HeadsUpAI

Anthropic Finds 10000 Critical Vulnerabilities and Releases New Defensive AI Tools

Anthropic shared the first progress report for Project Glasswing, a collaborative initiative using the unreleased Claude Mythos Preview model to secure critical infrastructure. In one month, partners identified over 10,000 high-severity vulnerabilities. This follows the Claude Mythos Preview launch which restricted access due to autonomous cyberattack risks.

The findings indicate that AI-driven offense is fundamentally breaking traditional security cycles. While Mozilla used the model to find 10x more bugs in Firefox than previous versions, the industry is struggling to keep pace. This validates Cloudflare's analysis that reactive patching is becoming obsolete as AI shrinks exploit timelines.

To support defenders, Anthropic moved Claude Security into public beta for enterprise customers and released the specific skills (custom instructions for repeated work) used by Glasswing partners. Qualifying security teams can request access to threat model builders and subagents to automate their internal vulnerability research and patching workflows.

View the full update on anthropic.com
Anthropic
Anthropic
@AnthropicAI
X

Last month we launched Project Glasswing, our collaborative AI cybersecurity initiative. Since then, we and our partners have found more than ten thousand high- or critical-severity vulnerabilities in essential software.

227retweets3.3klikes
View on X

Still wondering? A few quick answers below.

Project Glasswing is a collaborative cybersecurity initiative launched by Anthropic to secure critical software infrastructure. The program uses the unreleased Claude Mythos Preview model to identify and patch high-severity vulnerabilities in systemically important software, such as open-source projects and essential internet infrastructure, before frontier AI models can be used by attackers to exploit them.

Claude Mythos Preview is an unreleased frontier AI model from Anthropic with near-superhuman coding and reasoning capabilities. It is the first model to solve the UK AI Security Institute's cyber ranges end-to-end. Because it can autonomously find and exploit software vulnerabilities, Anthropic has restricted its access to defensive cybersecurity partners within Project Glasswing.

In its first month, Project Glasswing partners identified more than 10,000 high- or critical-severity vulnerabilities in essential software. Additionally, Anthropic used the model to scan over 1,000 open-source projects, discovering an estimated 6,202 high-severity flaws. The initiative has demonstrated that AI can find bugs at a rate ten times faster than previous methods.

No, Anthropic has not released Mythos-class models to the general public because current safeguards are insufficient to prevent misuse. Anthropic plans to release these models only after developing stronger safeguards and allowing the software industry time to adapt to the high volume of vulnerabilities that such capable AI models can autonomously discover and exploit.

Anthropic has released Claude Security in public beta for Enterprise customers to help teams scan and patch codebases. Qualifying security teams can also request access to the specific skills, harnesses, and threat model builders used in Project Glasswing. These tools help security professionals use models like Claude Opus 4.7 to automate vulnerability research and reporting.

Share this update