Anthropic's Project Glasswing Finds 'More Than 10,000' Critical Bugs, Expands To Additional Partners

Anthropic shared a sweeping update on Project Glasswing, saying its artificial intelligence-assisted security testing effort has already uncovered "more than 10,000 high-or critical-severity vulnerabilities" across widely used software systems.

Anthropic has been working with roughly 50 partner organizations in a security-focused collaboration called Project Glasswing. The bottleneck is no longer finding vulnerabilities, but handling the human workload required to verify issues, coordinate disclosures with maintainers and deploy patches, the company said in a press release. 

Mythos Preview scanned more than 1,000 open-source projects in the past several months, finding what it estimates are 6,202 high- or critical-severity vulnerabilities in these projects; 1,752 of those high- or critical-severity findings have since been reviewed either by six independent security research firms or, in limited cases, by Anthropic itself. Of the reviewed issues, the company said 90.6% were confirmed as legitimate vulnerabilities and 62.4% were validated as high or critical severity, the company stated.

Read Also: General Catalyst, Redpoint Fuel Modal's AI Infrastructure Push With $355 Million Raise

Several partner organizations reported that they saw an increase in bug discovery rates after integrating AI into their testing workflows, with some seeing gains of more than 10 times.

The company cited results from Cloudflare, which said internal testing uncovered roughly 2,000 bugs, including 400 classified as high or critical severity, while producing fewer false positives than conventional human-led testing.

Mozilla also identified and fixed 271 vulnerabilities in Firefox 150 during testing with Mythos Preview, a result the company contrasted with earlier runs using Claude Opus 4.6, stating that this new model is more effective.

Anthropic noted that its Mythos Preview was even able to detect and prevent a fraudulent $1.5 million wire transfer after a threat actor compromised a customer's email account and made spoof phone calls.

The company plans to publish a more detailed technical analysis of the vulnerability in the coming weeks.

"There is a clear need for a larger effort across the software industry to manage the volume of findings that these models will generate. Currently, there's often a long lag between the discovery of a vulnerability, the creation of a patch for it, and the time when the patch is widely deployed by end users," the company wrote.

Anthropic also noted that it plans to work with “critical partners,” including the U.S. and allied governments, to expand Project Glasswing to additional partners.

"In the near future, once we've developed the far stronger safeguards we need, we look forward to making Mythos-class models available through a general release," the company said.

Photo: Shutterstock

Read Also: OpenAI's Top-Safety Expert Departs Company: 'Not An Easy Decision'

This page is machine-translated. Sahm tries to improve but does not guarantee the accuracy and reliability of the translation, and will not be liable for any loss or damage caused by any inaccuracy or omission of the translation. *Disclaimer: The above content only represents the author's personal position and opinion and does not represent any position of Sahm Capital Financial Company and Sahm cannot confirm the authenticity, accuracy, and originality of the above content. Investors should consider the risks of investment products in light of their circumstances before making any investment decisions. When necessary, please consult a professional investment advisor. Sahm does not provide any investment advice, nor does it make any commitments and guarantees.