Project Glasswing, one month later: Mythos finds vulnerabilities faster than they can be fixed
Last Friday, Anthropic published the first official update on Project Glasswing, the defensive cybersecurity initiative launched in April with a consortium of big tech companies. In one month, about 50 partners have used Claude Mythos Preview to identify over 10,000 vulnerabilities classified as high or critical in the software that underpins much of the global digital infrastructure.
Cloudflare, one of the partners that has published its own numbers, reports 2,000 bugs found in critical systems, including 400 high or critical, with a false positive rate that its team considers better than that of human testers. Mozilla identified and fixed 271 vulnerabilities in Firefox 150, over ten times what it found in Firefox 148 with Claude Opus 4.6. Palo Alto Networks released a patch package five times larger than usual, while Microsoft warned that its Patch Tuesday will remain bulkier than normal for quite some time.
Finding vulnerabilities is no longer the bottleneck. Anthropic itself has reviewed over 1,000 open source projects that support much of the internet. Mythos Preview identified a total of 23,019 vulnerabilities, of which 6,202 are estimated as high or critical. From a sample of 1,752 of these, evaluated by six independent security companies, 90.6% (1,587) were true positives, and 62.4% (1,094) were confirmed as high or critical. Extrapolating the current rates, the company estimates that the program will lead to about 3,900 confirmed high/critical vulnerabilities within the open source perimeter alone.
The issue now shifts to the actual ability to respond quickly with the issuance of patches: out of 530 communicated high/critical vulnerabilities to maintainers, only 75 have been actually patched, with 65 public advisories. A patch for a high or critical bug takes an average of two weeks, and several maintainers have asked Anthropic to slow down the pace of communications because they are overwhelmed by the volume. There’s also the issue of quality: maintainers have long reported receiving low-quality bug reports generated by AI, and they must distinguish real signals from noise. Even with the 90% true positive rate achieved by Mythos, the volume of findings overwhelms triaging and patching resources, which fall on the few developers who maintain libraries used by billions of devices.
wolfSSL and Out-of-Perimeter Uses
An emblematic case is CVE-2026-5194, a vulnerability in the open-source cryptography library wolfSSL, used in billions of devices across IoT, automotive, and industrial infrastructures. Mythos Preview built a working exploit that allows the manufacturing of TLS certificates, enabling an attacker to host a fake website for a bank or email provider without the user's browser showing any warnings. The patch (version 5.9.1) has been available since early April, but the problem remains for legacy devices that are no longer supported.
The model's capabilities have also manifested outside the Glasswing perimeter: in recent weeks, an independent research company published an exploit for the macOS kernel utilizing Mythos, in a case not included in the official report. On yet another front, at a partner bank of Glasswing, the model identified an attempted fraudulent transfer of $1.5 million orchestrated after the compromise of a customer's email.
Anthropic confirms that it does not intend to release Mythos to the public immediately and reiterates that no company (including itself) has developed protections sufficient to prevent hostile use. However, it has opened Claude Security in public beta for Enterprise customers, which has already helped patch over 2,100 vulnerabilities in three weeks with Claude Opus 4.7. It launched a Cyber Verification Program for legitimate security researchers and makes available to qualified customers the same tools used by Glasswing partners: skills, scanning harness, threat model builder. The next phase of Glasswing involves extending to the U.S. government and allies. Mythos-class models will only reach the public when Anthropic deems the protections adequate.