Anthropic's Project Glasswing Discovers 10,000+ Critical Vulnerabilities in Essential Software Using Claude Mythos Preview
Key Takeaways
- ▸Claude Mythos Preview discovered 10,000+ high- and critical-severity vulnerabilities in essential software through Project Glasswing's collaborative initiative with ~50 partners
- ▸Partner detection rates increased by more than 10x compared to previous AI models—Cloudflare found 2,000 bugs, Mozilla found 271 in Firefox 150 alone
- ▸The bottleneck in software security has shifted from finding vulnerabilities to patching them, requiring industry-wide adaptation to AI-accelerated discovery rates
Summary
Anthropic has published its initial progress update on Project Glasswing, a collaborative cybersecurity initiative launched last month to identify and remediate vulnerabilities in critical software before AI models can be weaponized against it. Working with approximately 50 partners, Anthropic used Claude Mythos Preview to discover more than 10,000 high- or critical-severity vulnerabilities across essential infrastructure software. Key partners including Cloudflare (2,000 bugs discovered), Mozilla (271 vulnerabilities in Firefox 150), and others have each found hundreds of critical vulnerabilities, with reported detection rates more than ten times higher than previous AI model capabilities.
The initiative has revealed a fundamental shift in software security: the bottleneck has moved from vulnerability discovery to verification, disclosure, and patching. Coordinated vulnerability disclosure practices typically allow 45-90 days for patches, but AI-powered discovery is now outpacing the industry's patching capacity. External validation comes from multiple sources, including the UK's AI Security Institute (which reports Mythos Preview is the first model to solve both cyber ranges end-to-end), Mozilla's extensive testing, and independent security platforms XBOW and academic benchmarks ExploitBench and ExploitGym, all confirming Mythos Preview's superior performance in identifying and exploiting security vulnerabilities.
Anthropic notes it cannot yet fully disclose specific vulnerabilities found by Mythos Preview without putting end users at risk, but commits to sharing detailed findings once patches are widely deployed. The initiative underscores both the accelerating capabilities of advanced AI models in cybersecurity and the urgent need for the software industry to adapt its vulnerability management practices to keep pace with AI-enabled discovery rates.
- External validation confirms Mythos Preview's superiority across multiple security benchmarks and real-world testing by major organizations and security institutes
