Anthropic’s May 22 Project Glasswing update is one of the strongest signals yet that AI security agents are moving from benchmark discussion into operational vulnerability discovery.
The headline number is large: Anthropic says it and roughly 50 partners used Claude Mythos Preview to find more than 10,000 high- or critical-severity vulnerabilities across important software. The deeper signal is the bottleneck shift. Anthropic argues that progress is now constrained less by finding vulnerabilities and more by verifying, disclosing, and patching the volume of issues AI systems can surface.
What Glasswing changes
Project Glasswing is Anthropic’s collaboration with software and infrastructure partners to find vulnerabilities before similarly capable AI systems can be misused against critical software. The update describes partner findings, open-source scans, independent validation, and the safeguards question around Mythos-class models.
For builders, the notable point is that the security workflow is becoming agentic. A frontier model is not only answering security questions; it is scanning code, generating findings, building exploit evidence, feeding disclosure queues, and forcing human teams to redesign triage and patch operations.
The open-source data
Anthropic says Mythos Preview scanned more than 1,000 open-source projects and estimated 6,202 high- or critical-severity vulnerabilities out of 23,019 total findings. A subset of 1,752 high- or critical-rated findings was assessed by independent security firms or Anthropic. Of those, Anthropic reports that 90.6% were valid true positives, and 62.4% were confirmed as high or critical severity.
That validation rate matters because AI bug reports are already a burden for maintainers. The story is not simply that AI can generate more reports. The important question is whether those reports are reproducible, severe, responsibly disclosed, and practical to patch.
Why it matters
Glasswing points to a near-term security imbalance. AI makes vulnerability discovery cheaper and faster, but patching still depends on human maintainers, enterprise release processes, testing windows, and responsible disclosure timelines. Anthropic says several maintainers are capacity constrained, and some asked the company to slow down disclosures.
This is the part that should matter to engineering leaders. If discovery accelerates faster than remediation, software risk can rise before it falls. Teams will need shorter patch cycles, better dependency visibility, more automated regression testing, clearer vulnerability intake, and stronger controls around AI-assisted security work.
The product signal
Anthropic also says Claude Security is in public beta for Claude Enterprise customers, and that Claude Opus 4.7 has been used to patch more than 2,100 vulnerabilities in three weeks. The commercial direction is clear: model capability is being packaged into security tooling, not left as a research demo.
At the same time, Anthropic says Mythos-class models are not ready for general release because safeguards are not yet strong enough to prevent cyber misuse. That tension is likely to define the next phase of AI security products: defenders need the capability, but broad release increases attacker capability too.
ã.io read
Glasswing is not just a cybersecurity story. It is an agent infrastructure story. Once AI systems can find real vulnerabilities at scale, the durable advantage shifts to workflow quality: triage, provenance, audit trails, permissioning, maintainer coordination, and patch velocity.
The AI security agent market will be judged less by dramatic demos and more by whether it can reduce real exposed risk without flooding maintainers with noise. Glasswing shows both sides of that future arriving at the same time.
ã.io tracks AI systems moving from demos into daily infrastructure.