TL;DR
Anthropic’s Glasswing project found more than 10,000 critical flaws in 1,000 open source projects in one month. Only 97 have been patched.
Anthropic revealed on Friday that Project Glasswing, its restricted cybersecurity initiative, has discovered more than 10,000 vulnerabilities of high or critical severity candidates in some of the world’s most systemically important software since the program went live a month ago. Of them, 1,726 have been validated as true positives. 1,094 are confirmed high or critical severity failures. Only 97 have been patched.
The gap between those numbers is the story. Anthropic’s Claude Mythos Preview, a frontier model with specialized capabilities for finding vulnerabilities in source code, can identify flaws at a rate that the open source ecosystem cannot absorb. The 6,202 high or critical severity candidates affect more than 1,000 open source projects. Eighty-eight notices have been issued. The discovery rate is orders of magnitude faster than the remediation rate.
“The relative ease of finding vulnerabilities compared to the difficulty of fixing them represents a significant challenge for cybersecurity.“Anthropic acknowledged. The company is urging software developers to shorten patch cycles and make security fixes available as quickly as possible. Oracle has already moved from quarterly to monthly patch releases to address the acceleration. Microsoft has warned that the number of monthly patches it expects to release”continue with a bigger trend for some time.“
The 💜 of EU technology
The latest rumors from the EU tech scene, a story from our wise founder Boris and some questionable AI art. It’s free, every week, in your inbox. Register now!
The most notable finding so far is a critical flaw in WolfSSL (CVE-2026-5194, CVSS score 9.1), a widely used integrated TLS library, which could allow an attacker to spoof certificates and impersonate a legitimate service. WolfSSL is deployed in IoT devices, automotive systems, and industrial control environments where a certificate spoofing vulnerability has consequences far beyond conventional web security.
Glasswing operates through a limited partnership model. Approximately 50 organizations, described by Anthropic as the most systemically important cyber defenders, have access to Claude Mythos Preview. The model has not been released to the general public. XBOW, an autonomous offensive security platform, described Mythos Preview as “an important advance” that is “Substantially better than previous models at finding vulnerable candidates” and “expert at analyzing source code with a security mindset.Cloudflare’s analysis found that the model excels at turning individual vulnerabilities into end-to-end attack chains, a capability that is as useful to defenders creating threat models as it is dangerous in the wrong hands.
Defensive applications go beyond vulnerability discovery. In one case, a Glasswing partner bank used Claude Mythos to detect and prevent a $1.5 million fraudulent wire transfer after an attacker breached a customer’s email account and made spoof phone calls. The model identified the fraud pattern before the transfer was executed. The use case illustrates Anthropic’s argument that frontier AI models can provide asymmetric advantages to defenders, but only if access is restricted to organizations with the maturity to use them responsibly.
The timing coincides with a broader acceleration in AI-related security disclosures. The Cyera Claw Chain vulnerabilities in OpenClaw, revealed earlier this month, demonstrated how attackers can weaponize an AI agent’s own sandbox privileges. Koi Security audit of ClawHub found 341 malicious entries among the 2,857 AI agent skills available. The pattern is consistent: AI simultaneously creates new attack surfaces and provides more powerful tools to find flaws in existing ones. The question is which side of the equation moves faster.
Anthropic has launched a cyber verification program that allows vetted security professionals to use Claude without security barriers for legitimate purposes, including vulnerability research, penetration testing and red teaming. OpenAI has introduced a parallel program called Daybreak, which provides similar access to GPT-5.5-Cyber. Neither Mythos Preview nor GPT-5.5-Cyber ​​have been released to the general public due to concerns that adequate safeguards are not yet in place to prevent large-scale misuse.
The competitive dynamic between Anthropic and OpenAI in the cybersecurity space is intensifying. Both companies are positioning their border models as essential infrastructure for national and corporate cyber defense, while restricting access to prevent the same capabilities from being used offensively. The dual-use nature of the technology creates a policy challenge that neither company has fully resolved: If models with Mythos-level capabilities become widely available, as Anthropic itself acknowledges is likely in the near future, the current model of restricting access to 50 trusted partners will not stand.
Publicly available Claude models from Anthropic They are already among the most capable coding assistants on the market. The gap between what Mythos can do and what Claude can do for the public is narrowing with each release. Anthropic encourages organizations to prepare for a world where these capabilities are widely accessible by hardening network configurations, enforcing multi-factor authentication, and maintaining comprehensive logs for detection and response.
Ten thousand vulnerability candidates in a month from 50 partners using a model. The software ecosystem now has a tool that can find bugs faster than developers can fix them. That is both the promise and the problem. Anthropic considers Glasswing to be an asymmetric advantage for defenders. It is. But asymmetric advantages tend to be temporary, and the clock is already ticking on this one.
