Anthropic Glasswing 2026: Claude Mythos Flags 10K Critical Bugs

LONDON, Saturday, May 30, 2026 — Anthropic's first formal update on Project Glasswing has confirmed what defenders feared and offenders coveted: a frontier language model, narrowly released to roughly 50 partners, has surfaced more high- and critical-severity software flaws in four weeks than most enterprise security teams find in a year. Anthropic and its approximately 50 partners have used Claude Mythos Preview to find more than ten thousand high- or critical-severity vulnerabilities across the most systemically important software in the world.

The headline number — 10,000 — is less interesting than the structural shift Anthropic is now describing. Progress on software security used to be limited by how quickly we could find new vulnerabilities. Now it's limited by how quickly we can verify, disclose, and patch the large numbers of vulnerabilities found by AI. That sentence, buried in the company's research note, is the real news. For two decades the cybersecurity economy has been organised around scarcity of vulnerability discovery; bug bounties, pen-test contracts and zero-day brokerages all price that scarcity. Mythos Preview compresses it toward zero.

Anthropic paired the update with a commercial move: it released Claude Security in public beta for Claude Enterprise customers. It's a tool that helps teams scan their codebases for vulnerabilities, and which can generate proposed fixes for them. In the three weeks since launch, Claude Opus 4.7 has been used to patch over 2,100 vulnerabilities. The pitch to CISOs is no longer "find more bugs" but "close them faster than your adversary can weaponise the same models." Engadget and The Hacker News both anchored their coverage on the disclosure cadence; this analysis focuses on the bottleneck economics behind it.

Media Coverage Analysis

The five outlets covering Glasswing's update agreed on the top-line number but split sharply on what they considered the story. Trade press read it as a vulnerability-management problem; consumer tech press read it as an AI-capability milestone; enterprise security press read it as a procurement signal.

Anthropic's own framing

The company's research post leads with capability and ends with safeguards. The speed of AI progress means that models as capable as Mythos Preview will soon be developed by many different AI companies. At present, no company—including Anthropic—has developed safeguards strong enough to prevent such models from being misused and potentially causing severe harm. That is why we have yet to release Mythos-class models to the public. It is a deliberately uncomfortable message: the model is too dangerous to ship, but too valuable not to deploy through 50 hand-picked partners.

Engadget: the capability story

Engadget emphasised the scale of partner findings and the operational implications for Microsoft's patch cycle. Microsoft's recent announcement that its patch releases will "continue trending larger for some time" is apparently because of the bugs it found through Mythos Preview. The piece also flagged a claim Anthropic chose not to publish.

The Hacker News: defensive-economics framing

The Hacker News placed the story inside the broader frontier-lab race, citing a Cyber Verification Program that allows security professionals to use its models without guardrails for legitimate purposes such as vulnerability research, penetration testing, and red teaming. This is similar to OpenAI's Daybreak, which also allows defenders to leverage GPT-5.5-Cyber for specialized workflows.

Related: Cyera Adds $3B in Valuation to Reach $9B in Six Months

CSO Online: the patching bottleneck

CSO Online went deepest on the disclosure-versus-patch gap, citing Info-Tech analyst Mark Tauschek and reporting that Anthropic estimated that it has disclosed 530 high or critical severity bugs to maintainers so far, and is aiming to disclose another 827. Of those 530 bugs, 75 have been patched, and there have been 65 public advisories.

Help Net Security: the validation rate

Help Net Security led on signal quality, noting that the company and six independent security research firms have assessed 1,752 of those high- or critical-severity findings, and more than 90% were validated as true positives.

Media Coverage Comparison

Outlet	Headline	Focus Angle	Key Quote
Anthropic	Project Glasswing: An initial update	Capability + safeguard tension	"Now it's limited by how quickly we can verify, disclose, and patch."
Engadget	Mythos has already found more than 10,000 vulnerabilities	Partner outputs, Microsoft patch impact	"Patch releases will continue trending larger for some time."
The Hacker News	Claude Mythos AI Finds 10,000 High-Severity Flaws	Frontier-lab race, Cyber Verification	"Substantially better than prior models at finding vulnerability candidates."
CSO Online	Project Glasswing has uncovered 10,000 vulnerabilities	Patch bottleneck, analyst reaction	"The cost of discovering software vulnerabilities has dropped dramatically."
Help Net Security	Claude Mythos identified 10,000+ software flaws	Validation rate, true-positive signal	"More than 90% were validated as true positives."

Related: Anthropic 2026: Karpathy Joins Pre-Training to Run Claude-on-Claude R&D

Key Takeaways

• Discovery is no longer the constraint. Software security used to be limited by how quickly we could find new vulnerabilities; now it's limited by how quickly we can verify, disclose, and patch.
• Validation rates are high enough to defeat the "AI noise" objection — 90.6% of independently assessed findings proved to be valid true positives.
• Mozilla's tenfold jump is the cleanest before/after data point. Mozilla reported finding and fixing 271 vulnerabilities in Firefox 150 while testing Mythos Preview, more than ten times the number identified during testing of Firefox 148 with Claude Opus 4.6.
• Cloudflare scaled the effect across a perimeter platform — Cloudflare found 2,000 bugs, 400 of which are high or critical in severity.
• The open-source supply chain is exposed. Anthropic has also scanned more than 1,000 open-source projects with Mythos, and has identified 23,019 issues, of which 6,202 were high- or critical-severity vulnerabilities.
• Patch capacity is the choke point — only 75 of 530 disclosed open-source bugs fixed, with maintainers asking Anthropic to slow disclosures.
• Commercial productisation is already live via Claude Security in public beta, with Claude Opus 4.7 used to patch over 2,100 vulnerabilities in three weeks.
• Anthropic is gating Mythos-class models behind safeguards and is in active dialogue with US and allied governments.

Market & Industry Analysis

Glasswing arrives in a market the trade press has been pricing aggressively. Frontier-lab cyber tooling, automated penetration-testing platforms, and AI-assisted SAST vendors are converging into a single category — and Mythos Preview's results validate the upper bound of what foundation-model-driven discovery can achieve. The competitive question is not whether AI will compress vulnerability-discovery costs; Tauschek told CSO Online that the update validates the practical reality that IT and security leaders now have to deal with the fact that the cost of discovering software vulnerabilities has dropped dramatically. The question is who captures the patch-side spend that follows.

For deeper context, see our AI Security analysis: "Emerging AI Security Risks and The Case of OpenClaw Moltbot AI Agent".

Anthropic's partner roster is unusually deep for a research preview. In April 2026, Anthropic launched Project Glasswing and gave Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and other partners in the open source community access to the LLM, to help them secure critical software before AI systems can be used to target it. That list reads as a coordinated industry response — the hyperscalers, the network and endpoint vendors, the largest US bank, and the open-source steward all at the same table.

Cisco's posture is instructive. "AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats, and there is no going back. Our foundational work with these models has shown we can identify and fix security vulnerabilities across hardware and software at a pace and scale previously impossible. That is a profound shift, and a clear signal that the old ways of hardening systems are no longer sufficient. Providers of technology must aggressively adopt new approaches now, and customers need to be ready to deploy. That is why Cisco joined Project Glasswing—this work is too important and too urgent to do alone." Microsoft, meanwhile, is signalling longer patch trains. The competitive map below summarises positioning.

Competitive Positioning

Company	Position	Key Differentiator	Recent Move
Anthropic	Frontier model provider	Mythos Preview + Claude Security beta	Glasswing initial update, May 2026
Microsoft	OS + cloud incumbent	Patch-cycle scale	Signalled larger upcoming patches
Cisco	Network/infra vendor	Hardware + software hardening	Open-sourced Glasswing-derived tooling
Mozilla	Open-source browser	Public before/after benchmark	271 Firefox 150 fixes
Cloudflare	Edge/security platform	Perimeter scanning at scale	2,000 bug discoveries

Related: Cisco Patches Critical API Flaw in Secure Workload, Raising Enterprise Security Stakes

Technical & Strategic Deep Dive

Model performance and validation

The headline 10,000 figure is partner-aggregated. Anthropic's own scan tells a cleaner technical story. Anthropic has scanned more than 1,000 open-source projects with Mythos, and has identified 23,019 issues, of which 6,202 were high- or critical-severity vulnerabilities. The company and six independent security research firms have assessed 1,752 of those high- or critical-severity findings, and more than 90% were validated as true positives. An external assessment from autonomous-security vendor XBOW reinforces the result: XBOW described Mythos Preview as "a major advance" that's "substantially better than prior models at finding vulnerability candidates" and "adept at analyzing source code with a security mindset."

Additional coverage: AI Security Budgets Trimmed 35% as Bundled Guardrails and GPU Attestation Go Mainstream

From candidate to exploit

Mythos Preview is not only a finder. Recent analyses have also found the model to excel at turning vulnerabilities into end-to-end attack chains. The wolfSSL case study illustrates the stakes: Mythos identified a vulnerability in wolfSSL, an open-source cryptography library used by billions of devices, and constructed an exploit that would let an attacker forge certificates that would allow them to host a fake website for a bank or email provider. The flaw has been assigned CVE-2026-5194.

Tooling release

Anthropic is shipping the scaffolding alongside the model. The release includes the skills (custom instructions for repeated work) that we and our partners have built and shared; a harness that helps Claude map the codebase, spin up scanning subagents, triage its findings, and write reports; a threat model builder, which maps a codebase to identify potential targets for attack and prioritizes the model's work accordingly. The economics are also disclosed: Anthropic's commitment of $100M in model usage credits to Project Glasswing and additional participants will cover substantial usage throughout this research preview. Afterward, Claude Mythos Preview will be available to participants at $25/$125 per million input/output tokens (participants can access the model on the Claude API, Amazon Bedrock, Google Cloud's Vertex AI, and Microsoft Foundry).

Related: Anthropic Acquires Stainless: Inside the SDK Infrastructure Move Reshaping AI Developer Tooling

Why This Matters for Stakeholders

Enterprise Buyers

CISOs reading the Glasswing update should treat it as a forcing function. The cost of vulnerability discovery has collapsed for both sides; defensive posture now hinges on patch velocity, not detection budget. Anthropic's direct guidance: "Network defenders should shorten their patch testing and deployment timelines. These include steps like hardening networks' default configurations, enforcing multi-factor authentication, and keeping comprehensive logs for detection and response." For Claude Enterprise customers, the Claude Security beta provides a same-vendor patch-generation path; for everyone else, the procurement question is whether to wait for OpenAI's GPT-5.5-Cyber equivalent or contract now.

Related: AI Security investment accelerates as enterprises harden GenAI

Investors

The investment thesis around AI security has been validated structurally rather than by a single deal. Patch automation, vulnerability triage, software composition analysis, and OSS maintainer support are all now demonstrably under-capacitised. TechCrunch-tracked rounds in the application-security category were already running hot; Glasswing reframes the category from "find more bugs" to "close the patch gap." Public-market read-throughs include endpoint and network incumbents whose patch cadence is now under public scrutiny.

Competitors

For OpenAI, Google DeepMind, and Meta, Glasswing sets a public benchmark that any future cyber-focused frontier model will be measured against. The Hacker News notes parallel work: OpenAI's Daybreak also allows defenders to leverage GPT-5.5-Cyber for specialized workflows. Models like Mythos Preview and GPT-5.5-Cyber have yet to be released to the public owing to concerns that there currently exist no adequate safeguards to prevent their misuse at a large scale. The competitive playing field is now a constrained-access market rather than a public-launch market.

Regulators

Anthropic is explicitly inviting governmental engagement. Anthropic has also been in ongoing discussions with US government officials about Claude Mythos Preview and its offensive and defensive cyber capabilities. Securing critical infrastructure is a top national security priority for democratic countries—the emergence of these cyber capabilities is another reason why the US and its allies must maintain a decisive lead in AI technology. Governments have an essential role to play in helping maintain that lead, and in both assessing and mitigating the national security risks associated with AI models. We are ready to work with local, state, and federal representatives to assist in these tasks. Expect CISA, NCSC, and ENISA-level guidance updates within the next two quarters.

Related: Anthropic 2026: $900B Round Closes as Q2 Revenue Hits $10.9B

For deeper context, see our AI Security analysis: "How AI Guardrails Can Secure AI Agents Workflows in 2026".

Forward Outlook

Three trajectories are now visible. First, partner disclosures will accelerate: Anthropic estimated that it has disclosed 530 high or critical severity bugs to maintainers so far, and is aiming to disclose another 827. Second, the patch-capacity gap will widen before it narrows — just 75 of the 530 disclosed high- or critical-severity bugs have been patched so far. The bottleneck is human capacity to triage and fix. Some open-source maintainers have even asked Anthropic to slow the pace of disclosures, as a high- or critical-severity bug takes an average of two weeks to patch. Third, model proliferation will force a release decision: given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely.

Anthropic's own roadmap is explicit: Anthropic plans to work with partners, including the US government and allied governments, to expand Project Glasswing, and intends to make Mythos-class models generally available, but only after developing stronger safeguards. The most reliable forecast for the next twelve months is therefore not about Mythos itself but about the patch-tooling market that surrounds it — auto-PR generation, maintainer-side triage assistants, and CVE-pipeline automation are about to become first-class enterprise budget lines.

Disclosure

BUSINESS 2.0 has no commercial relationship with companies mentioned.

FAQ