AI Finds 10,000 Critical Flaws in a Month, Overwhelming Patch Systems

Anthropic revealed Friday that Project Glasswing, its tightly controlled cybersecurity initiative, has identified more than 10,000 high- or critical-severity vulnerability candidates across some of the world’s most systemically important software since launching just one month ago. Of those, 1,726 have been validated as true positives, with 1,094 confirmed as high- or critical-severity flaws. Yet only 97 have been patched.

That gap tells the real story. Anthropic’s Claude Mythos Preview, a frontier model specifically designed to uncover vulnerabilities in source code, can find flaws at a speed the open-source ecosystem simply cannot match. The 6,202 high- or critical-severity candidates span more than 1,000 open-source projects. Just 88 advisories have been issued. The rate of discovery outpaces remediation by orders of magnitude.

“The relative ease of finding vulnerabilities compared with the difficulty of fixing them amounts to a major challenge for cybersecurity,” Anthropic acknowledged. The company is pressing software developers to shorten patch cycles and deliver security fixes as rapidly as possible. Oracle has already moved from quarterly to monthly patch releases in response. Microsoft has warned that the number of monthly patches it expects to release will “continue trending larger for some time.”

The most striking find so far is a critical flaw in WolfSSL (CVE-2026-5194, CVSS score 9.1), a widely used embedded TLS library. The vulnerability could allow an attacker to forge certificates and impersonate a legitimate service. WolfSSL is deployed across IoT devices, automotive systems, and industrial control environments, where a certificate forgery flaw carries consequences far beyond typical web security.

Glasswing operates through a restricted partnership model. About 50 organizations, which Anthropic describes as the most systemically important cyber defenders, have access to Claude Mythos Preview. The model has not been released to the general public. XBOW, an autonomous offensive security platform, called Mythos Preview “a major advance” that is “substantially better than prior models at finding vulnerability candidates” and “adept at analysing source code with a security mindset.” Cloudflare’s analysis found the model excels at turning individual vulnerabilities into end-to-end attack chains, a capability as useful for defenders building threat models as it is dangerous in the wrong hands.

The defensive applications go beyond vulnerability discovery. In one case, a Glasswing partner bank used Claude Mythos to detect and prevent a fraudulent $1.5 million wire transfer after an attacker breached a customer’s email account and made spoof phone calls. The model identified the fraud pattern before the transfer was executed. The use case illustrates Anthropic’s argument that frontier AI models can provide asymmetric advantages to defenders, but only if access is restricted to organizations mature enough to use them responsibly.

The timing aligns with a broader acceleration in AI-related security disclosures. Cyera’s Claw Chain vulnerabilities in OpenClaw, disclosed earlier this month, showed how attackers can weaponize an AI agent’s own sandbox privileges. Koi Security’s audit of ClawHub found 341 malicious entries among 2,857 available AI agent skills. The pattern is consistent: AI is simultaneously creating new attack surfaces and providing more powerful tools to find flaws in existing ones. The question is which side of the equation moves faster.

Anthropic has launched a Cyber Verification Program that allows vetted security professionals to use Claude without guardrails for legitimate purposes including vulnerability research, penetration testing, and red teaming. OpenAI has introduced a parallel program called Daybreak, which provides similar access to GPT-5.5-Cyber. Neither Mythos Preview nor GPT-5.5-Cyber has been released to the general public due to concerns that adequate safeguards to prevent large-scale misuse do not yet exist.

The competitive dynamic between Anthropic and OpenAI in cybersecurity is intensifying. Both companies are positioning their frontier models as essential infrastructure for national and corporate cyber defense, while simultaneously restricting access to prevent the same capabilities from being used offensively. The dual-use nature of the technology creates a policy challenge neither company has fully resolved. If models with Mythos-level capabilities become broadly available, as Anthropic itself acknowledges is likely in the near future, the current model of restricting access to 50 trusted partners will not hold.

Anthropic’s publicly available Claude models are already among the most capable coding assistants on the market. The gap between what Mythos can do and what the public-facing Claude can do is narrowing with each release. Anthropic is urging organizations to prepare for a world in which these capabilities are widely accessible by hardening network configurations, enforcing multi-factor authentication, and maintaining comprehensive logs for detection and response.

Ten thousand vulnerability candidates in one month from 50 partners using one model. The software ecosystem now has a tool that can find flaws faster than developers can fix them. That is both the promise and the problem. Anthropic calls Glasswing an asymmetric advantage for defenders. It is. But asymmetric advantages tend to be temporary, and the clock on this one is already running.