Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most “systemically” important software across the world since the cybersecurity initiative went live last month.
Project Glasswing is a defensive effort launched by the artificial intelligence (AI) company to secure critical global software infrastructure. It grants a small set of about 50 partners exclusive, early access to Claude Mythos Preview, a frontier model with capabilities to autonomously identify vulnerabilities in widely-used software before bad actors can exploit them.
Of these vulnerabilities, 6,202 have been classified as high- or critical-severity flaws impacting more than 1,000 open-source projects. Subsequent analysis of these vulnerability candidates has identified that 1,726 are valid true positives. As many as 1,094 flaws are assessed to be either high- or critical-severity.
One of the identified weaknesses is a critical flaw in WolfSSL (CVE-2026-5194, CVSS score: 9.1) that could allow an attacker to forge certificates and masquerade as a legitimate service. In all, these efforts have led to 97 findings being patched upstream and 88 advisories being issued.
Source: The Hacker News