Anthropic revealed Friday that its new defensive initiative, Project Glasswing, has already uncovered more than 10,000 high and critical software vulnerabilities in just over a month. The effort is aimed at protecting the digital infrastructure that modern economies, governments, and critical industries increasingly rely on.
At the center of the program is Claude Mythos Preview, an advanced AI model built specifically to identify weaknesses in widely used software before attackers can exploit them. Rather than releasing the capability publicly, Anthropic has limited access to a small group of trusted security partners focused on defending high-value systems and infrastructure.
So far, the project has identified over 6,200 serious vulnerabilities across more than 1,000 open-source projects. Validation efforts confirmed 1,726 legitimate security flaws, including 1,094 rated high or critical severity.
One example is CVE-2026-5194 affecting WolfSSL, a vulnerability with a severity score of 9.1 that could allow attackers to forge certificates and impersonate trusted services. That kind of flaw has implications far beyond developers, potentially affecting secure communications, embedded systems, and sensitive operational environments.
The discoveries have already led to dozens of fixes and published advisories, but the larger issue is becoming increasingly clear:
Finding vulnerabilities is now easier than fixing them.
AI is accelerating software analysis and vulnerability discovery at a pace organizations are struggling to keep up with. Attackers only need one missed patch or overlooked system. Defenders have to secure everything.
From a practical security perspective, this means organizations can no longer treat patching and system maintenance as secondary priorities. Security cannot remain an afterthought added after deployment or delayed because updates are inconvenient.
Microsoft has already indicated patch volumes are expected to rise as AI-assisted discovery improves. Other security researchers involved in testing Mythos Preview noted the model’s ability to chain together multiple smaller issues into realistic attack paths, mimicking how sophisticated adversaries operate in the real world.
In one reported case, a banking partner used the system to help stop a fraudulent $1.5 million wire transfer tied to an email compromise and impersonation attempt.
Anthropic is now urging organizations to shorten patch timelines, harden default configurations, require stronger authentication, and improve logging and monitoring practices. The company also launched a Cyber Verification Program to provide vetted security professionals with controlled access for legitimate testing and defensive research.
What does this mean for regular people and businesses outside the cybersecurity world?
It means attacks are becoming faster, more automated, and more sophisticated because of AI.
It means:
• stronger passwords matter
• MFA matters
• secure home and business networks matter
• awareness of phishing and social engineering matters
The reality is that AI is changing cybersecurity for both defenders and attackers at the same time. Organizations that continue treating security as optional or reactive are going to struggle in an environment where threats evolve faster than ever before.
Strong security isn’t built through panic or hype. It’s built through consistent maintenance, rapid patching, disciplined operations, and refusing to ignore preventable weaknesses.
Like this content? Check out our social media