2026-05-22 · Anthropic

Project Glasswing: An initial update — 10,000+ critical vulnerabilities in one month

securitymodelsmedia

read at source ↗ www.anthropic.com

Project Glasswing: An initial update — 10,000+ critical vulnerabilities in one month

Source: Anthropic Date: 2026-05-22 URL: https://www.anthropic.com/research/glasswing-initial-update

Summary

Anthropic published the first operational data from Project Glasswing. Claude Mythos Preview, deployed to ~50 trusted partners, discovered over 10,000 high- or critical-severity vulnerabilities across partner software in its first month. Independently, Anthropic scanned 1,000+ open-source projects and found 6,202 high/critical vulnerabilities. Of 1,752 vulnerabilities assessed by third-party security firms, 1,587 (90.6%) were confirmed valid, with 1,094 (62.4%) confirmed high or critical severity. Key partner results: Cloudflare found 2,000 bugs (400 high/critical) with lower false-positive rates than human testers; Mozilla identified 271 vulnerabilities in Firefox 150, a 10x improvement over Claude Opus 4.6’s results on Firefox 148; a bank partner prevented a fraudulent $1.5M wire transfer.

Implications

  • Mythos capability substantiated with concrete data. Amodei’s “moment of danger” claim (May 5, “tens of thousands of vulnerabilities”) is now backed by validated numbers: 10,000+ high/critical across partners, 90.6% third-party confirmation rate. The 10x improvement over Opus 4.6 on Firefox quantifies the capability gap between current and Mythos-class models.
  • Patching bottleneck is the new constraint. Only 75 of 530 disclosed open-source vulnerabilities patched in the first month; 65 received public advisories. Average patch time: two weeks per high/critical bug. Open-source maintainers asked Anthropic to slow disclosure pace. The problem shifted from finding to fixing.
  • Two-tier security landscape emerging. Enterprise (with Claude Security) patched 2,100+ vulnerabilities in three weeks. Open-source: 75/530. The tool that finds the bugs is also the tool that patches them — but only for paying customers.
  • General release deferred indefinitely. “No company has developed safeguards strong enough to prevent such models from being misused.” Mythos-class models remain restricted to trusted partners. Feeds the Mythos/Glasswing thread, enterprise battleground thread, and IPO staging narrative (transparency as credibility).
  • Feeds threads: Mythos/Glasswing, Claude Code security surface, enterprise deployment battleground, token economics (Claude Security as revenue driver), Anthropic distribution machine.

← all signals