CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 23, 2026

Anthropic’s Claude Mythos Preview Uncovers 10,000+ 0-Days in Project Glasswing

Cybersecurity News Archived May 23, 2026 ✓ Full text saved

Anthropic has revealed the staggering initial results of Project Glasswing, a collaborative cybersecurity initiative designed to secure critical infrastructure using advanced AI before malicious actors can exploit it. In its first month, the project leveraged the unreleased Claude Mythos Preview model to autonomously discover over 10,000 high- and critical-severity zero-day vulnerabilities across the world’s most […] The post Anthropic’s Claude Mythos Preview Uncovers 10,000+ 0-Days in Project G

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News Anthropic’s Claude Mythos Preview Uncovers 10,000+ 0-Days in Project Glasswing By Guru Baran May 23, 2026 Anthropic has revealed the staggering initial results of Project Glasswing, a collaborative cybersecurity initiative designed to secure critical infrastructure using advanced AI before malicious actors can exploit it. In its first month, the project leveraged the unreleased Claude Mythos Preview model to autonomously discover over 10,000 high- and critical-severity zero-day vulnerabilities across the world’s most critical software systems. Anthropic partnered with over 50 major technology organizations, including Microsoft, Apple, Google, and Cloudflare, to deploy Claude Mythos Preview against highly targeted codebases. The model has demonstrated an unprecedented ability to not only identify flaws but also construct functional exploits autonomously. Cloudflare reported finding 2,000 bugs, including 400 of high or critical severity, noting that the model’s false-positive rate outperforms human security testers. Claude Mythos Preview Uncovers 10,000+ 0-Days Independent evaluations confirm these capabilities across multiple environments. The UK’s AI Security Institute observed that Mythos Preview is the first model to fully solve its multistep cyberattack simulations, while Mozilla utilized the model to uncover and patch 271 vulnerabilities in Firefox 150, yielding ten times more findings than previous testing with Claude Opus 4.6. Due to the severe dual-use risks associated with these autonomous exploit capabilities, Anthropic has withheld Mythos from public release, restricting its use to defensive consortium members. Beyond proprietary enterprise systems, Anthropic directed Claude Mythos Preview to scan over 1,000 widely used open-source projects. A notable discovery was CVE-2026-5194, a critical flaw in the wolfSSL cryptography library. Mythos Preview successfully engineered an exploit for this vulnerability that allowed for the forgery of security certificates, a vector that could enable attackers to spoof banking or email domains invisibly. The sheer volume of discoveries has exposed a critical structural weakness in the software industry: the human capacity to triage, report, and patch vulnerabilities cannot keep pace with AI-driven discovery. The initial scanning phase yielded 23,019 candidate findings. When 1,900 of these findings were reviewed by external security firms, 1,726 (90.8%) were confirmed as valid true positives. Despite Anthropic reporting a total of 1,596 vetted findings directly to maintainers, only 97 vulnerabilities have been patched upstream to date, resulting in just 88 published security advisories. This massive drop-off highlights the severe capacity constraints faced by volunteer open-source maintainers who are now overwhelmed by high-quality AI vulnerability disclosures. The industry is entering a transitional phase where the traditional 90-day coordinated vulnerability disclosure window poses new risks. Because Mythos-class models reduce the cost and time of zero-day discovery to nearly zero, the lag between discovery and widespread patch deployment offers a highly dangerous exploit window for threat actors. Organizations are urged to move beyond relying solely on patching, adapting their network defenses by enforcing strict default configurations, mandating multi-factor authentication, and utilizing advanced behavioral analytics to reduce the mean time to detect (MTTD) post-breach activity. To support the wider ecosystem while Mythos remains restricted, Anthropic launched Claude Security in public beta for enterprise clients. Utilizing the Opus 4.7 model, this tool has already assisted in patching over 2,100 corporate vulnerabilities. Additionally, Anthropic is supplying its Cyber Verification Program partners with specialized skills, codebase-mapping harnesses, and automated threat model builders to streamline the triage process. According to the initial results report, Anthropic is thinking about releasing Mythos-class models in the future. Furthermore, coalition partners like Cisco have open-sourced resources such as the Foundry Security Spec to help global defenders build robust AI-assisted evaluation systems to manage the coming wave of vulnerability data. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News Splunk Patches Multiple Vulnerabilities that Enable DOS Attacks and Expose Sensitive Data Mythos Preview Builds PoC Exploits in Automated Vulnerability Research Megalodon Malware Compromised 5,500+ GitHub Repos Within 6 Hours Hackers Use Hugging Face to Host Second-Stage Malware for npm Supply Chain Attack Russian Threat Groups Use RDP, VPN, Supply Chain Attacks, and Social Engineering for Initial Access Latest News Cyber Security News World Cup Phishing Campaign Nearly Triples With 203 Unique IP Addresses Cyber Security News Russian Threat Groups Use RDP, VPN, Supply Chain Attacks, and Social Engineering for Initial Access Cyber Security News Hackers Backdoor Popular art-template npm Package to Launch Watering-Hole Attacks Cyber Security News Hackers Use Six-Layer Persistence to Maintain Access on Compromised FreePBX Systems Cyber Security News Hackers Use NF-e Invoice Lures to Deliver Banana RAT Through Malicious Batch Files
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    May 23, 2026
    Archived
    May 23, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗