This means organizations that still treat patching as a quarterly exercise are operating with materially more risk than they were even a short time ago, says an analyst.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

Anthropic's Project Glasswing, powered by Claude Mythos Preview, has uncovered an estimated 10,000 critical or high-severity vulnerabilities across 1,000+ open-source projects in just a few months. Of 1,752 independently reviewed findings, 90.6% were confirmed valid and 62.4% rated high or critical severity. The initiative highlights a growing asymmetry: AI dramatically lowers the cost of finding vulnerabilities while patching remains slow and human-bound. Open-source maintainers are overwhelmed by the volume of disclosures, with some asking Anthropic to slow down. Security analysts note the bottleneck has shifted from discovery to remediation, and organizations still on quarterly patch cycles face materially higher risk. Questions remain about compute costs and the true positive rate across all findings.

Project Glasswing has uncovered 10,000 vulnerabilities: Anthropic