{"id":97419,"date":"2026-05-25T11:52:37","date_gmt":"2026-05-25T08:52:37","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=97419"},"modified":"2026-05-25T11:55:10","modified_gmt":"2026-05-25T08:55:10","slug":"anthropic-reveals-10000-critical-vulnerabilities-in-project-glasswings-initial-report","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/anthropic-reveals-10000-critical-vulnerabilities-in-project-glasswings-initial-report\/","title":{"rendered":"Anthropic Reveals 10,000 Critical Vulnerabilities in Project Glasswing&#8217;s Initial Report"},"content":{"rendered":"<p>Anthropic has <a href=\"https:\/\/www.anthropic.com\/research\/glasswing-initial-update\">released<\/a> the initial report on Project Glasswing, a vulnerability detection program using the Claude Mythos model.<\/p>\n<p>In a month, approximately 50 partners identified over 10,000 high and critical security issues. The company stated that the bottleneck was not the speed of detection but the verification and release of patches.<\/p>\n<p>The neural network scanned more than 1,000 open-source projects and discovered 23,019 vulnerabilities of all levels. Of these, 6,202 were initially classified by the system as &#8220;high&#8221; or &#8220;critical.&#8221; Upon further review, 90.6% of the findings were confirmed, including 62.4% as requiring urgent intervention.<\/p>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/forklog.com\/wp-content\/uploads\/img-ce807fcc1db6294b-5300366640474467.webp\" alt=\"image\" class=\"wp-image-280427\"\/><figcaption class=\"wp-element-caption\">Open-source software vulnerability monitoring dashboard. It displays issues of all severity levels, not just those rated as &#8220;high&#8221; or &#8220;critical&#8221; by the system. Source: Anthropic.<\/figcaption><\/figure>\n<p>The company disclosed 530 significant bugs to developers, with another 827 set for publication. Seventy-five have been fixed, and recommendations have been issued for 65. On average, closing a serious gap takes about two weeks.<\/p>\n<p>Among the public cases is a vulnerability in the wolfSSL library (CVE-2026-5194). According to the company, the model was able to construct an attack to forge certificates.<\/p>\n<p>Mozilla reported fixing 271 bugs in Firefox 150 after testing Mythos. Cloudflare discovered around 2,000 gaps, including 400 with &#8220;high&#8221; and &#8220;critical&#8221; status.<\/p>\n<p>Anthropic stated that it does not plan a public release of the model until stronger protective mechanisms are in place and intends to expand Project Glasswing, including collaboration with the US government and allies.<\/p>\n<p>Back in April, the firm <a href=\"https:\/\/forklog.com\/en\/news\/anthropic-restricts-public-access-to-ai-model-mythos-after-laboratory-escape\">decided against releasing<\/a> Mythos to the public due to high security risks.<\/p>\n<p>The neural network is <a href=\"https:\/\/forklog.com\/en\/news\/nsa-utilizes-anthropics-mythos-model-amid-pentagon-dispute\">used<\/a> by the US National Security Agency, among others.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Anthropic has released the initial report on Project Glasswing, a vulnerability detection program using the Claude Mythos model.<\/p>\n","protected":false},"author":1,"featured_media":97420,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"Anthropic's initial report on Project Glasswing reveals over 10,000 critical vulnerabilities.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1434,438,1111],"class_list":["post-97419","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-anthropic","tag-artificial-intelligence","tag-cybersecurity"],"aioseo_notices":[],"amp_enabled":true,"views":"18","promo_type":"1","layout_type":"1","short_excerpt":"Anthropic's initial report on Project Glasswing reveals over 10,000 critical vulnerabilities.","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/97419","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=97419"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/97419\/revisions"}],"predecessor-version":[{"id":97421,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/97419\/revisions\/97421"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/97420"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=97419"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=97419"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=97419"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}