Anthropic said its AI Project Glasswing found over 10,000 serious vulnerabilities in one month, exposing a growing patching gap.
Anthropic announced on Friday that Project Glasswing, its defensive cybersecurity initiative built around Claude Mythos Preview, has uncovered more than 10,000 high- or critical-severity vulnerabilities in the month since the program went live. The number is impressive, but the breakdown is what tells the real story.
Project Glasswing is a joint effort led by Anthropic with major tech and security firms (Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks) to protect critical software using advanced AI.
It leverages Claude Mythos Preview, a powerful model capable of finding and exploiting vulnerabilities at a level beyond most humans.
The goal is to use these capabilities defensively, helping organizations detect and fix flaws before attackers can exploit them. Anthropic is sharing access with partners and funding the initiative to strengthen both proprietary and open-source software security.
Glasswing brings together major tech and security companies to use Mythos defensively, helping secure critical software and infrastructure. Anthropic plans to limit access for now, hoping to improve global cybersecurity before such powerful tools become widely available.
In the first month, Mythos analyzed code across over 1,000 open-source projects and flagged 6,202 high- or critical-severity vulnerability candidates. After human validation, because AI-generated findings still require expert review,1,726 turned out to be real, exploitable flaws. Of those, 1,094 were confirmed as high- or critical-severity issues. That is the part that matters: more than a thousand genuinely serious vulnerabilities in a single month, across software that millions of people and organizations depend on every day.
One example Anthropic called out: a critical flaw in WolfSSL (CVE-2026-5194, CVSS 9.1) that could let an attacker forge certificates and impersonate legitimate services. The kind of bug that, if exploited at scale, undermines trust in encrypted communications across entire ecosystems. WolfSSL is embedded in IoT devices, network equipment, and industrial systems worldwide. A forged certificate vulnerability in that context is not an academic concern.
So far, Glasswing’s findings have resulted in 97 patches landing upstream and 88 security advisories being published. That sounds like progress, and it is. But here is the uncomfortable part Anthropic acknowledged openly in its announcement:
“The relative ease of finding vulnerabilities compared with the difficulty of fixing them amounts to a major challenge for cybersecurity.” reads the announcement. “Confronting this challenge successfully will make our software far safer than before. Below we discuss some ways that cyber defenders can adapt.”
The concept is simple: Anthropic is warning that they can now find flaws faster than the ecosystem can patch them. That imbalance is not new, but AI has made it asymmetric in a way that changes the dynamics. When a single model can surface over a thousand critical vulnerabilities in a month, and patching cycles still operate on timelines measured in weeks or months, the gap between discovery and remediation becomes a structural problem.
Software vendors are already feeling the pressure. Microsoft noted recently that the number of patches it expects to release monthly will continue trending larger for some time, a direct acknowledgment that AI-assisted vulnerability discovery is flooding the pipeline. Companies like Oracle, historically on a slower patch cadence, have moved to a monthly critical security update cycle.
All of this is happening because the rate at which vulnerabilities are being discovered has fundamentally changed.
That last point is what makes this more than an incremental improvement. Finding a vulnerability is one thing. Building a working exploit that chains multiple bugs together to achieve remote code execution or privilege escalation is another. Mythos can do both.
Anthropic also shared a use case that goes beyond static code analysis. One of Glasswing’s partner banks used Mythos to detect and block a fraudulent $1.5 million wire transfer. An attacker had breached a customer’s email account and made spoof phone calls attempting to authorize the transfer. The AI model flagged the activity as anomalous and prevented the transaction from completing. That is a different kind of security application, behavioral fraud detection rather than software vulnerability research, but it shows the model’s capabilities.
What happens when models like this become public? The same capabilities can be used defensively. Initiatives like Project Glasswing aim to harness AI to detect and fix vulnerabilities at scale, helping secure critical infrastructure. The challenge now is to deploy these tools responsibly and quickly, ensuring defenders stay ahead in an AI-driven cybersecurity landscape.
Currently, there are not yet adequate safeguards to prevent large-scale misuse.
“The speed of AI progress means that models as capable as Mythos Preview will soon be developed by many different AI companies. At present, no company—including Anthropic—has developed safeguards strong enough to prevent such models from being misused and potentially causing severe harm.” concludes the announcement. “That is why we have yet to release Mythos-class models to the public. But it’s also why we began Project Glasswing: if a similarly capable model is released without such safeguards, it will soon become dramatically cheaper and easier for almost anyone in the world to exploit flawed software.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Project Glasswing)