Anthropic’s Project Glasswing Finds More Than 10,000 Major Software Flaws In Its First Month
Anthropic has reported a major early milestone for its Project Glasswing initiative, revealing that the programme has identified more than 10,000 high or critical severity vulnerabilities in systemically important software during its first month of operation.
The artificial intelligence company launched Project Glasswing as a defensive cybersecurity effort designed to help secure critical software infrastructure before increasingly capable AI systems can be used by malicious actors. The initiative gives a limited group of partners access to Claude Mythos Preview, an advanced AI model built to identify software vulnerabilities at scale.
Around 50 partners have been involved in the early phase of the programme, using Mythos Preview to scan critical software systems. According to Anthropic, the initiative has reached a point where the biggest constraint is no longer finding vulnerabilities, but verifying, disclosing and patching them responsibly.
The results suggest a significant shift in the cybersecurity landscape. If AI systems can rapidly identify thousands of serious flaws across widely used software, then defenders may be able to discover and fix weaknesses before attackers can exploit them. But the same capability also raises urgent questions about how quickly organisations can respond once vulnerabilities are uncovered.
Cloudflare reported finding 2,000 bugs across its critical path systems while using Mythos Preview, including 400 classified as high or critical severity. The company said the tool increased its bug finding rate by more than ten times.
Mozilla has also reported substantial results from its work with Anthropic. The release of Firefox 150 included fixes for 271 vulnerabilities identified during its evaluation of Claude Mythos Preview, highlighting how AI assisted security testing could accelerate vulnerability discovery in major software products.
Anthropic said it also scanned more than 1,000 open source projects using Mythos Preview. That process identified 23,019 estimated vulnerabilities, including 6,202 estimated high or critical severity issues. The findings point to the scale of risk within widely used open source infrastructure, much of which underpins modern software systems.
The UK’s AI Security Institute has also evaluated Mythos Preview, with Anthropic reporting that the model was the first to solve both of the institute’s cyber ranges end to end. That result adds to growing evidence that frontier AI models are becoming increasingly capable in specialised cybersecurity tasks.
For defenders, Project Glasswing presents both opportunity and pressure. The opportunity lies in using AI to harden code, protect essential systems and reduce the number of exploitable flaws before they are weaponised. The pressure comes from the pace of discovery. Finding thousands of vulnerabilities is only useful if organisations have the people, processes and skills to triage, patch and monitor them.
The development also reinforces a broader warning for businesses and individuals: cybersecurity is entering a faster and more complex era. As AI changes how vulnerabilities are found, defenders will need to move just as quickly to understand threats, secure systems and respond effectively.
That makes cybersecurity education more important than ever. Readers who want to strengthen their digital defence skills can take action by enrolling in The Hack Academy’s online training programme. With AI reshaping the threat landscape, practical knowledge is no longer optional. It is one of the most powerful tools individuals and organisations have to stay ahead.
Photo Credit: DepositPhotos.com