Last month we launched Project Glasswing, our collaborative AI cybersecurity initiative. Since then, we and our partners have found more than ten thousand high- or critical-severity vulnerabilities in essential software.
Anthropic Finds 10,000 Critical Vulnerabilities and Releases New Defensive AI Tools
Anthropic· Updated
Anthropic's Project Glasswing initiative identified over 10,000 high-severity vulnerabilities in critical software using the unreleased Claude Mythos Preview model. The results suggest that AI has shifted the cybersecurity bottleneck from vulnerability discovery to the human capacity for patching.
Claude Mythos Preview model to secure critical infrastructure. In one month, partners identified over 10,000 high-severity vulnerabilities. This follows the Claude Mythos Preview launch which restricted access due to autonomous cyberattack risks.- Vulnerabilities found (Partners)
- 10,000+
- Vulnerabilities found (Open Source)
- 6,202
- Mozilla Firefox bug detection
- 10x increase vs Opus 4.6
- Open-source true positive rate
- 90.6%
- Availability
- Claude Security (Enterprise Beta)
The findings indicate that AI-driven offense is fundamentally breaking traditional security cycles. While Mozilla used the model to find 10x more bugs in Firefox than previous versions, the industry is struggling to keep pace. This validates Cloudflare's analysis that reactive patching is becoming obsolete as AI shrinks exploit timelines.
To support defenders, Anthropic moved Claude Security into public beta for enterprise customers and released the specific skills (custom instructions for repeated work) used by Glasswing partners. Qualifying security teams can request access to threat model builders and subagents to automate their internal vulnerability research and patching workflows.
Still wondering? A few quick answers below.
Every HeadsUpAI update is written based on its original source and reviewed before it's published. Read our editorial standards →



