Anthropic's Project Glasswing Finds 'More Than 10,000' Critical Bugs, Expands To Additional Partners

Anthropic shared a sweeping update on Project Glasswing, saying its artificial intelligence-assisted security testing effort has already uncovered "more than 10,000 high-or critical-severity vulnerabilities" across widely used software systems.

Anthropic has been working with roughly 50 partner organizations in a security-focused collaboration called Project Glasswing. The bottleneck is no longer finding vulnerabilities, but handling the human workload required to verify issues, coordinate disclosures with maintainers and deploy patches, the company said in a press release.

Mythos Preview scanned more than 1,000 open-source projects in the past several months, finding what it estimates are 6,202 high- or critical-severity vulnerabilities in these projects; 1,752 of those high- or critical-severity findings have since been reviewed either by six independent security research firms or, in limited cases, by Anthropic itself. Of the reviewed issues, the company said 90.6% were confirmed as legitimate vulnerabilities and 62.4% were validated as high or critical severity, the company stated.

Something went wrong.

Several partner organizations reported that they saw an increase in bug discovery rates after integrating AI into their testing workflows, with some seeing gains of more than 10 times.