Glasswing Update: Mythos Found 10K+ Vulns

10,000 Vulnerabilities in 30 Days

Anthropic dropped its first Project Glasswing progress report on May 22, 2026, and the headline number is staggering: Claude Mythos Preview — the restricted, cybersecurity-focused variant of Claude — uncovered over 10,000 high and critical severity vulnerabilities across major software in its first month of operation (per Anthropic's initial Glasswing update).

That's not a typo. Ten thousand. In one month. For context, the entire CVE database logged roughly 28,000 new entries across all of 2024, according to NIST's National Vulnerability Database. One AI system, running for 30 days under controlled conditions, found a volume of serious flaws that represents a meaningful fraction of what the entire global security community surfaces in a year.

The announcement hit X and immediately went viral — Anthropic's post cleared 1 million views within hours. And for good reason: this isn't a benchmark score or a demo. It's real vulnerabilities in real software, disclosed through real responsible-disclosure channels.

What Glasswing and Mythos Actually Are

We covered the initial Glasswing announcement in detail back in April. The short version: Project Glasswing is Anthropic's initiative to deploy AI for defensive cybersecurity. Claude Mythos Preview is the specialized model at its core — a version of Claude fine-tuned specifically for vulnerability discovery, exploit analysis, and security auditing.

Mythos is not publicly available. Anthropic restricts access to vetted security partners, government agencies, and approved researchers. You can't sign up for an API key. This is deliberate — a model that autonomously finds exploitable vulnerabilities in production software is, by definition, dual-use. Anthropic's position is that the defensive value outweighs the risk, but only under controlled access.

The Glasswing program page at anthropic.com/glasswing outlines the structure: Mythos operates under strict responsible-disclosure protocols, with findings reported to affected vendors before any public acknowledgment. The 10,000+ number in this update represents vulnerabilities that have already entered the disclosure pipeline.

Why Discovery Outpacing Patching Is the Real Story

Here's what most of the breathless coverage is missing: finding vulnerabilities was never the hard part. Patching them is.

The cybersecurity industry has operated for decades on the assumption that vulnerability discovery is the bottleneck. Bug bounty programs, security audits, penetration testing firms — the entire ecosystem is built around the premise that finding flaws is expensive and slow, so we should incentivize more of it.

Mythos just obliterated that assumption. When a single AI system can surface 10,000+ high-severity issues in a month, the bottleneck violently shifts downstream:

• Vendor triage capacity: Most software companies have security teams sized to handle dozens or hundreds of incoming vulnerability reports per quarter, not thousands per month. The sheer volume of Mythos findings could overwhelm disclosure processes.
• Patch development bandwidth: Every confirmed vulnerability needs a fix developed, tested, and rolled out. Engineering teams have finite sprint capacity. A flood of legitimate critical findings creates an impossible prioritization problem.
• Deployment lag: Even after patches ship, enterprise adoption timelines haven't changed. Large organizations still take 60-90 days on average to deploy critical patches, per Qualys's annual reports. That window is where attackers live.

My read: Glasswing's most important contribution isn't the vulnerabilities it found — it's forcing the industry to confront the fact that our entire patching infrastructure was designed for a world where discovery was the scarce resource. That world is over.

The Responsible Disclosure Question

Anthropic's announcement emphasizes that all findings go through coordinated disclosure. That's the right move, and it's also the only viable one — releasing 10,000 unpatched vulnerabilities into the wild would be catastrophic.

But responsible disclosure at this scale creates its own tensions. The standard disclosure timeline — typically 90 days from vendor notification to public acknowledgment — was designed for a world where a handful of researchers submit a handful of bugs. What happens when one system generates findings faster than vendors can process them?

A few scenarios worth watching:

• Disclosure queue backlogs: If Mythos keeps finding vulnerabilities at this rate, vendors could have hundreds of unpatched, known-to-Anthropic flaws at any given time. The longer that list sits, the higher the risk of parallel discovery by malicious actors.
• Prioritization pressure: Not all critical vulnerabilities are equally exploitable. Anthropic will need to help vendors triage — which means sharing enough technical detail to enable prioritization without enabling exploitation.
• Government involvement: The Japan news (more on that below) signals that nation-states see Glasswing-style capabilities as strategically important. Expect pressure to share findings with national CERTs and intelligence agencies, which adds complexity to the disclosure process.

Japan Enters the Picture

On the same day as the Glasswing update, reporting from Nippon News indicated that Japan is in negotiations for access to Anthropic's cybersecurity capabilities. The timing isn't coincidental.

Japan has been aggressively expanding its cybersecurity posture over the past two years, driven by escalating threats to its critical infrastructure and supply chains. Access to Mythos-level vulnerability discovery would represent a significant upgrade to Japan's defensive toolkit — and a strong signal about which AI partnerships Tokyo considers strategically important.

This also fits a pattern in Anthropic's recent moves. The company has been building out government and institutional partnerships at a rapid clip: the $200 million Gates Foundation deal, the $1.8 billion Akamai compute agreement, the SpaceX GPU lease. Glasswing gives Anthropic something none of its competitors can currently offer — a proven, operational AI cybersecurity capability that governments actively want.

The geopolitical angle

I think this matters more than the technical achievement. OpenAI has consumer distribution. Google has infrastructure. Anthropic is carving out a niche as the AI company that governments trust with sensitive security work. If Glasswing delivers on its early results, that positioning becomes a durable competitive advantage — one that's much harder to replicate than a benchmark score.

What We Don't Know Yet

Anthropic's update is deliberately light on specifics, and that's worth noting honestly. Key gaps:

• Which software was scanned: "Major software" is vague. We don't know if this means operating systems, web frameworks, enterprise applications, open-source libraries, or some mix. The severity and relevance of 10,000 findings depends entirely on what was being examined.
• Vulnerability type breakdown: Are these memory corruption bugs? Logic errors? Authentication bypasses? API misconfigurations? The category distribution matters enormously for understanding Mythos's actual capabilities versus what existing static analysis tools already catch.
• False positive rate: 10,000 reported vulnerabilities means little if the confirmed rate is 20%. Anthropic hasn't published validation metrics. Serious security teams will want to see precision and recall numbers before trusting Mythos findings at face value.
• Overlap with known CVEs: How many of these 10,000+ are genuinely novel versus rediscoveries of known-but-unpatched issues? Both are valuable, but they represent very different capabilities.
• Partner feedback: We haven't heard from the vendors receiving these disclosures. Their experience — useful signal or overwhelming noise? — will determine whether Glasswing scales.

These aren't criticisms. It's a first update, and responsible disclosure limits what can be shared publicly. But anyone citing the 10,000 number should acknowledge these open questions.

How This Compares to the Competition

Anthropic isn't alone in applying AI to security. Google's Project Zero has used ML-assisted fuzzing for years. Microsoft's Security Copilot applies GPT-4-class models to threat analysis. Startups like Synack, Snyk, and Wiz use AI for various security workflows.

But none of them have published results at this scale. The closest comparison might be Google's OSS-Fuzz, which has found roughly 10,000 bugs in open-source software — but over seven years of operation, not one month. If Mythos's numbers hold up under scrutiny, the capability gap is significant.

The key differentiator is autonomy. Most existing AI security tools augment human researchers — they flag suspicious patterns, suggest areas to investigate, or automate repetitive scanning tasks. Mythos, based on Anthropic's description, operates more like an autonomous security researcher: it identifies targets, develops hypotheses about potential vulnerabilities, crafts inputs to test them, and validates findings. That's a qualitative leap, not an incremental improvement.

What Happens Next

Three things to watch:

1. Vendor response times. The real test of Glasswing's impact isn't how many vulnerabilities Mythos finds — it's how fast they get fixed. If the patching pipeline can't absorb the volume, the program creates risk even as it discovers it. Anthropic will need to publish metrics on time-to-patch for disclosed vulnerabilities.

2. Access expansion. Japan appears to be first in line, but other governments and large enterprises will follow. How Anthropic manages the access list — and whether it charges for Glasswing partnerships or treats them as a public good — will shape the program's long-term impact.

3. Adversarial response. If Mythos is finding vulnerabilities at this rate, it's reasonable to assume that state-sponsored offensive teams are building similar capabilities. The uncomfortable truth is that AI-powered vulnerability discovery is inherently dual-use. The question is whether the defenders can patch faster than the attackers can exploit — and right now, the patching infrastructure isn't built for this tempo.

The honest take: Glasswing's first update is genuinely impressive, but the number that matters isn't 10,000 vulnerabilities found. It's whatever the patch rate turns out to be. Discovery without remediation is just a very expensive list of problems.

Anthropic has built something that could meaningfully shift the cybersecurity balance toward defense — but only if the rest of the ecosystem can keep up. That's not an AI problem. It's an organizational one, and it's going to be much harder to solve.