Anthropic’s Project Glasswing Uncovers 10,000 Major Software Vulnerabilities in 1 Month Using ‘Mythos’ AI Model

Anthropic has released its inaugural update on Project Glasswing, a security-focused initiative that has successfully identified more than 10,000 high- or critical-severity software vulnerabilities in just 30 days. Utilising its powerful, restricted AI model, Mythos Preview, the project has demonstrated an unprecedented ability to surface deep-seated code errors across some of the most critical software infrastructure globally. While the findings represent a major leap forward for digital defence, the scale of discovery has also highlighted a significant bottleneck in the software industry: the capacity of human engineering teams to verify and patch such a massive volume of flaws.

Increased Scale of Bug-Hunting

Under the umbrella of Project Glasswing, Anthropic granted limited access to the Mythos Preview model to approximately 50 handpicked partners, including major tech firms and independent research organisations. During the trial, the AI model was deployed to scan over 1,000 open-source software projects, flagging more than 6,000 potential high- or critical-severity vulnerabilities. Independent security firms verified a subset of these findings, reporting an impressive 90.6 per cent accuracy rate, with 62.4 per cent confirmed as genuine high-risk threats. Google Says It Disrupted an AI-driven Effort to Exploit a Software Bug.

Real-world implementation by corporate partners has further showcased the model's disruptive capabilities. Cloudflare, one of the project's key partners, reported uncovering approximately 2,000 software bugs, 400 of which were classified as high- or critical-severity. Mozilla similarly utilised the model to inspect its web browser code, successfully identifying and fixing 271 vulnerabilities in Firefox 150. These results indicate that Mythos is vastly more effective at hunting deep-seated code errors than previous generations of AI models.

The Cybersecurity Bottleneck

Despite these advancements, Anthropic warned that the industry remains unprepared for an era where AI can generate thousands of security reports in seconds. The traditional cybersecurity paradigm is undergoing a fundamental shift: the difficulty is no longer in finding bugs, but in the limited capacity of human engineers to process, verify, and deploy patches. Anthropic observed that while AI finds vulnerabilities at an accelerated pace, there often remains a significant lag before those fixes reach end users.

The report highlights that without a massive structural overhaul in how software maintenance teams operate, the sheer volume of automated findings risks overwhelming IT departments. The company is now urging software developers to significantly shorten their patch cycles and improve update deployment mechanisms to ensure that these newly discovered flaws are remediated before they can be exploited by malicious actors. CVE-2026-2441: Google Chrome Gets Latest Security Update, Fixes Highly Vulnerable Zero-Day Flaw Exploited by Hackers; Check More Details.

Future Outlook for Mythos-Class Models

Anthropic currently maintains a policy of restricted access for Mythos-class models, noting that no company has yet developed safeguards robust enough to prevent their potential misuse on a large scale. The AI startup intends to work with the United States and allied governments to expand access for security professionals, but it has no plans for a public release until adequate safety measures are in place. As the technology continues to mature, Anthropic’s findings underscore the urgent necessity for the software industry to shore up its defences against an increasingly automated threat landscape.

(The above story first appeared on LatestLY on May 23, 2026 08:51 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).