Anthropic’s Project Glasswing Turns an Unreleased Claude Mythos Loose on Open Source — and Finds 10,000+ Zero-Days in a Month

Anthropic on May 26 published a progress update on Project Glasswing, the security initiative it runs on Claude Mythos Preview — an unreleased, general-purpose frontier model. In its first month, Anthropic says, the model autonomously discovered more than 10,000 high- and critical-severity zero-day vulnerabilities across the world’s most critical software, scanning over 1,000 open-source projects and surfacing 23,019 total issues, of which 6,202 were rated high or critical.

To guard against AI slop, Anthropic and six independent security firms hand-assessed a sample of 1,752 findings and validated more than 90% as true positives. The standout cases are sobering: Mythos uncovered a 27-year-old vulnerability in OpenBSD, an operating system famous for its security hardening, and a flaw in wolfSSL — a cryptography library embedded in billions of devices — for which it constructed a working exploit that would let an attacker forge certificates and mount convincing phishing attacks. The company says the model found exploitable bugs in every major operating system and every major web browser.

The capability cuts both ways, which is why Anthropic is doing something unusual: refusing to ship the model. “At present, no company — including Anthropic — has developed safeguards strong enough to prevent such models from being misused and potentially causing severe harm,” the company wrote, adding that AI has reached a level of coding skill where it “can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.” Instead of a general release, Mythos is being made available only through Glasswing to a small set of defenders: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, Cloudflare and Mozilla.

The harder problem the update exposes is not discovery but remediation. Finding 10,000 zero-days is only useful if someone patches them, and the open-source maintainers who steward much of this code are already stretched thin — a single volunteer can suddenly be handed a backlog of machine-generated, critical-severity reports with no realistic way to triage them. Anthropic frames Glasswing as a way to get fixes to defenders before the same class of capability lands in an attacker’s hands, but it has effectively demonstrated that the offensive version of this tool is now buildable.

Mythos itself has been circling in the background of Anthropic’s recent news: PixelMind reported on May 25 that Japan’s megabanks were granted access to Claude Mythos after a U.S. Treasury-brokered arrangement. Project Glasswing is the clearest public look yet at what that unreleased model can actually do — and a preview of a security landscape in which the most powerful vulnerability scanner in the world is also the most dangerous, and its owner has decided the safest move is to keep it on a very short leash.