Anthropic has released its first major update on Project Glasswing, a restricted, security-focused collaboration under which the artificial intelligence (AI) startup provided access to its powerful new AI model, Mythos Preview. The company revealed in its initial findings that the model has already uncovered more than 10,000 high- or critical-severity vulnerabilities across widely used software systems.
Initial Findings and Partner Success
According to Anthropic, after one month, most partners have each found hundreds of critical- or high-severity vulnerabilities in their software. Collectively, they have discovered more than ten thousand. Several partners have reported that their rate of bug-finding has increased by more than a factor of ten. For instance, Cloudflare found 2,000 bugs, 400 of which are high- or critical-severity, across their critical-path systems. Cloudflare's team considers the false positive rate better than that of human testers.
The volume of data generated has flipped the traditional security paradigm. The bottleneck in cybersecurity is no longer the difficulty of finding dangerous software bugs, but rather the limited capacity of human engineers to process, verify, and patch them. Anthropic stated that models with similar cybersecurity skills to Mythos Preview will soon be more broadly available, emphasizing the need for a larger effort across the software industry to manage the volume of findings these models will generate.
Increased Bug-Hunting Scale
Over the past several weeks, Anthropic granted limited access to Mythos Preview to roughly 50 handpicked partner organizations, including top-tier tech companies and independent research firms. The AI model was deployed to scan more than 1,000 open-source software projects. During this initial trial, it flagged an estimated 6,202 high- or critical-severity vulnerabilities.
To verify the accuracy of the AI, outside experts stepped in. Independent security research firms reviewed a subset of 1,752 of these critical flags, finding that 90.6% of the bugs flagged by Mythos were legitimate vulnerabilities. Furthermore, 62.4% were validated as genuinely high or critical risks.
Real-World Data from Partners
The real-world data from Anthropic's corporate partners highlights the model's disruptive capabilities. Cloudflare reported that internal testing with Mythos uncovered roughly 2,000 software bugs, including 400 classified as high or critical severity. Crucially, Cloudflare noted that the AI engine produced significantly fewer false positives than conventional, human-led penetration testing.
Mozilla utilized Mythos Preview to inspect its web browser code, successfully identifying and fixing 271 vulnerabilities in Firefox 150. Mozilla contrasted these results against earlier diagnostic runs using Anthropic's legacy model, Claude Opus 4.6, concluding that the new Mythos architecture is vastly more effective at hunting deep-seated code errors.
Industry Challenges Ahead
However, Anthropic's prowess also highlighted another limitation. While the technology represents a massive leap forward for digital defense, Anthropic warned that the industry is currently unprepared for an era where AI can find tens of thousands of flaws in seconds. Currently, there is often a long lag between the discovery of a vulnerability, the creation of a patch for it, and the time when the patch is widely deployed by end users. Without a massive structural overhaul in how software maintenance teams operate, the volume of automated findings risks overwhelming IT departments.
The TOI Tech Desk is a dedicated team of journalists committed to delivering the latest and most relevant news from the world of technology to readers of The Times of India. The coverage spans gadget launches, reviews, trends, in-depth analysis, exclusive reports, and breaking stories that impact technology and the digital universe. Whether it is how-tos or the latest happenings in AI, cybersecurity, personal gadgets, or platforms like WhatsApp, Instagram, and Facebook, the TOI Tech Desk brings news with accuracy and authenticity.
