Anthropic on Friday disclosed that Venture Glasswing has helped uncover greater than 10,000 high- or critical-severity vulnerabilities throughout among the most “systemically” vital software program the world over for the reason that cybersecurity initiative went dwell final month.
Venture Glasswing is an effort led by the factitious intelligence (AI) firm, as a part of which a small set of about 50 companions have obtained entry to Claude Mythos Preview, a frontier mannequin with capabilities to seek out vulnerabilities in widely-used software program.
Of those vulnerabilities, 6,202 have been categorized as high- or critical-severity flaws impacting greater than 1,000 open-source initiatives. Subsequent evaluation of those vulnerability candidates has recognized that 1,726 are legitimate true positives. As many as 1,094 flaws are assessed to be both high- or critical-severity.
One of many recognized weaknesses is a essential flaw in WolfSSL (CVE-2026-5194, CVSS rating: 9.1) that would enable an attacker to forge certificates and masquerade as a professional service. In all, these efforts have led to 97 findings being patched upstream and 88 advisories being issued.
“The relative ease of discovering vulnerabilities in contrast with the issue of fixing them quantities to a significant problem for cybersecurity,” Anthropic acknowledged. “Confronting this problem efficiently will make our software program far safer than earlier than.”
The event comes as software program distributors are transport extra fixes than ever earlier than, pushed by a surge in AI-assisted vulnerability discovery, with Microsoft noting that the variety of new patches it expects to launch on a month-to-month foundation to “proceed trending bigger for a while.”
Autonomous offensive security platform XBOW has described Mythos Preview as “a significant advance” that is “considerably higher than prior fashions at discovering vulnerability candidates” and “adept at analyzing supply code with a security mindset.” Latest analyses have additionally discovered the mannequin to excel at turning vulnerabilities into end-to-end assault chains.
Mythos Preview’s utility, Anthropic added, goes past discovering security flaws. In a single case, a Glasswing accomplice financial institution is claimed to have leveraged the AI mannequin to detect and stop a fraudulent $1.5 million wire switch after an unknown risk actor breached a buyer’s electronic mail account and made spoof telephone calls.
Provided that fashions with comparable capabilities to Mythos might turn into broadly accessible within the close to future, Anthropic is urging software program builders to shorten their patch cycles and make security fixes accessible as shortly as potential. It is value mentioning right here that Oracle has just lately shifted to a month-to-month patch cycle to deal with essential security points.
“Community defenders ought to shorten their patch testing and deployment timelines,” Anthropic stated. “These embody steps like hardening networks’ default configurations, imposing multi-factor authentication, and conserving complete logs for detection and response.”
The AI firm additionally stated it has launched a Cyber Verification Program that permits security professionals to make use of its fashions with out guardrails for professional functions corresponding to vulnerability analysis, penetration testing, and crimson teaming. That is just like OpenAI’s Dawn, which additionally permits defenders to leverage GPT-5.5-Cyber for specialised workflows.
Fashions like Mythos Preview and GPT-5.5-Cyber have but to be launched to the general public owing to issues that there at present exist no ample safeguards to forestall their misuse at a big scale.
“Glasswing helps probably the most systemically vital cyber defenders achieve an uneven benefit,” it identified. “Nonetheless, there’s an pressing want for as many organizations as potential to shore up their cyber defenses. We hope that our typically accessible fashions, and the brand new instruments, assets, and analysis we’re offering to accompany them, will help these organizations to enhance their cybersecurity posture.”
