Anthropic Reports Over 10,000 Critical Software Vulnerabilities Found in First Month of Project Glasswing

Anthropic reported in an update that Project Glasswing partners have discovered over 10,000 high or critical software vulnerabilities using its Claude Mythos Preview model. The project, launched last month, involves around 50 partners focused on securing critical software infrastructure before advanced AI systems can be misused against it.

According to Anthropic, individual partners such as Cloudflare identified about 2,000 bugs, with roughly 400 rated as high or critical severity. External evaluations support these findings, with the UK AI Security Institute confirming that Mythos Preview successfully solved both of its simulated multistep cyberattack challenges. Mozilla reported that the model helped detect and fix more than ten times as many vulnerabilities in Firefox 150 as compared to earlier versions.

Anthropic has also used Mythos Preview to scan over 1,000 open source projects, identifying more than 6,200 high or critical issues. Of those reviewed by independent security firms, over 90 percent were confirmed as valid, and more than 60 percent were rated as high or critical severity. One example involved a vulnerability in the wolfSSL cryptography library, which has since been patched.

The company noted that the main bottleneck now lies in verifying and patching the large volume of vulnerabilities rather than finding them. Anthropic plans to continue its collaboration with partners and governments to expand Project Glasswing while it develops stronger safeguards before publicly releasing Mythos class models.