Anthropic's Project Glasswing, a collaborative AI-powered cybersecurity initiative, has found over 10,000 high- or critical-severity vulnerabilities across critical software infrastructure in its first month. Using Claude Mythos Preview (an unreleased frontier model), roughly 50 partners including Cloudflare and Mozilla have dramatically accelerated bug discovery — Cloudflare alone found 2,000 bugs with a false positive rate better than human testers, and Mozilla found 271 vulnerabilities in Firefox 150, ten times more than with a previous Claude model. Anthropic has also scanned 1,000+ open-source projects, identifying an estimated 6,202 high/critical vulnerabilities, with 90.6% true-positive rate after independent triage. The key bottleneck has shifted from finding bugs to triaging, disclosing, and patching them — open-source maintainers are already overwhelmed. Anthropic is releasing Claude Security (public beta), a Cyber Verification Program, and scanning tooling to help defenders act now. Mythos-class models remain unreleased publicly due to misuse risks, but Anthropic plans broader release once stronger safeguards are developed.
Table of contents
Our early resultsOpen-source softwareAdapting to a new phase of cybersecuritySupporting the ecosystemWhat's next for Project GlasswingSort: