Anthropic Reveals 10,000 Critical Vulnerabilities in Project Glasswing’s Initial Report

Anthropic's initial report on Project Glasswing reveals over 10,000 critical vulnerabilities.

Anthropic has released the initial report on Project Glasswing, a vulnerability detection program using the Claude Mythos model.

In a month, approximately 50 partners identified over 10,000 high and critical security issues. The company stated that the bottleneck was not the speed of detection but the verification and release of patches.

The neural network scanned more than 1,000 open-source projects and discovered 23,019 vulnerabilities of all levels. Of these, 6,202 were initially classified by the system as “high” or “critical.” Upon further review, 90.6% of the findings were confirmed, including 62.4% as requiring urgent intervention.

The company disclosed 530 significant bugs to developers, with another 827 set for publication. Seventy-five have been fixed, and recommendations have been issued for 65. On average, closing a serious gap takes about two weeks.

Among the public cases is a vulnerability in the wolfSSL library (CVE-2026-5194). According to the company, the model was able to construct an attack to forge certificates.

Mozilla reported fixing 271 bugs in Firefox 150 after testing Mythos. Cloudflare discovered around 2,000 gaps, including 400 with “high” and “critical” status.

Anthropic stated that it does not plan a public release of the model until stronger protective mechanisms are in place and intends to expand Project Glasswing, including collaboration with the US government and allies.

Back in April, the firm decided against releasing Mythos to the public due to high security risks.

The neural network is used by the US National Security Agency, among others.