Anthropic's Project Glasswing Finds 10,000+ Critical Vulnerabilities Using AI

Project Glasswing — What Is It?

Anthropic launched Project Glasswing last month as a collaborative effort to secure the world's most critical software before increasingly capable AI models can be weaponized against it. The project deploys Claude Mythos Preview — a specialized AI model tuned for security research — across approximately 50 partner organizations that build fundamental internet infrastructure.

After just one month, the results are staggering: partners have collectively found more than 10,000 high- or critical-severity vulnerabilities. Cloudflare alone discovered 2,000 bugs across their critical-path systems, with a false positive rate that their team considers better than human testers.

Why This Changes Cybersecurity Forever

The scale of discovery is what makes this breakthrough remarkable. Several partners report their bug-finding rate increased by more than 10x compared to traditional methods. The bottleneck has shifted from finding vulnerabilities to verifying, disclosing, and patching them fast enough.

This represents a fundamental shift in cybersecurity economics. Previously, defensive teams were always outnumbered — attackers had time and patience on their side. Now AI can scan vast codebases at machine speed, leveling the playing field for defenders.

Anthropic is now making some security tools available to qualifying customers, including skills, a Claude harness, and a threat model builder.

What This Means for Software Teams

If you build software, expect a new normal where AI-powered scanners continuously probe your code for weaknesses. The 90-day coordinated disclosure convention still applies, but the volume of findings will push teams toward faster patching cycles. Companies that invest in automated vulnerability remediation workflows will have a significant advantage.

Common Questions (FAQ)

Q1: Is Mythos Preview available to the public? A1: Not yet. It's currently limited to Project Glasswing partners, though Anthropic plans broader releases in the future.

Q2: How accurate is AI vulnerability detection? A2: Cloudflare reports a false positive rate better than human testers, though Anthropic acknowledges disclosed vulnerabilities remain a lagging indicator.

Q3: Should security teams be worried or excited? A3: Both. AI massively accelerates bug finding for defenders, but the same technology could be used by attackers. The race is on.

Stay ahead of the AI curve. Follow @AiForSuccess for daily insights.