More than 10,000 high- or critical‑severity software vulnerabilities have surfaced from testing since early April, Anthropic said Tuesday as it broadened access to Project Glasswing.
Anthropic expands Project Glasswing to 150 organizations in 15 countries
Anthropic announced an expansion of Project Glasswing that adds roughly 150 organizations across 15 countries to the program. The move follows an initial cohort of about 50 partners that were named when Anthropic first launched the initiative. Those early members included Amazon Web Services, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, among others. Anthropic did not publish a roster for the new cohort; CyberScoop was told by sources that Rubrik, a cloud security and data management company, is among the organizations granted access in this round.
Claude Mythos Preview: scale of discoveries and independent validation
Anthropic’s restricted Claude Mythos Preview model — the tool used inside Project Glasswing — has already flagged a very large volume of defects. The company reported the model surfaced more than 10,000 high‑ or critical‑severity vulnerabilities since the program’s April launch. Anthropic also used Mythos to scan over 1,000 open‑source projects and flagged 23,019 potential vulnerabilities, of which 6,202 were estimated as high or critical.
Independent review has supported a high true‑positive rate: of 1,752 high‑ or critical‑rated findings that were independently reviewed, more than 90% were confirmed valid. Individual partners reported dramatic uplifts in discovery rates. Cloudflare identified 2,000 bugs across its critical‑path systems, including 400 rated high or critical, and characterized the model’s false‑positive rate as better than that of human testers. Mozilla said it found and fixed 271 vulnerabilities in Firefox 150 while testing the model — more than ten times the number found in a previous Firefox release using an earlier Anthropic model. Several other partners reported more than tenfold increases in bug discovery after deploying the model.
New cohort reaches power, water, healthcare, communications, and hardware vendors
Anthropic said the latest cohort brings in sectors that were underrepresented in the first wave: power, water, healthcare, communications, and hardware. The company highlighted that many of the new partners are vendors whose codebases underpin critical infrastructure systems, signaling an intent to map weaknesses in software that supports essential services.
Anthropic declined to name the majority of organizations in the new cohort; beyond the source tip about Rubrik, the company provided no additional roster details in its announcement.
The human bottleneck: triage, disclosure, and patching
Despite the enhanced ability to find flaws, Anthropic warned that discovery is only the first step. “The bottleneck in fixing bugs like these is the human capacity to triage, report, and design and deploy patches for them,” the company said in its blog post. That constraint matters because it can determine whether attackers gain time to exploit vulnerabilities before they are remediated.
The concern is echoed in a joint report from the Cloud Security Alliance, the SANS Institute, and OWASP, which concluded organizations are “likely to be overwhelmed” in the near term by threat actors using AI to discover and exploit vulnerabilities faster than defenders can patch them. Anthropic has therefore framed its access program as a controlled way to surface and remediate problems while avoiding broad public release of its most powerful models.
Responses: Anthropic’s distribution policy and Claude Security
Anthropic said it will not release Mythos‑class models to the general public, citing insufficient safeguards against serious misuse. In the interim, the company has released Claude Security, a product built on its publicly available Claude Opus 4.8 model. Anthropic reported Claude Security was used to patch more than 2,100 vulnerabilities in three weeks, offering a more widely distributable toolset while constraining access to the restricted Mythos Preview.
What this means for technologists, policymakers, and critical‑infrastructure vendors
- Technologists and security teams: Rapid, AI‑driven discovery can dramatically increase the number of actionable findings—teams will need to plan for scaling triage and patch processes, since Anthropic identifies human capacity as the limiting factor.
- Policymakers and regulators: The announcement coincided with a scaled‑back executive order on AI security from the Trump administration that creates a voluntary framework for government review of advanced models up to 30 days before public release. That regulatory timing frames a broader debate over how access to powerful discovery tools should be controlled.
- Critical‑infrastructure vendors and maintainers of open‑source projects: Many newly added partners underpin essential services; the expanded testing and the high validation rate reported by Anthropic imply both opportunity and urgency for these vendors to accelerate vulnerability management and coordinated disclosure.
Anthropic’s expansion of Project Glasswing illustrates a central tension: AI can multiply the pace and scale of vulnerability discovery, but human systems for triage, disclosure, and patching may not keep up. The company’s controlled distribution approach — Mythos for select partners, Claude Security for broader use — will be a test case for whether defenders can turn a flood of findings into faster fixes without opening new avenues for misuse.




