Project Glasswing and the Discovery
Anthropic has revealed that its Project Glasswing, which went live last month, has already uncovered more than 10,000 high- or critical-severity vulnerabilities in widely used, systemically important software. The project grants a small group of about 50 partners exclusive early access to Claude Mythos Preview, a frontier AI model designed to autonomously identify security flaws in widely deployed code before malicious actors can exploit them.
Among the findings, 6,202 vulnerabilities affect over 1,000 open-source projects. Subsequent validation efforts confirmed 1,726 as true positives, with 1,094 rated high or critical severity. One notable flaw found in WolfSSL could allow an attacker to forge certificates and impersonate a legitimate service. So far, 97 findings have been patched upstream, and 88 advisories have been released.
Impact and Implications
Anthropic noted that the relative ease of finding vulnerabilities compared with the difficulty of fixing them remains a major cybersecurity challenge. The company emphasized that confronting this challenge successfully will make software far safer. The development coincides with a broader trend of software vendors shipping more patches than ever, driven by a surge in AI-assisted vulnerability discovery.
The autonomous offensive security platform XBOW described Claude Mythos Preview as a major advance, substantially better than prior models at finding vulnerability candidates and adept at analyzing source code with a security mindset. Recent analyses also show the model excels at turning vulnerabilities into end-to-end attack chains, highlighting the dual edge of AI in cybersecurity.
Source: The Hacker News
