Anthropic has released the first results of its large-scale cybersecurity initiative, Project Glasswing, in which the AI Claude Mythos Preview is used to search for and analyze vulnerabilities in software. The project started in April 2026 and has already yielded significant results.
This is reported by Business • Media
Thousands of Critical Bugs: Experiences from Project Glasswing Partners
In the first month of operation, partner organizations of Anthropic identified over 10,000 high and critical-level vulnerabilities in the world’s most important software. Among them are technology giants, banks, and critical infrastructure operators, with about 50 involved.
For example, at Cloudflare, Mythos Preview identified 2,000 bugs, of which 400 had high or critical levels of danger. Company representatives noted that the false positive rate in Mythos Preview was lower than that of human testers.
Mozilla reported a significant increase in the effectiveness of vulnerability detection. During testing in Firefox 150, 271 vulnerabilities were found and fixed — more than ten times the results of the previous version, Claude Opus 4.6, in Firefox 148.
A separate incident occurred with the wolfSSL library, used by billions of devices. Mythos Preview was able to create an exploit that allowed for certificate forgery and imitation of banking or email service websites. Thus, the model revealed potentially serious security threats to millions of users.
“Previously, progress in software security was limited by how quickly we could find vulnerabilities. Now it is limited by how quickly we can verify, disclose, and fix them,” the company stated.
Additionally, Mythos Preview helped one of its partner banks prevent a fraudulent transfer of $1.5 million after the client’s email was compromised and spoofing calls were made.
Cybersecurity in a New Phase and Risks for the Industry
Anthropic reported that it has already reviewed over 1,000 open-source projects, and 6,202 of the vulnerabilities identified were classified as high or critical. After independent verification, 90.6% of these findings were confirmed as real threats.
The company emphasized that the number of identified bugs is so large that developers cannot keep up with timely patch releases. Some have approached Anthropic asking to slow down the pace of disclosing new vulnerabilities to have time to address them.
On average, developers spend about two weeks fixing a single critical vulnerability. However, new models like Mythos significantly reduce the time for detection and potential exploitation of bugs, increasing risks for digital infrastructure.
In this regard, Anthropic currently does not plan to open public access to Mythos-class models. Company representatives noted:
“At this time, no company, including Anthropic, has created strong enough safeguards to prevent the misuse of such models and potentially serious harm,” the company stated.
In the cryptocurrency and artificial intelligence communities, Anthropic’s decision has been supported as wise and responsible, though some experts have expressed concerns about a potential slowdown in global AI development and the emergence of “exclusivity” in access to such technologies.
Amid new risks associated with Mythos Preview, leaders in the U.S. financial sector have already held emergency meetings with Wall Street banks, warning about the likelihood of new types of cyberattacks. Additionally, Anthropic announced a closed briefing for the Financial Stability Board (FSB), which brings together central banks and regulators from G20 countries, to assess the risks arising from the implementation of Claude Mythos Preview.