Anthropic has just announced the first results from the Glasswing Project, a research program to protect critical software from the risk of AI exploiting security vulnerabilities.
According to Anthropic, the AI network security model named Claude Mythos has detected more than 10,000 software vulnerabilities with high or extremely serious levels in just one month.
This information is reinforcing the notion that AI can now detect security vulnerabilities at speeds far beyond human processing and patching capabilities.
According to Anthropic, Claude Mythos is an unpublicized AI model, developed specifically for cybersecurity missions. During the testing phase, many partners participating in the project recorded a sharp increase in the number of security vulnerabilities detected compared to before.
One of the prominent partners is Cloudflare Technology Company. This business said it has detected about 2,000 vulnerabilities on key systems, of which 400 vulnerabilities were assessed as serious or highly dangerous.
Cloudflare's technical team believes that the warning error rate of Mythos is lower than many traditional manual testing methods.
Meanwhile, non-profit technology organization Mozilla said they found and fixed 271 security vulnerabilities on Firefox 150 when testing Mythos Preview. This number is about 10 times higher than the number of errors they detected in Firefox 148 using the Claude Opus 4.6 model before.
In a test with a partner bank, this system was said to have successfully prevented a fraudulent money transfer transaction worth 1.5 million USD in real time.
For open source projects, Anthropic said they used Mythos Preview to scan over 1,000 projects considered to be the foundation of most of the internet today. From these projects, AI discovered about 6,202 vulnerabilities with high or extremely serious levels.
To verify accuracy, Anthropic collaborated with six independent security research companies to evaluate 1,752 detected vulnerabilities. The results showed that about 90.6% were accurate warnings and 62.4% were confirmed as highly serious or extremely serious.
However, the too fast error detection speed of AI is also creating great pressure for the software development community.
Anthropic said that the current vulnerability handling process is quite complex. After AI detects an error, experts must verify authenticity, assess the level of danger, check for patches and send detailed reports to the relevant software development team.
Many open source projects are said to be overloaded by a large number of error reports created by AI. Some software management groups even suggested that Anthropic reduce the speed of reporting so that they have enough time to develop and deploy security patches.
According to the company's statistics, on average, each serious vulnerability takes about two weeks to fix.
To date, Anthropic has reported 530 serious vulnerabilities, of which only 75 have been completely patched and 65 have issued public security warnings. In addition, there are still 827 other vulnerabilities waiting to be announced.
