TL;DR
Anthropic’s Glasswing project found 10,000+ critical flaws across 1,000 open-source projects in a month. Only 97 have been patched.
Anthropic disclosed on Friday that Project Glasswing, its restricted cybersecurity initiative, has uncovered more than 10,000 high- or critical-severity vulnerability candidates across some of the most systemically important software in the world since the programme went live one month ago. Of those, 1,726 have been validated as true positives. 1,094 are confirmed high- or critical-severity flaws. Only 97 have been patched.
The gap between those numbers is the story. Anthropic’s Claude Mythos Preview, a frontier model with specialised capabilities for finding vulnerabilities in source code, can identify flaws at a pace that the open-source ecosystem cannot absorb. The 6,202 high- or critical-severity candidates affect more than 1,000 open-source projects. Eighty-eight advisories have been issued. The rate of discovery is orders of magnitude faster than the rate of remediation.
“The relative ease of finding vulnerabilities compared with the difficulty of fixing them amounts to a major challenge for cybersecurity,” Anthropic acknowledged. The company is urging software developers to shorten patch cycles and make security fixes available as quickly as possible. Oracle has already shifted from quarterly to monthly patch releases to address the acceleration. Microsoft has warned that the number of monthly patches it expects to release will “continue trending larger for some time.”
The 💜 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!
The most notable finding so far is a critical flaw in WolfSSL (CVE-2026-5194, CVSS score 9.1), a widely used embedded TLS library, that could allow an attacker to forge certificates and impersonate a legitimate service. WolfSSL is deployed across IoT devices, automotive systems, and industrial control environments where a certificate forgery vulnerability carries consequences well beyond conventional web security.
Glasswing operates through a restricted partnership model. Approximately 50 organisations, described by Anthropic as the most systemically important cyber defenders, have access to Claude Mythos Preview. The model has not been released to the general public. XBOW, an autonomous offensive security platform, described Mythos Preview as “a major advance” that is “substantially better than prior models at finding vulnerability candidates” and “adept at analysing source code with a security mindset.” Cloudflare’s analysis found the model excels at turning individual vulnerabilities into end-to-end attack chains, a capability that is as useful for defenders building threat models as it is dangerous in the wrong hands.
The defensive applications extend beyond vulnerability discovery. In one case, a Glasswing partner bank used Claude Mythos to detect and prevent a fraudulent $1.5 million wire transfer after an attacker breached a customer’s email account and made spoof phone calls. The model identified the fraud pattern before the transfer was executed. The use case illustrates Anthropic’s argument that frontier AI models can provide asymmetric advantages to defenders, but only if access is restricted to organisations with the maturity to use them responsibly.
The timing aligns with a broader acceleration in AI-related security disclosures. Cyera’s Claw Chain vulnerabilities in OpenClaw, disclosed earlier this month, demonstrated how attackers can weaponise an AI agent’s own sandbox privileges. Koi Security’s audit of ClawHub found 341 malicious entries among 2,857 available AI agent skills. The pattern is consistent: AI is simultaneously creating new attack surfaces and providing more powerful tools to find flaws in existing ones. The question is which side of the equation moves faster.
Anthropic has launched a Cyber Verification Program that allows vetted security professionals to use Claude without guardrails for legitimate purposes including vulnerability research, penetration testing, and red teaming. OpenAI has introduced a parallel programme called Daybreak, which provides similar access to GPT-5.5-Cyber. Neither Mythos Preview nor GPT-5.5-Cyber has been released to the general public due to concerns that adequate safeguards to prevent large-scale misuse do not yet exist.
The competitive dynamic between Anthropic and OpenAI in the cybersecurity space is intensifying. Both companies are positioning their frontier models as essential infrastructure for national and corporate cyber defence, while simultaneously restricting access to prevent the same capabilities from being used offensively. The dual-use nature of the technology creates a policy challenge that neither company has fully resolved: if models with Mythos-level capabilities become broadly available, as Anthropic itself acknowledges is likely in the near future, the current model of restricting access to 50 trusted partners will not hold.
Anthropic’s publicly available Claude models are already among the most capable coding assistants on the market. The gap between what Mythos can do and what the public-facing Claude can do is narrowing with each release. Anthropic is urging organisations to prepare for a world in which these capabilities are widely accessible by hardening network configurations, enforcing multi-factor authentication, and maintaining comprehensive logs for detection and response.
Ten thousand vulnerability candidates in one month from 50 partners using one model. The software ecosystem now has a tool that can find flaws faster than developers can fix them. That is both the promise and the problem. Anthropic calls Glasswing an asymmetric advantage for defenders. It is. But asymmetric advantages tend to be temporary, and the clock on this one is already running.
Stephan is the sports journalist for the Maple Grove Report.
