- Anthropic says its Project Glasswing, a cybersecurity initiative powered by its unreleased Claude Mythos Preview model, found over 10,000 high- and critical-severity vulnerabilities in major software systems in just a month.
- The announcement included news of partnerships with major firms like Cloudflare, Mozilla, Google, Microsoft, Apple, and Cisco.
- Anthropic claims Project Glasswing shows that advanced AI can now spot software flaws at a scale we haven’t seen before but they’re also warning that if these tools become public, the same power could be used for harmful cyberattacks.
Claude Mythos Preview can now automatically discover vulnerabilities on a level previous AI systems couldn’t match. The goal is to help security teams catch serious software weaknesses before cybercriminals find and use them.
Anthropic’s report suggests the real problem for cybersecurity isn’t just finding vulnerabilities anymore. Now, organizations have to race to confirm, prioritize, and fix the huge volume of issues these advanced AIs can reveal. But another big deal is Anthropic’s decision not to release the new model to the public, specifically to avoid fueling cybercrime.
How Anthropic’s Project Glasswing Identified more than 10,000 Critical Vulnerabilities
Last month we launched Project Glasswing, our collaborative AI cybersecurity initiative. Since then, we and our partners have found more than ten thousand high- or critical-severity vulnerabilities in essential software.
— Anthropic (@AnthropicAI) May 22, 2026
According to Anthropic, Project Glasswing uncovered more than 10,000 high- or critical-severity bugs in its first month. Their systems scanned over 1,000 open-source projects, spotting more than 23,000 possible vulnerabilities, 6,202 of those ranked high or critical.
Cloudflare reportedly used Project Glasswing to uncover 2,000 vulnerabilities, including around 400 that were high or critical. Mozilla also got involved, and Anthropic says Mythos Preview identified more issues in the Firefox browser than earlier versions of their Claude models.
Another key finding was that the AI spotted a flaw in wolfSSL, which could have allowed forged certificates for fake banking and email sites. Anthropic says that the vulnerability was fixed before it became public.
The UK AI Security Institute also contributed. According to Anthropic, Mythos Preview became the first AI to complete both of the institute’s end-to-end cyberattack simulation tests. While they held back some technical details, this fueled even more discussion about how far AI might go on the offensive cybersecurity front.
Why Anthropic is Warning about AI Misuse and Cybersecurity Overload
Project Glasswing’s bold claims have raised plenty of skepticism in the cybersecurity community. Anthropic admits that open-source maintainers are already struggling to keep up with the flood of AI-generated reports from the project.
Some maintainers even asked for slower disclosure timelines, saying they didn’t have the resources to review and confirm all the findings. Developers and researchers are also asking how many of these reported vulnerabilities could truly be exploited in comparison to those that sound scary but aren’t much of a real threat.
Anthropic calls this a “dual-use” challenge: the same AI tools that help defenders could, if released into the wild, give cybercriminals dangerous new powers. For now, they’re keeping Claude Mythos Preview locked down rather than letting it loose like a public AI chatbot.
Also read: The Rise of Claude Mythos: What AI Enthusiasts Need to Know
Wrapping Up
Project Glasswing stands out as one of the most aggressive claims yet about AI’s potential to reshape cybersecurity. By reporting over 10,000 major vulnerabilities found in a month, Anthropic sends a clear signal that advanced AI could change how the world manages software security. At the same time, keeping the model private reflects serious concern about offensive cyber threats. Whether Anthropic’s results prove sustainable or exaggerated, the announcement already has governments, tech companies, and security researchers thinking hard about how to prepare for an era where AI drives cyber operations.
