Anthropic says Mythos has already found more than 10,000 vulnerabilities through Project Glasswing

Project Glasswing

Anthropic says Claude Mythos Preview has helped partners uncover more than 10,000 high- or critical-severity vulnerabilities, signaling how quickly AI-assisted bug discovery is starting to overwhelm old patching assumptions.

# Anthropic says Mythos has already found more than 10,000 vulnerabilities through Project Glasswing

## Opening summary

Anthropic says its unreleased Claude Mythos Preview model has already helped partners find more than 10,000 high- or critical-severity vulnerabilities just a month after Project Glasswing launched, a claim that makes the bottleneck look less like bug discovery and more like human patch capacity.

## Main article

In its initial Project Glasswing update, Anthropic says most partners have each found hundreds of high- or critical-severity flaws with Mythos Preview, while Cloudflare alone has surfaced 2,000 bugs, including 400 rated high or critical. Anthropic also says it has used the model to scan more than 1,000 open-source projects and has already disclosed hundreds of serious issues to maintainers, with more still moving through triage and coordinated disclosure.

The significance is not just the raw number. Anthropic argues that software security used to be limited by how quickly researchers could discover vulnerabilities, but is now being constrained by how quickly teams can verify, disclose, and patch what AI systems uncover. Engadget’s coverage lands on the same point: the update reads less like a benchmark victory lap and more like a warning that the defensive workflow around patching is under pressure.

Microsoft’s latest Patch Tuesday note adds an important corroborating signal. The company says releases are likely to keep trending larger for some time, and explicitly ties part of that shift to broader AI-assisted discovery and validation workflows. Anthropic likewise says the security ecosystem is already showing strain, with some open-source maintainers asking it to slow disclosures because patch design and review capacity cannot keep up.

This is what makes the story distinct from Anthropic’s earlier Glasswing launch coverage. The question is no longer whether Mythos-class systems can help top-tier defenders find bugs. The fresh evidence suggests they can, at scale. The real operational challenge now is whether software vendors and open-source maintainers can absorb that discovery rate without turning vulnerability management into its own backlog crisis.

## Why it matters

AI-assisted security gets more consequential when it changes the tempo of real patching work, not just lab demos. Anthropic’s update matters because it suggests major defenders are entering a phase where triage and remediation capacity may become the limiting factor.

## Source notes

- Anthropic says Project Glasswing partners have collectively found more than 10,000 high- or critical-severity vulnerabilities in the first month. - The company says Mythos Preview has scanned more than 1,000 open-source projects and that hundreds of serious issues have already been disclosed to maintainers. - Microsoft says Patch Tuesday releases are likely to remain larger for some time as AI-assisted discovery and validation continue to scale.