More than 10,000 high- or critical-severity vulnerability candidates have been uncovered since Project Glasswing launched last month, with 1,726 confirmed true positives and 1,094 assessed as high or critical.
About 50 partners used Anthropic's Claude Mythos Preview to scan widely used software, producing 6,202 serious flaw reports across more than 1,000 open-source projects.
Ninety-seven findings have already been patched upstream and 88 advisories issued, though Anthropic said AI is making bug discovery much easier than remediation.
One confirmed case was a WolfSSL flaw rated 9.1 that could let attackers forge certificates, while a partner bank also used the model to stop a fraudulent $1.5 million wire transfer.
Anthropic urged faster patch cycles and launched a Cyber Verification Program for vetted security researchers as frontier cyber models remain restricted over misuse concerns.
With AI turning patches into exploits within minutes, how can defenders possibly keep pace with this new speed of attack?
As AI accelerates an unwinnable cyber arms race, are we creating more problems than we solve?
AI-Powered Project Glasswing Sets New Record in Vulnerability Discovery—But Can the Industry Keep Up?
Overview
Launched by Anthropic in April 2026, Project Glasswing quickly set a new benchmark in cybersecurity by using the advanced Claude Mythos Preview AI model. Anthropic described this AI as exceptionally powerful, even too potent for public release, due to its abilities in software coding and cybersecurity. The main goal of Project Glasswing is to use this frontier AI to find and help fix software flaws, which boosts security resilience and reduces cyber and business risks. In its first month, the project demonstrated an unprecedented scale of vulnerability discovery, highlighting the transformative impact of advanced AI in defending against cyber threats.