Key Takeaways
- Project Glasswing, launched with Claude Mythos Preview, has already uncovered >10 000 high‑ or critical‑severity vulnerabilities across critical software in just one month.
- Partners report 10× faster bug‑finding rates; external benchmarks (UK AI Security Institute, Mozilla, XBOW, ExploitBench/ExploitGym) confirm Mythos Preview’s superior exploit‑generation precision.
- The bottleneck has shifted from discovering flaws to verifying, triaging, and patching them, straining maintainers and slowing deployment despite rapid detection.
- Open‑source scanning of >1 000 projects yielded ≈6 200 estimated high‑/critical bugs, with a post‑triage true‑positive rate of ≈90 %, suggesting nearly 3 900 confirmed severe flaws will emerge.
- Cyber‑defenders must shorten patch cycles, improve update delivery, and adopt AI‑assisted tools (Claude Security, Cyber Verification Program, skill harnesses, threat‑model builder) to keep pace with AI‑driven threat discovery.
- Anthropic is withholding public release of Mythos‑class models until stronger safeguards exist, while expanding Project Glasswing with government and industry partners to harden critical code before widespread model availability.
Overview of Project Glasswing
Last month Anthropic announced Project Glasswing, a collaborative initiative designed to harden the world’s most critical software before increasingly capable AI models could be weaponized against it. By partnering with roughly fifty organizations that maintain essential internet and infrastructure code, the project leverages the Claude Mythos Preview model to surface vulnerabilities at unprecedented speed. The early weeks have already demonstrated a shift in the cybersecurity landscape: vulnerability discovery is no longer the limiting factor; instead, the speed of verification, disclosure, and patching now governs overall security progress.
Early Results and Partner Findings
Within the first month, each partner reported uncovering hundreds of high‑ or critical‑severity flaws, cumulatively exceeding ten thousand vulnerabilities. Cloudflare, for example, identified 2 000 bugs in its critical‑path systems, of which 400 were rated high or critical, and noted a false‑positive rate better than that of human testers. Several partners told Anthropic that their bug‑finding velocity had increased by more than a factor of ten, underscoring the model’s potency as a force multiplier for security teams.
Performance Evidence from External Testers
Independent evaluations corroborate the partner data. The UK’s AI Security Institute reported that Mythos Preview is the first model to solve both of its cyber‑range simulations end‑to‑end. Mozilla found and fixed 271 vulnerabilities in Firefox 150 while testing the model—over ten times more than in the prior release with Claude Opus 4.6. XBOW described Mythos Preview as a “significant step up over all existing models” on its web‑exploit benchmark, citing “absolutely unprecedented precision” on a token‑for‑token basis. Academic benchmarks ExploitBench and ExploitGym also rank Mythos Preview as the strongest performer in exploit‑generation capability.
Open‑Source Scanning Results
Anthropic extended Mythos Preview’s reach to the open‑source ecosystem, scanning more than 1 000 projects that underpin much of the internet. The model estimated 6 202 high‑ or critical‑severity vulnerabilities out of 23 019 total findings. After triage by six independent security firms (or Anthropic staff), 90.6 % of the assessed cases proved true positives, and 62.4 % were confirmed as high or critical. Projecting this rate forward suggests that even without further discoveries, Mythos Preview will surface nearly 3 900 confirmed severe flaws in open‑source code, a number expected to rise as scanning continues.
A Case Study: wolfSSL Vulnerability
One illustrative example involved wolfSSL, a widely deployed open‑source cryptography library. Mythos Preview crafted an exploit enabling attackers to forge certificates that could host counterfeit banking or email sites indistinguishable from legitimate ones. The vulnerability, now patched and assigned CVE‑2026‑5194, will be detailed in a forthcoming technical report. This case highlights how AI‑driven discovery can uncover subtle, high‑impact flaws that might evade conventional review.
Triage and Disclosure Process
Confirming each finding demands considerable human effort. Anthropic or its partners first reproduce the reported issue, reassess its severity, check for existing fixes, and then draft a detailed report for the software maintainers. Because maintainers already contend with a flood of low‑quality, AI‑generated bug reports, many have requested a slower disclosure rate to allow adequate time for patch development. On average, patching a high‑ or critical‑severity bug identified by Mythos Preview takes about two weeks.
Challenges in Patching
Despite the accelerated discovery pace, the number of publicly released patches remains modest. Three factors contribute: (1) the coordinated disclosure policy still waits up to 90 days before public release, (2) some patches are applied without accompanying advisories, making them invisible to external tracking, and (3) the security ecosystem is already overloaded, so even a measured disclosure flow adds strain. Consequently, the current bottleneck lies not in finding bugs but in the downstream processes of verification, patch creation, and deployment.
Adapting Cyberdefense Practices
To mitigate the interim risk of rapid discovery coupled with slower patching, organizations should adopt several best practices. Developers ought to shorten patch cycles and make security fixes available as quickly as possible, leveraging publicly available AI tools to accelerate fix generation. They should also streamline update delivery for end users, persisting with those still running vulnerable versions. Network defenders must compress patch testing and deployment timelines, while reinforcing foundational controls—such as hardened default configurations, multi‑factor authentication, and comprehensive logging—recommended by NIST and the UK NCSC. These measures reduce reliance on any single patch landing in time.
Tools for Public AI‑Assisted Security
Anthropic has begun translating its Glasswing experience into broadly usable aids. Claude Security, now in public beta for Claude Enterprise customers, lets teams scan codebases for vulnerabilities and generate proposed fixes; in three weeks it has helped patch over 2 100 flaws. The Cyber Verification Program permits security professionals to employ Anthropic’s models for legitimate research, penetration testing, and red‑teaming without certain misuse‑prevention safeguards. Additionally, Anthropic is sharing the skills (custom instructions), code‑mapping harness, and threat‑model builder that its partners used with Mythos Preview, aiming to lower the barrier for others to reap similar benefits from capable public models. Cisco’s open‑sourced Foundry Security Spec further assists defenders in building evaluation systems akin to those employed internally.
Supporting the Ecosystem
Recognizing the pressure on open‑source maintainers, Anthropic partnered with the Open Source Security Foundation’s Alpha‑Omega project to assist in processing and triaging bug reports. It continues to publish research on how frontier model capabilities can best aid cyberdefenders and supports the development of benchmarks like ExploitBench and ExploitGym through its External Researcher Access Program. Finally, Claude for Open Source pledges to scan any open‑source package Anthropic adopts in the future, reinforcing a virtuous cycle of secure code contribution.
What’s Next for Project Glasswing
As AI progress accelerates, models comparable to Mythos Preview will emerge from multiple developers. Anthropic has refrained from releasing such models publicly until robust safeguards are in place, lest they be misused to exploit software at scale. Project Glasswing aims to give critical defenders an asymmetric advantage by hardening vital code now, thereby reducing the eventual impact of widely available powerful models. The next steps include expanding the initiative with additional partners—including U.S. and allied governments—and, once stronger mitigations are ready, preparing a general release of Mythos‑class models. The ultimate vision is a ecosystem where essential software is hardened far beyond today’s baseline, making large‑scale hacking markedly less prevalent.
This summary captures the essential developments, findings, challenges, and recommendations discussed in the original Project Glasswing update, organized into clearly headed paragraphs for easy reference.