Anthropic’s Project Glasswing has identified over 10,000 high- or critical-severity vulnerabilities in widely used software since its launch last month, according to The Hacker News. This initiative leverages the company’s advanced AI model, Claude Mythos Preview, to enhance cybersecurity efforts.
Among the findings, 6,202 vulnerabilities were classified as high- or critical-severity, affecting more than 1,000 open-source projects. Further analysis confirmed 1,726 as valid, with 1,094 deemed high- or critical-severity. Notably, a critical flaw in WolfSSL (CVE-2026-5194) was discovered, which could allow attackers to forge certificates and impersonate legitimate services. To date, 97 vulnerabilities have been patched, and 88 advisories issued.
Anthropic acknowledges the challenge in addressing these vulnerabilities, stating that the ease of discovery contrasts sharply with the difficulty of remediation. This surge in AI-assisted vulnerability detection has led software vendors to release more fixes than ever before. Microsoft anticipates a continued increase in monthly patches due to this trend.
Beyond vulnerability detection, Claude Mythos Preview has demonstrated utility in real-world scenarios. A partner bank used the AI model to prevent a fraudulent $1.5 million wire transfer, thwarting an attacker who had compromised a customer’s email and made spoof phone calls.
With the potential for similar AI models to become widely available, Anthropic urges software developers to expedite patch cycles and implement security fixes promptly. The company has also introduced a Cyber Verification Program, allowing security professionals to utilize its models without restrictions for legitimate purposes like vulnerability research and penetration testing.
As AI continues to revolutionize cybersecurity, the focus must shift from merely identifying vulnerabilities to effectively remediating them. Organizations need to enhance their patch management processes and adopt proactive security measures to keep pace with the rapid advancements in AI-driven vulnerability discovery.
Source: The Hacker News
