 million automated test runs
- Scored 93.9% on SWE-bench Verified (Claude Opus 4.6 scores 80.8%)
- Found thousands of high-severity vulnerabilities across production open-source codebases
Anthropic isn’t selling this as a product. They committed $100M in usage credits and $4M to open source security organizations. This is a warning dressed as an announcement.
The window just closed
CrowdStrike’s CTO Elia Zaitsev, speaking at the Glasswing announcement: “The window between a vulnerability being discovered and being exploited by an adversary has collapsed — what once took months now happens in minutes with AI.”
That’s not marketing language. That’s the CTO of the world’s largest endpoint security company telling you the rules changed.
Think about what Ghost’s story actually means. This wasn’t a neglected WordPress plugin maintained by one person. Ghost is well-funded, well-maintained, and actively audited. It didn’t matter. The vulnerability had been sitting there, undiscovered by humans, for years. Claude found it in the time it takes to watch a movie.
And Anthropic is being unusually direct about what comes next. From the Glasswing announcement: these capabilities will proliferate “potentially beyond actors who are committed to deploying them safely.”
They’re not saying it might happen. They’re saying it will.
The math that already doesn’t work
You don’t need Mythos-level AI to see the problem. The numbers from 2025 are bad enough.
WordPress had 11,334 new vulnerabilities last year — a 42% increase over the year before. 96% came from plugins. 43% of those vulnerabilities need zero authentication to exploit. At the time of disclosure, 46% had no patch available.
90,000 WordPress sites get hacked per day. Per day.
The AI Engine WordPress plugin — active on 100,000 sites — exposed bearer tokens via its REST API, giving AI agents full admin access. CVSS 9.8. An AI plugin that gives AI agents admin access. Someone’s going to have to explain that one.
So: vulnerabilities are increasing, patches are lagging, automated attacks are scaling, and the best vulnerability-finding AI ever built just proved it can crack even the careful platforms.
Why static sites are structurally different
Here’s the thing most security advice misses. It’s not about being more careful. It’s not about better plugins or faster patching or stronger passwords. It’s about attack surface.
A dynamic CMS — WordPress, Ghost, any database-backed system — has a surface area:
- A database (SQL injection, data exfiltration)
- Plugins/extensions (96% of WordPress vulns)
- A login page (brute force, credential stuffing)
- Server-side code running PHP, Node, or Python (remote code execution)
- Admin APIs (the exact vector in Ghost’s CVE)
Every one of those is a door. AI doesn’t get tired of trying doors.
A static site has none of them. No database to inject. No plugins to exploit. No login page to brute-force. No server-side language to hijack. It’s HTML, CSS, and JavaScript files served from a CDN. When Mythos scans a static site for 90 minutes, it finds nothing — because there’s nothing to find.
This isn’t a security feature someone added. It’s the absence of the things that make attacks possible.
”But my site has never been hacked”
Neither had Ghost CMS. That’s the point.
Your site’s safety was never about how careful you were. It was about how hard attacks used to be. That just changed — permanently.
A few objections I expect:
“Mythos isn’t public, so I’m safe.” Anthropic explicitly warns similar capabilities will reach bad actors. They built an entire defensive coalition around this assumption. The time to act is before the threat is mainstream, not after.
“Plugins will get patched.” 46% of 2025 WordPress vulnerabilities had no patch at the time of disclosure. And that’s the current pace — before AI accelerates vulnerability discovery on the attacker side too.
“I’m on Webflow/Wix, so it’s their problem.” Partially true. The platform handles server security. But your content and design are locked in — Webflow’s exported code excludes CMS, User Accounts, and Ecommerce data. Wix sites must be hosted on Wix servers. If you decide you want out, the exit is narrow.
What you can actually do
You don’t need to become a security expert. You need to not be a target.
Nua converts your existing site — whatever platform it’s on — into owned Astro code. Same design, same content. No server, no database, no plugins. Deployed from a CDN. Static by default.
The conversion is $3/page, or $499 for a full done-for-you migration. You get production-ready code in your own repository. Your old site stays live until you switch.
For non-technical editing, there’s a Live Editor — click the text, change it, done. Or just message us on WhatsApp and we’ll make the update. No dashboards, no plugins, no attack surface.
Who this is for
If your website is mostly content — marketing pages, a blog, a portfolio — and it sits on WordPress, Ghost, Webflow, or something similar, that’s you. You don’t need a database to serve pages. You don’t need plugins to display text. Every piece of that infrastructure is attack surface you’re carrying for no reason.
If you actually need a full CMS — complex editorial workflows, multi-channel publishing, structured content APIs — that’s a different situation. Keep it. Just make sure you’re choosing it for what it gives you, not because you assumed you couldn’t leave.
FAQ
Does going static mean I lose my blog? No. Astro uses Markdown content collections — blog posts are files that build into pages. No database needed.
What about forms and interactive features? Forms work through services like Formspree or Netlify Forms. Astro supports React, Vue, and Svelte components. The static foundation handles security. React, Vue, and Svelte handle the rest.
Is this really more secure, or just differently insecure? Static sites still need CDN-level protection — DDoS, HTTPS. But the entire class of application-layer attacks — SQL injection, plugin exploits, admin brute-force, remote code execution — simply doesn’t apply. There’s no application layer to attack.
Anthropic isn’t making Mythos generally available. But they told us it exists, and they told us what it can do. That’s not a product announcement. That’s a countdown.
See your site converted — free preview, no account needed.
Manage client sites? Free preview for agency projects →