An AI cybersecurity initiative dubbed Project Glasswing has successfully identified over 10,000 high- and critical-severity software vulnerabilities since its launch last month. Anthropic, the artificial intelligence company leading the project, disclosed that a select group of approximately 50 partners gained access to Claude Mythos Preview, a powerful frontier model designed to detect flaws in widely-used software.
The initiative’s findings highlight the growing challenge of securing complex software ecosystems. Out of the reported vulnerabilities, 6,202 were classified as high- or critical-severity, impacting over 1,000 open-source projects. Subsequent analysis confirmed 1,726 of these as valid issues, with 1,094 designated as high or critical. A notable discovery was a critical flaw in WolfSSL (CVE-2026-5194), which carried a CVSS score of 9.1 and could have allowed attackers to forge certificates and impersonate legitimate services. These security efforts have already resulted in 97 patches being implemented upstream and 88 advisories being issued.
AI-Driven Vulnerability Discovery Reshapes Cybersecurity Landscape
Anthropic acknowledged that the “relative ease of finding vulnerabilities compared with the difficulty of fixing them amounts to a major challenge for cybersecurity.” The company believes that successfully confronting this issue will significantly enhance software safety. This development arrives as software vendors are increasingly shipping a larger volume of fixes, partly attributed to the rise of AI-assisted vulnerability discovery. Microsoft has indicated that the number of monthly patches it expects to release will “continue trending larger for some time.”
The capabilities of Claude Mythos Preview are being hailed as a significant advancement in the field. The autonomous offensive security platform XBOW described Mythos Preview as “a major advance” that is “substantially better than prior models at finding vulnerability candidates” and “adept at analyzing source code with a security mindset.” Recent analyses have also demonstrated the model’s proficiency in mapping vulnerabilities into comprehensive end-to-end attack chains.
Beyond Vulnerability Detection: Broader AI Applications
The utility of Mythos Preview extends beyond mere vulnerability identification. In one instance, a partner bank reportedly used the AI model to detect and prevent a fraudulent wire transfer totaling $1.5 million. This occurred after an unidentified threat actor compromised a customer’s email account and initiated spoofed phone calls, demonstrating the AI’s potential in real-time threat mitigation.
Given the potential for similar AI models to become widely available soon, Anthropic is urging software developers to accelerate their patch cycles and expedite the deployment of security fixes. This call to action is echoed by industry trends, such as Oracle’s recent shift to a monthly patch cycle specifically to address critical security issues.
“Network defenders should shorten their patch testing and deployment timelines,” Anthropic advised. They also recommended implementing foundational security measures such as “hardening networks’ default configurations, enforcing multi-factor authentication, and keeping comprehensive logs for detection and response.”
In parallel, Anthropic has launched a Cyber Verification Program. This initiative allows security professionals to utilize its AI models without certain operational guardrails for legitimate purposes like vulnerability research, penetration testing, and red teaming exercises. This program shares similarities with OpenAI’s Daybreak offering, which enables defenders to leverage GPT-5.5-Cyber for specialized cybersecurity workflows.
Models like Mythos Preview and GPT-5.5-Cyber are not yet publicly accessible due to concerns about the current lack of adequate safeguards against potential large-scale misuse. “Glasswing helps the most systemically important cyber defenders gain an asymmetric advantage,” Anthropic stated. “However, there is an urgent need for as many organizations as possible to shore up their cyber defenses. We hope that our generally available models, and the new tools, resources, and research we’re providing to accompany them, will support those organizations to improve their cybersecurity posture.” The ongoing development and deployment of these advanced AI tools by companies like Anthropic suggest a future where AI plays an increasingly critical role in both offense and defense within the cybersecurity domain, necessitating a proactive and adaptive approach from all organizations.