A major cybersecurity storm is currently brewing across the technology industry. Just one month after launching its private security initiative, Project Glasswing, artificial intelligence startup Anthropic released a staggering progress report. The company’s unreleased and highly secretive model, Claude Mythos Preview, has already helped independent researchers and corporate partners discover more than 10,000 high- or critical-severity software vulnerabilities across the most important digital systems on the planet.
Anthropic designed Project Glasswing to act as a massive defensive shield for the internet’s infrastructure. The startup currently shares the highly capable Mythos model with a selective group of approximately 50 partner organizations, including technology giants like Microsoft and security leaders like Cloudflare. The goal is simple: find and patch deep, decades-old security flaws before malicious hackers can develop similar automated AI tools to exploit them.
This initial progress report highlights a massive shift in how the tech industry handles digital safety. Finding complex, hidden bugs used to take human engineers months of painstaking manual research. Now, the Mythos model has sped up this process by more than ten times. The central challenge in cybersecurity is no longer finding the security holes; instead, the bottleneck has shifted to how fast human developers can actually verify, disclose, and write software patches to fix them.
Several major corporate partners have reported incredible results from their initial audits. The web-security giant Cloudflare ran the Mythos model against its systems and flagged 2,000 potential issues. Out of those, engineers verified 400 as high- or critical-severity flaws. More importantly, Cloudflare noted that the AI’s false-positive rate—the frequency of flagging fake bugs—was actually lower than that of standard human-led audits.
The software updates are already hitting everyday consumers. Mozilla used the advanced tool to audit its Firefox browser, finding and patching exactly 271 vulnerabilities. This represents a massive ten-fold increase in the number of security bugs found compared to previous testing methods. Meanwhile, Microsoft warned its corporate clients that its monthly security patch updates will trend significantly larger for quite some time, simply because the AI is uncovering a massive volume of previously hidden flaws.
Anthropic also aimed its powerful model at the open-source software ecosystem, which forms the underlying foundation of the global web. The AI scanned more than 1,000 open-source repositories and flagged 23,019 potential issues. After a careful human review, researchers verified 6,202 of those as valid, high-severity vulnerabilities. This massive scan is a huge win for the public internet, as open-source projects usually lack the funding and staff needed to perform deep security checks.
The financial scale of this safety initiative is massive. To make Project Glasswing a success, Anthropic committed up to $100 million in free software credits so its partners could run the power-hungry Mythos model. The company also donated $4 million in cash to open-source security groups to help developers write and distribute patches quickly. In a world where data breaches cost businesses massive fortunes, even a minor 1.5% decrease in overall software vulnerabilities can save the global economy billions of dollars in recovery costs.
Many tech enthusiasts want to know why Anthropic keeps the Claude Mythos Preview model behind closed doors. The company explained that the software is currently too dangerous to release to the public. In the wrong hands, the AI could act as a high-tech master key, allowing malicious actors to automatically discover and exploit zero-day security holes in major operating systems. Anthropic insists on keeping the model private until developers can establish much better safety guardrails for these types of tools.
Ultimately, Project Glasswing proves that the future of web security is a race against time and technology. Software developers are shipping more security fixes than ever before, but they are still struggling to keep up with the speed of machine-led discoveries. By using the AI purely for defense, Anthropic hopes to patch the world’s most vulnerable systems before rival nations can build their own automated hacking tools, ensuring the internet remains a safer place for everyone.
