Anthropic's Project Glasswing uncovers over 10,000 software vulnerabilities using AI

Anthropic’s restricted AI model just did in weeks what human security researchers couldn’t do in decades. Project Glasswing, the company’s cybersecurity coalition, has collectively identified over 10,000 high- and critical-severity software vulnerabilities, including thousands of zero-day flaws that had been lurking undetected in widely used systems for years.

Among the discoveries: a 27-year-old vulnerability in OpenBSD and a 16-year-old bug in FFmpeg. Both had survived every prior round of human code review and automated testing.

What Project Glasswing actually is

Anthropic launched Project Glasswing on April 7, 2026, built around its unreleased frontier model called Claude Mythos Preview. The core idea is straightforward: point an extraordinarily capable AI at critical software infrastructure and let it hunt for security flaws that humans keep missing.

Claude Mythos Preview is so good at finding and exploiting vulnerabilities autonomously that Anthropic decided not to release it publicly. Instead, they formed a coalition of technology and infrastructure companies that get exclusive access to the model strictly for defensive security work.

Anthropic's Project Glasswing uncovers over 10,000 software vulnerabilities using AI

Other newsrooms on this story

Related reading

Anthropic's Project Glasswing uncovers over 10,000 software vulnerabilities…

Project Glasswing identifies over 10,000 critical vulnerabilities in first…

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Anthropic's Project Glasswing Finds 'More Than 10,000' Critical Bugs, Expands…

Anthropic's Claude Mythos found 10,000 critical vulnerabilities in one month.…

Anthropic warns Claude Mythos Preview finds bugs faster than developers can…