Anthropic says Project Glasswing surfaced 10,000+ high-severity bugs in a month
Cloudflare alone found 2,000 issues; Anthropic’s OSS scans show a 90.6% triaged true-positive rate and project nearly 3,900 high-or-critical bugs ahead.
By Ryan Merket · Published
Why it matters
AI is turning vulnerability discovery into a throughput problem for defenders. If models can find bugs faster than teams can triage and patch, security programs must scale verification, disclosure, and rollout. The pace and precision Anthropic reports will pressure vendors and open-source maintainers to upgrade their pipelines, and raises policy questions about how and when to release Mythos-class capabilities.

Anthropic said its Project Glasswing partners used the new Claude Mythos Preview model to surface more than 10,000 high- or critical-severity vulnerabilities in the first month of the effort, an acceleration that shifts the bottleneck from finding bugs to verifying, disclosing, and patching them.
Early partner and tester results point in the same direction. Cloudflare logged 2,000 bugs, including 400 high or critical, with a false-positive rate its team considers better than humans. The UK AI Security Institute reported Mythos Preview as the first model to solve both of its end-to-end cyber ranges. Mozilla said testing the model for Firefox 150 yielded 271 fixes, over 10x more than Firefox 148 with Claude Opus 4.6. XBOW called the model a "significant step up" that delivers "absolutely unprecedented precision," and academic benchmarks ExploitBench and ExploitGym place it as the strongest performer, according to Anthropic.
Patch pipelines are already expanding. Palo Alto Networks shipped over five times its usual number of fixes in a recent release. Microsoft said new patch counts will "continue trending larger for some time." Oracle is finding and fixing vulnerabilities multiple times faster. Anthropic also cited a partner bank using Mythos Preview to detect and halt a fraudulent $1.5 million wire transfer.
Beyond partner code, Anthropic has scanned more than 1,000 open-source projects. The model flagged an estimated 6,202 high or critical issues (23,019 total). Of 1,752 issues triaged by six independent security firms or Anthropic, 90.6% were valid and 62.4% were confirmed high or critical. At current post-triage rates, Anthropic projects nearly 3,900 high or critical OSS vulnerabilities surfaced, with scanning ongoing.
Citing coordinated disclosure norms, Anthropic said fuller details will follow after patches are widely deployed.
What this means for the industry: if these early ratios hold, discovery becomes cheap and fast while remediation becomes the constraint. Security teams should expect sustained volume increases in inbound reports, shorter disclosure windows, and more frequent patch releases. The center of gravity shifts to triage quality, prioritization, and automated remediation.
- For vendors and platforms: build intake and triage capacity now. Establish clear SLAs for time-to-triage and time-to-patch, and expand patch pipelines and staged rollouts. Invest in automated fix generation, regression testing, and code ownership routing so high-severity issues do not age out. Treat model false positives and duplicates as an operational risk that needs metrics and suppression tooling.
- For open-source maintainers: prepare for a deluge. Set up structured reporting templates, reproducibility requirements, and maintainer schedules to avoid burnout. Coordinate with foundations and sponsors for backporting and long-term support when fixes span widely used versions.
- For defenders: assume adversaries can access comparable capability. Hardening and rapid patch adoption matter more than ever. Track exposure windows and exploitability, not just counts, and stage mitigations when patching is nontrivial.
- For compliance and procurement: clarify how code and findings are handled during scans, especially on private repositories. Logging, data retention, and disclosure workflows will be scrutinized by customers and regulators.
- Metrics to manage: triaged true-positive rate, mean time to remediate, coverage across critical assets, and fix regression rates. These will become board-level indicators alongside conventional vulnerability counts.
How founders should think about it:
- Opportunity layer: triage automation, exploit validation sandboxes, patch synthesis and review assistants, coordinated disclosure tooling, and workflow-native integrations (CI/CD, PRs, ticketing). Distribution will favor products that land inside developer workflows and security consoles with minimal friction.
- Moat: data and feedback loops from real triage outcomes and patch efficacy. Partnerships that embed at the SCM, CI, and cloud layer will matter more than model novelty.
- GTM: be explicit about buyer and budget (security vs engineering). Price on risk reduction and time saved, not on tokens or scans. Prove low noise and fast time-to-value.
- Risk: parity in model capability compresses feature differentiation. Be crisp on data handling, legal posture around vulnerability disclosure, and safeguards that prevent leaking sensitive code or exploit details.
How investors should think about it:
- Diligence for defensibility in workflow integration, data network effects from validated findings, and partnerships with code hosts and major vendors. Validate operational metrics (true-positive rate, time-to-fix impact) with design partners.
- Expect spend to migrate from discovery to remediation. Back teams that collapse triage and patch cycles without drowning customers in alerts.
- Underwrite go-to-market with security buyers: long enterprise sales, proof-of-value requirements, and compliance obligations. Evaluate liability management and disclosure track records alongside model costs and margins.