Project Glasswing by Antropic didn’t just find the bugs. It also found the real vulne
Project Glasswing by Antropic didn’t just find the bugs. It also found the real vulne
https://www.calcalistech.com/ctechnews/article/bjs11f8xlgx
Publish Date: 2026-05-24 07:02:00
Source Domain: www.calcalistech.com
In one month, Claude Mythos found over 10,000 critical vulnerabilities across the world’s most important software. Mozilla found 271 vulnerabilities in Firefox – ten times more than with the previous model. Cloudflare – 2,000 flaws, 400 of them critical, with a lower false positive rate than human testers. Palo Alto released five times its usual volume of security patches. wolfSSL, a cryptography library running on billions of devices, contained a flaw that would have let attackers forge certificates for any bank or email provider – completely invisible to an end user. AI caught it before the attackers did.
But that’s not the story.
The story is that out of 6,200 critical vulnerabilities found in open-source software alone, only 75 have been patched. Some open-source maintainers even actually asked Anthropic to slow down its disclosures. Anthropic’s own words from this week’s update: “even at our relatively slow pace of disclosures, Mythos Preview is adding to an already-overloaded security ecosystem”.
1 View gallery
Alon Cinamon.
(Yoni Reif)
The assumption that broke – and the system built around it
For thirty years, cybersecurity was built on one foundational assumption: finding vulnerabilities is the hard part. Slow, expensive, requiring rare expertise. So every system downstream was calibrated for that pace – the 90-day disclosure windows, the coordinated vulnerability programs, the patch release cycles, the manual triage processes, the open-source maintainer model running on volunteer capacity with no security budget and no SLA.
Those systems are broken by design – built around a constraint that no longer exists. When you remove the bottleneck of finding vulnerabilities without redesigning what comes after it, you get a flood hitting a wall and not a faster pipeline.
As Anthropic noted this week: there is currently a long lag between discovery, patch creation, and deployment at scale. Mythos-class models shrink the time and cost required to find and exploit…
