AI Flags 10,000+ Critical Flaws, Accelerating Patch Push Worldwide

Anthropic’s Project Glasswing, using Claude Mythos Preview, has identified more than 10,000 high- or critical-severity software vulnerabilities since launch, including 6,202 affecting over 1,000 open-source projects; 1,726 confirmed true positives and 1,094 high/critical. The effort has yielded 97 upstream patches and 88 advisories, with examples like WolfSSL CVE-2026-5194 (CVSS 9.1). The work underscores the gap between discovery and remediation, while defenders credit the tool for preventing fraud (a partner bank blocked a $1.5M wire transfer). Anthropic also launched a Cyber Verification Program for legitimate testing; public, unrestricted access to Mythos-like models remains unlikely amid safeguards. The episode amplifies calls to shorten patch cycles and harden defenses across software supply chains.