AI startup Anthropic has revealed that its experimental cybersecurity-focused AI model has identified more than 10,000 high- and critical-severity software vulnerabilities across widely used open-source systems. The findings emerged through the company’s Project Glasswing initiative, a restricted program designed to test advanced AI systems for defensive cybersecurity operations.
According to Anthropic, the project uses an unreleased model called Claude Mythos Preview, which has been shared with around 50 selected partners including technology companies, researchers, and cybersecurity organizations. The AI system reportedly scanned more than 1,000 open-source software projects and dramatically accelerated the pace of vulnerability discovery. Several participating companies claimed the model increased their bug detection rates by more than ten times compared to traditional security testing methods.
One of the most significant aspects of the project is the scale and severity of the vulnerabilities uncovered. Anthropic stated that thousands of the identified flaws affect critical infrastructure software, operating systems, browsers, and enterprise systems. Reports suggest the AI even discovered decades-old vulnerabilities that had remained undetected for years. Mozilla, one of the participating organizations, reportedly fixed numerous Firefox security flaws identified through AI-assisted scanning during pilot testing.
The company emphasized that the biggest challenge is no longer finding vulnerabilities but fixing them quickly enough. Anthropic noted that software maintainers are struggling to verify, disclose, and patch the rapidly growing number of AI-discovered security flaws. Of the thousands of vulnerabilities flagged by the system, only a small percentage have reportedly been patched so far, highlighting concerns about the growing imbalance between AI-powered vulnerability discovery and human-led remediation efforts.
Cybersecurity experts believe the development represents a major turning point for the software security industry. AI systems are increasingly capable of performing advanced code analysis, exploit generation, and automated vulnerability hunting at a scale that was previously impossible. While many experts see enormous defensive potential in such systems, others warn that similar tools could eventually be misused by malicious actors if safeguards fail or advanced models become publicly accessible.
The announcement has also intensified broader discussions around AI governance and cybersecurity regulation. Anthropic reportedly plans to brief international regulators and security agencies about the implications of AI-driven vulnerability discovery. Industry analysts say the rise of AI-powered security testing may force organizations worldwide to modernize patch management systems, strengthen software resilience, and adopt more automated defensive frameworks to keep pace with increasingly sophisticated AI capabilities.
