Anthropic’s Glasswing: 10,000+ Vulnerabilities Found in One Month, and the Patching Problem Has Never Been More Obvious
Publish Date: 2026-05-24 05:15:00
Source Domain: securityaffairs.com
Anthropic’s Project Glasswing: 10,000+ Vulnerabilities Found in One Month, and the Patching Problem Has Never Been More Obvious
Pierluigi Paganini
May 24, 2026
Anthropic said its AI Project Glasswing found over 10,000 serious vulnerabilities in one month, exposing a growing patching gap.
Anthropic announced on Friday that Project Glasswing, its defensive cybersecurity initiative built around Claude Mythos Preview, has uncovered more than 10,000 high- or critical-severity vulnerabilities in the month since the program went live. The number is impressive, but the breakdown is what tells the real story.
Project Glasswing is a joint effort led by Anthropic with major tech and security firms (Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks) to protect critical software using advanced AI.
It leverages Claude Mythos Preview, a powerful model capable of finding and exploiting vulnerabilities at a level beyond most humans.
The goal is to use these capabilities defensively, helping organizations detect and fix flaws before attackers can exploit them. Anthropic is sharing access with partners and funding the initiative to strengthen both proprietary and open-source software security.
Glasswing brings together major tech and security companies to use Mythos defensively, helping secure critical software and infrastructure. Anthropic plans to limit access for now, hoping to improve global cybersecurity before such powerful tools become widely available.
In the first month, Mythos analyzed code across over 1,000 open-source projects and flagged 6,202 high- or critical-severity vulnerability candidates. After human validation, because AI-generated findings still require expert review,1,726 turned out to be real, exploitable flaws. Of those, 1,094 were confirmed as high- or critical-severity…
