May 24
/
Latest News
Anthropic’s Project Glasswing Uncovers Thousands of High‑Risk Software Flaws in First Month
Anthropic says its new Project Glasswing initiative has already uncovered more than 10,000 high‑severity software vulnerabilities worldwide, using its Mythos Preview AI model to help critical organizations detect flaws before attackers can exploit them.
Anthropic revealed on Friday that its new cybersecurity initiative, Project Glasswing, has already identified more than 10,000 high‑ or critical‑severity vulnerabilities across some of the world’s most essential software systems. The program quietly launched last month, giving a select group of about 50 partners early access to Claude Mythos Preview, a frontier‑level AI model designed to autonomously spot weaknesses in widely used codebases before threat actors can take advantage of them.
Of the thousands of issues flagged so far, 6,202 were initially categorized as high‑ or critical‑severity vulnerabilities affecting over 1,000 open‑source projects. After deeper analysis, researchers confirmed 1,726 of these as legitimate flaws, with 1,094 posing serious security risks. One of the most significant discoveries was a critical WolfSSL bug (CVE‑2026‑5194, CVSS 9.1) that could allow attackers to forge certificates and impersonate trusted services. The initiative has already led to nearly 100 upstream patches and dozens of security advisories.
Anthropic noted that while AI makes it dramatically easier to uncover vulnerabilities, fixing them remains a far more complex and time‑consuming challenge. The surge in AI‑assisted discovery is already reshaping the industry, with major vendors like Microsoft warning that monthly patch volumes will continue to grow.
Security researchers have praised Mythos Preview for its ability to analyze source code with a defensive mindset and even chain vulnerabilities into full attack paths. But its usefulness extends beyond code review. In one case, a partner bank used the model to detect and stop a fraudulent $1.5 million wire transfer after a threat actor compromised a customer’s email and attempted to validate the transaction through spoofed phone calls.
With similarly capable models expected to become more widely available, Anthropic is urging developers to accelerate patch cycles and release fixes faster. Some companies, including Oracle, have already shifted to monthly patching to keep pace with the evolving threat landscape.
The company is also rolling out a Cyber Verification Program that lets vetted security professionals use its models without guardrails for legitimate research, penetration testing, and red‑team operations—mirroring OpenAI’s Daybreak program for GPT‑5.5‑Cyber. Neither Mythos Preview nor GPT‑5.5‑Cyber is publicly available yet due to concerns about potential misuse.
Anthropic emphasized that Glasswing is meant to give critical defenders an advantage, but warned that organizations everywhere need to strengthen their security posture. The company hopes its broader suite of tools and research will help more teams harden configurations, enforce multi‑factor authentication, and maintain the logging needed for rapid detection and response.
Anthropic revealed on Friday that its new cybersecurity initiative, Project Glasswing, has already identified more than 10,000 high‑ or critical‑severity vulnerabilities across some of the world’s most essential software systems. The program quietly launched last month, giving a select group of about 50 partners early access to Claude Mythos Preview, a frontier‑level AI model designed to autonomously spot weaknesses in widely used codebases before threat actors can take advantage of them.
Of the thousands of issues flagged so far, 6,202 were initially categorized as high‑ or critical‑severity vulnerabilities affecting over 1,000 open‑source projects. After deeper analysis, researchers confirmed 1,726 of these as legitimate flaws, with 1,094 posing serious security risks. One of the most significant discoveries was a critical WolfSSL bug (CVE‑2026‑5194, CVSS 9.1) that could allow attackers to forge certificates and impersonate trusted services. The initiative has already led to nearly 100 upstream patches and dozens of security advisories.
Anthropic noted that while AI makes it dramatically easier to uncover vulnerabilities, fixing them remains a far more complex and time‑consuming challenge. The surge in AI‑assisted discovery is already reshaping the industry, with major vendors like Microsoft warning that monthly patch volumes will continue to grow.
Security researchers have praised Mythos Preview for its ability to analyze source code with a defensive mindset and even chain vulnerabilities into full attack paths. But its usefulness extends beyond code review. In one case, a partner bank used the model to detect and stop a fraudulent $1.5 million wire transfer after a threat actor compromised a customer’s email and attempted to validate the transaction through spoofed phone calls.
With similarly capable models expected to become more widely available, Anthropic is urging developers to accelerate patch cycles and release fixes faster. Some companies, including Oracle, have already shifted to monthly patching to keep pace with the evolving threat landscape.
The company is also rolling out a Cyber Verification Program that lets vetted security professionals use its models without guardrails for legitimate research, penetration testing, and red‑team operations—mirroring OpenAI’s Daybreak program for GPT‑5.5‑Cyber. Neither Mythos Preview nor GPT‑5.5‑Cyber is publicly available yet due to concerns about potential misuse.
Anthropic emphasized that Glasswing is meant to give critical defenders an advantage, but warned that organizations everywhere need to strengthen their security posture. The company hopes its broader suite of tools and research will help more teams harden configurations, enforce multi‑factor authentication, and maintain the logging needed for rapid detection and response.
Executive IT Forums, Inc.
Educational Programs on Information Technology, Governance, Risk Management, & Compliance (GRC).
Our Newsletter
Get regular updates on CPE programs, news, and more.
Thank you!
Copyright © 2026 Executive IT Forums, Inc. All Rights Reserved.
Get started
Let us introduce our school
Write your awesome label here.