Project Glasswing Finds 10,000 Critical Flaws With 50 Partners as Patching Becomes Bottleneck
Updated
Updated · Anthropic · May 20
Project Glasswing Finds 10,000 Critical Flaws With 50 Partners as Patching Becomes Bottleneck
10 articles · Updated · Anthropic · May 20
More than 10,000 high- or critical-severity vulnerabilities were uncovered in a month by Project Glasswing and about 50 partners using Claude Mythos Preview across critical software.
6,202 of those findings came from 1,000-plus open-source projects; after independent review of 1,752 cases, 90.6% were valid and 62.4% were confirmed high or critical.
530 high- or critical-severity open-source bugs have been disclosed so far, but only 75 are patched, underscoring Anthropic’s warning that verification, disclosure and fixes—not discovery—now constrain cyber defense.
Partner results point to a sharp jump in bug-finding speed: Cloudflare reported 2,000 bugs including 400 high or critical, while Mozilla said Mythos helped find 271 Firefox 150 vulnerabilities—more than 10 times its Firefox 148 total.
Anthropic said Mythos-class models remain unreleased because safeguards are insufficient, while it expands Glasswing, launches enterprise security tools and backs open-source triage efforts to prepare for broader AI-driven vulnerability discovery.
Did an AI project to secure the internet accidentally create the world's largest-ever attack surface?
With AI finding flaws faster than humans can fix them, are we already losing the new cyber arms race?
From Discovery to Defense: How AI is Exposing Thousands of Vulnerabilities and Overwhelming Cybersecurity Teams
Overview
The cybersecurity landscape is rapidly changing as advanced AI models, like Anthropic’s Claude Mythos Preview, are now able to identify software vulnerabilities at an unprecedented scale. Project Glasswing leverages these frontier AI capabilities for defense, dramatically lowering the cost and expertise needed to find and exploit flaws. This surge in AI-driven discovery exposes hidden weaknesses faster than ever, creating a race between defenders and malicious actors who may adopt similar technologies. As a result, organizations face urgent challenges in patching vulnerabilities and must adapt quickly to keep pace with both the opportunities and risks brought by AI.