Anthropic released early results from Project Glasswing, showing that Claude Mythos Preview and around 50 partners identified more than 10,000 high- and critical-severity vulnerabilities in one month.
Anthropic says the project tests whether advanced AI can improve defensive cybersecurity while recognising the risks of misuse.
Key findings include:
Cloudflare reportedly identified over 2,000 vulnerabilities with fewer false positives than human testers
Mozilla fixed 271 Firefox vulnerabilities using the system
Anthropic scanned 1,000+ open-source projects, with nearly 3,900 validated vulnerabilities confirmed after review
One banking partner reportedly prevented a fraudulent $1.5 million wire transfer using Mythos
Anthropic said participants found Mythos significantly accelerated vulnerability discovery and code analysis workflows.
The company plans to expand Project Glasswing to more partners, including governments, but says Mythos remains restricted due to concerns around misuse and insufficient safeguards.
The results raise major questions for organisations and governments:
Can organisations patch vulnerabilities as quickly as AI discovers them?
What happens when similar tools become widely available to attackers?
Are current governance frameworks ready for AI-driven cyber operations?
How can teams validate AI-generated findings at scale?
Why important?
Projects like Glasswing highlight both the promise and risk of AI in cybersecurity. AI is accelerating vulnerability discovery faster than many organisations can respond, increasing pressure on governance, security operations, and oversight.
As AI cyber capabilities continue advancing globally, the challenge is no longer whether these systems will exist, but whether organisations and governments are prepared for their impact.
Check out our article on:
The Mythos Moment: Why Banking’s Next Transformation Is About People, Not Technology
