Project Glasswing: Claude Mythos, 10,000+ Zero-Days, and the New Cybersecurity Bottleneck.
Anthropic's Project Glasswing uses Claude Mythos Preview to find high-severity vulnerabilities across critical software. The result is a warning about AI security, zero-day discovery, and the human bottleneck in patching.
Introduction
Anthropic’s Project Glasswing may be one of the most important AI security stories of 2026.
The initiative gives a controlled group of partners access to Claude Mythos Preview, an unreleased frontier model Anthropic says is unusually capable at finding and exploiting software vulnerabilities. The launch partners include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.
The purpose is defensive: use the model to find dangerous bugs in critical software before attackers can. But the early results reveal something more uncomfortable. AI may now be able to discover vulnerabilities faster than the security ecosystem can verify, disclose, and patch them.
That is the core Project Glasswing lesson.
What Claude Mythos Can Do
Claude Mythos Preview is not being released broadly. Anthropic describes it as a general-purpose frontier model whose coding ability translates directly into cybersecurity capability.
Mythos is not merely a scanner that recognizes known bug patterns. It is being used as an autonomous vulnerability researcher across large, complex codebases.
That distinction matters. According to Anthropic, it has found thousands of high-severity vulnerabilities, including issues in every major operating system and web browser. External examples include multistep cyber ranges, browser and system-level vulnerability work, and large-scale codebase analysis.
The UK’s AI Security Institute reported that Mythos Preview became the first model to solve both of its cyber ranges end to end. Mozilla used Mythos Preview while testing Firefox 150 and found and fixed 271 vulnerabilities, more than ten times as many as it found in Firefox 148 with Claude Opus 4.6.
Those numbers suggest a step change. Security models are moving from “helpful assistant” toward “autonomous vulnerability researcher.”
The Numbers Behind Project Glasswing
After the first month, Anthropic said Project Glasswing partners had collectively found more than ten thousand critical- or high-severity vulnerabilities.
Anthropic scanned more than 1,000 open-source projects and estimated 23,019 total issues, including 6,202 high- or critical-severity vulnerabilities.
Of 1,752 high- or critical-rated findings that had been carefully assessed by independent security firms or Anthropic, 90.6% were valid true positives, and 62.4% were confirmed as high or critical severity.
One example is CVE-2026-5194, a now-patched flaw in wolfSSL, a cryptography library used across billions of devices. Anthropic says Mythos Preview constructed an exploit that could allow forged certificates, making it possible to host a fake site that would appear legitimate to an end user.
This is not hypothetical security theater. These are the kinds of vulnerabilities that affect operating systems, browsers, infrastructure providers, and open-source packages that sit beneath huge parts of the internet.
The New Bottleneck: Humans
The most important line in Anthropic’s update is not about how many bugs Mythos found. It is about what happens next.
At the time of Anthropic’s update, 75 of 530 reported high- or critical-severity open-source bugs had been patched, and 65 had public advisories.
Finding vulnerabilities has become easier. Fixing them has not.
Anthropic estimated that another 827 confirmed vulnerabilities were queued for disclosure.
That drop-off is the story. Verification takes time. Coordinated disclosure takes time. Maintainers need to reproduce issues, assess severity, design patches, review changes, ship releases, and wait for downstream adoption. Open-source maintainers were already overloaded before frontier models started producing high-quality vulnerability reports at scale.
AI has inverted the old bottleneck. The scarce resource is no longer bug discovery. It is trusted human capacity.
Claude Security and the Broader Rollout
Anthropic is not releasing Claude Mythos Preview to the public. Instead, it is expanding adjacent defensive tools.
Claude Security is now in public beta for Claude Enterprise customers. It scans codebases for vulnerabilities and can generate proposed fixes. Anthropic says Claude Opus 4.7 was used to patch more than 2,100 vulnerabilities in the first three weeks after launch.
Anthropic has also started a Cyber Verification Program for approved security professionals and is making parts of the Mythos workflow available to qualifying teams. That includes custom skills, an automated scanning and reporting harness, and a threat-modeling tool that helps identify and prioritize likely attack targets.
This is a sensible middle path: do not broadly release the most dangerous capability, but do push defensive tooling into the hands of trusted teams that can harden real systems.
Why Project Glasswing Matters
Project Glasswing is a policy story as much as a security story.
Governments are trying to understand how to regulate dual-use AI systems. A model that can find and exploit software vulnerabilities is obviously valuable to defenders, but it is also dangerous in the wrong hands. Anthropic’s approach points toward a possible governance pattern: controlled access, vetted partners, structured disclosure, and public reporting where it does not endanger users.
That will not solve everything. It also creates difficult questions about who gets access, who verifies claims, and how much power private AI labs should have over critical security workflows.
But the alternative is not comforting. If models like Mythos are possible inside one lab, similar capabilities will eventually spread. The question is whether defenders can use them first and well enough to reduce the global attack surface before attackers get the same leverage.
The bottom line is blunt: AI is changing cybersecurity from a discovery-constrained field into a patching-constrained field. The winners will be the teams that can turn vulnerability intelligence into shipped fixes at machine speed without losing human judgment.
Project Glasswing is the warning shot.