Agentic Systems

Project Glasswing: AI Finds 10,000 Vulnerabilities in One Month

AnthropicCybersecurityVulnerability ResearchAI Safety
Added
Link322
Article: PositiveCommunity: NeutralDivisive
Project Glasswing: AI Finds 10,000 Vulnerabilities in One Month

Project Glasswing has utilized the Claude Mythos Preview model to identify over 10,000 critical vulnerabilities in its first month of operation. This surge in discovery has highlighted a major challenge: the human capacity to patch software is now the primary bottleneck in cybersecurity. Anthropic is providing defensive tools to help organizations adapt while delaying the general release of high-capability models to ensure safety.

Key Points

  • Claude Mythos Preview has accelerated vulnerability discovery by over 10x for some partners, finding 10,000+ critical bugs in one month.
  • The primary bottleneck in cybersecurity has shifted from finding vulnerabilities to the human capacity to verify and patch them quickly.
  • Anthropic is scanning open-source software at scale, identifying thousands of critical flaws in infrastructure used by billions of devices.
  • New defensive tools like Claude Security and the Cyber Verification Program are being deployed to help organizations harden their codebases.
  • General release of Mythos-class models is being delayed until stronger safeguards are in place to prevent AI-enabled cyberattacks.

Sentiment

The overall sentiment is mixed and cautiously skeptical. The community generally agrees that AI-assisted vulnerability discovery is becoming powerful and important, but it does not fully accept Anthropic's framing at face value. The most common stance is pragmatic: the capability is real enough to matter, yet the claims need stronger public validation, clearer attribution, and serious attention to the human bottlenecks created by faster discovery.

In Agreement

  • Practitioners report that AI security tools are already useful in real repositories, catching exploitable issues that humans routinely miss.
  • The article's core bottleneck claim resonates: once AI finds flaws quickly, triage, disclosure, prioritization, and patching become the limiting work.
  • Several commenters argue that separate security-focused prompts, agents, and workflows can catch bugs even when similar models are used for code generation.
  • Some participants see the trend as an acceleration of ordinary software maintenance rather than a fundamentally new loop, making AI scanning a natural addition to development practice.
  • Supporters point to reports from major software teams as evidence that frontier models are improving at tracing code paths and surfacing serious vulnerabilities.

Opposed

  • Skeptics argue that Anthropic's claims read like marketing without enough public detail to separate confirmed vulnerabilities from suspected findings.
  • Commenters question whether Mythos is uniquely better than other AI-assisted security approaches, citing public reports where other tools appear to find similar classes of bugs.
  • Some worry that AI vendors have distorted incentives if they profit from both code generation and later security remediation.
  • Several participants argue that the headline results lack clean comparisons, clear false-positive accounting, and enough transparency about model contribution versus human workflow.
  • Others doubt broad model release is being held back only for safety reasons, suggesting compute limits, business strategy, or competitive positioning may also explain access restrictions.