# Project Glasswing: AI Found 10,000 Vulns. Patching Is the Hard Part.

> Source: <https://byteiota.com/project-glasswing-anthropic-ai-vulnerabilities-developers/>
> Published: 2026-07-04 11:09:57+00:00

Anthropic’s Project Glasswing just released its first public report, and the number you should care about isn’t 10,000. It’s 16.5. That’s the ratio of critical vulnerabilities Mythos — Anthropic’s unreleased frontier security model — is discovering per day versus the rate open-source maintainers are actually patching them. The AI already found a certificate forgery flaw in the cryptography library running on five billion devices before any human researcher did. The patch shipped three months ago. Whether your stack includes it is another question.

## What Is Project Glasswing?

Launched on April 7, 2026, [Project Glasswing](https://www.anthropic.com/glasswing) is a private security consortium Anthropic built around a simple but uncomfortable premise: AI models are now better at finding exploitable software vulnerabilities than all but the most elite human researchers. The consortium — which includes AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and about 40 more organizations — was given controlled access to Claude Mythos Preview, an unreleased frontier model that Anthropic has deliberately run with fewer safety guardrails than its public models. The explicit goal: find critical flaws in widely used software before adversaries do.

The July 2026 public report — the first Glasswing deliverable — is now out. The numbers are striking. Mythos scanned over 1,000 open-source projects, surfaced 23,019 issues, and flagged 6,202 as high- or critical-severity. Six independent security research firms validated 1,752 of those findings. The true-positive rate: **90.6%**. For context, that is better than the false-positive rates most commercial scanners achieve on trivial checks. This is not a hallucinating chatbot trying its hand at security research.

## The wolfSSL Vulnerability: A Case Study

The clearest illustration of what Mythos can do is [CVE-2026-5194](https://nvd.nist.gov/vuln/detail/CVE-2026-5194), a CVSS 9.1 certificate forgery flaw in wolfSSL. If you don’t recognize the name, your dependencies might still ship it. wolfSSL is the lightweight TLS cryptography library embedded in an estimated five billion devices: IoT sensors, home routers, automotive infotainment systems, industrial controllers, and military hardware.

The flaw itself was subtle. wolfSSL’s signature verification checked whether an ECDSA signature was mathematically consistent but never validated whether the digest was the right size. Mythos identified the gap, then constructed a working exploit demonstrating that an attacker could forge a certificate and impersonate any HTTPS service — a bank, an email provider, a software update server. The fix landed in wolfSSL 5.9.1 on April 8, 2026. If any of your dependencies haven’t updated, the attack surface is still open.

## AI Is Finding Bugs Faster Than Humans Can Fix Them

Glasswing’s findings expose a structural problem the industry hasn’t solved. Mythos and systems like it are now discovering roughly 25 verified critical vulnerabilities per day. Open-source maintainers are patching at about 1.5 per day. That 16.5-to-1 ratio — which security firm Tuskira has been tracking — is [the vulnerability deficit](https://www.helpnetsecurity.com/2026/07/02/open-source-ai-patch-gap/).

Anthropic put it plainly in the Glasswing report: “The relative ease of finding vulnerabilities compared with the difficulty of fixing them amounts to a major challenge for cybersecurity.” NIST CVE submissions were already up 33% year-over-year in Q1 2026, faster than NIST could enrich and publish them. The bottleneck has moved. It is no longer detection. It is remediation capacity — which is a people and workflow problem, not a tooling problem.

Cloudflare’s experience as a Glasswing partner makes this concrete. Cloudflare pointed Mythos at more than 50 of their own repositories and got back 2,000 bug reports, 400 of which were high- or critical-severity. Cloudflare noted that Mythos delivered [“clearer reproduction steps, and less work to reach a fix-or-dismiss decision”](https://blog.cloudflare.com/cyber-frontier-models/) compared to human-generated reports, and that the false-positive rate was better than human testers. The bottleneck wasn’t finding the bugs. It was having the engineers to fix them.

Microsoft went further. The company publicly stated that its patch releases “will continue trending larger for some time” specifically because of Mythos-discovered vulnerabilities. That’s a direct admission that an AI-driven security system is now driving patch cadence for one of the world’s largest software producers. Patch Tuesday is going to get heavier. Factor that into your deployment planning.

## What Developers Should Do Now

The Glasswing public report changes the calculus on OSS security. Here’s what’s actionable:

**Audit for wolfSSL.** Run`grep -r "wolfssl\|wolfSSL" .`

in your dependencies, or check your lockfiles. If you’re on any version before 5.9.1, patch now. This includes transitive dependencies in IoT firmware, embedded SDKs, and containerized applications.**Track Glasswing CVEs.** VulnCheck is[publishing a running tracker](https://www.vulncheck.com/blog/anthropic-glasswing-cves)of CVEs attributed to Glasswing research. Subscribe or check it regularly — expect a significant wave of new CVE disclosures as the 90-day coordinated disclosure windows expire.**Expect larger Microsoft and partner patch cycles.** Microsoft, Cloudflare, and other Glasswing partners are already absorbing Mythos findings into their release cadences. If you depend on their SDKs or infrastructure libraries, your update frequency should match theirs.**Don’t treat this as someone else’s problem.** The 10,000 vulnerabilities Glasswing found are in software that ships inside products. If you maintain open-source dependencies, check whether any of your upstreams are in scope.

The dual-use tension in Glasswing is real — the same Mythos model that found CVE-2026-5194 could, in different hands, exploit it. Anthropic’s answer is a 90-day coordinated disclosure window before public CVE publication. That framework is reasonable, but it only holds if consortium members follow it. The [initial update from Anthropic](https://www.anthropic.com/research/glasswing-initial-update) gives some confidence in the process. The scale of what Mythos can do makes getting that process right non-negotiable.
