Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most “systemically” important software across the world since the cybersecurity initiative went live last month.
Project Glasswing is an effort led by the artificial intelligence (AI) company, as part of which a small set of about 50 partners have obtained access to Claude Mythos Preview, a frontier model with capabilities to find vulnerabilities in widely-used software.
Of these vulnerabilities, 6,202 have been classified as high- or critical-severity flaws impacting more than 1,000 open-source projects. Subsequent analysis of these vulnerability candidates has identified that 1,726 are valid true positives. As many as 1,094 flaws are assessed to be either high- or critical-severity.
One of the identified weaknesses is a critical flaw in WolfSSL (CVE-2026-5194, CVSS score: 9.1) that could allow an attacker to forge certificates and masquerade as a legitimate service. In all, these efforts have led to 97 findings being patched upstream and 88 advisories being issued.
“The relative ease of finding vulnerabilities compared with the difficulty of fixing them amounts to a major challenge for cybersecurity,” Anthropic acknowledged. “Confronting this challenge successfully will make our software far safer than before.”
The development comes as software vendors are shipping more fixes than ever before, driven by a surge in AI-assisted vulnerability discovery, with Microsoft noting that the number of new patches it expects to release on a monthly basis to “continue trending larger for some time.”
Autonomous offensive security platform XBOW has described Mythos Preview as “a major advance” that’s “substantially better than prior models at finding vulnerability candidates” and “adept at analyzing source code with a security mindset.” Recent analyses have also found the model to excel at turning vulnerabilities into end-to-end attack chains.
Mythos Preview’s utility, Anthropic added, goes beyond finding security flaws. In one case, a Glasswing partner bank is said to have leveraged the AI model to detect and prevent a fraudulent $1.5 million wire transfer after an unknown threat actor breached a customer’s email account and made spoof phone calls.
Given that models with similar capabilities to Mythos could become broadly available in the near future, Anthropic is urging software developers to shorten their patch cycles and make security fixes available. It’s worth mentioning here that Oracle has recently shifted to a monthly patch cycle to address critical security issues.
“Network defenders should shorten their patch testing and deployment timelines,” Anthropic said. “These include steps like hardening networks’ default configurations, enforcing multi-factor authentication, and keeping comprehensive logs for detection and…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
