Anthropic’s AI model, Claude Mythos Preview, has already uncovered more than 10,000 high- and critical-severity software vulnerabilities in just one month. This is not your average bug hunt. It’s a seismic shift in cybersecurity speed and scale.

Project Glasswing, Anthropic’s initiative launched in early April, uses this AI to scan critical infrastructure, open-source projects, cloud platforms, and enterprise software. Around 50 major partners including Cloudflare, Mozilla, Microsoft, Amazon Web Services, Apple, Google, and Palo Alto Networks are onboard.

Cloudflare alone found 2,000 vulnerabilities, including 400 rated high or critical. Mozilla fixed 271 bugs in Firefox 150—ten times more than in previous versions scanned with earlier AI models. Microsoft acknowledged its patch volumes will continue to swell due to Mythos’ findings.

Anthropic also scanned over 1,000 open-source projects, identifying 23,000 vulnerabilities with more than 6,200 classified as high or critical severity. Independent security firms validated over 90 percent of sampled findings, confirming the model’s precision surpasses traditional human-led efforts.

The AI even caught decades-old vulnerabilities—like a 27-year-old remote crash flaw in OpenBSD and a 16-year-old bug in FFmpeg—that had slipped past human eyes. One major vulnerability in wolfSSL, a cryptography library embedded in billions of devices, was patched after Mythos discovered it could let attackers forge digital certificates.

The New Bottleneck: Patching, Not Finding

The real story isn’t just the number of bugs found. It’s the bottleneck that’s shifted downstream. Vulnerability discovery used to be the slowest step. Now, it’s verification, disclosure, patch development, and deployment that limit security progress.

Open-source maintainers have asked Anthropic to slow the pace of disclosures. They need more time to build and test patches. High-severity bugs take around two weeks to fix on average—yet AI is surfacing hundreds every week.

Cloudflare warns that speeding patch releases alone won’t solve the problem. Rushed fixes can introduce new issues if testing and system architecture aren’t robust. This means companies must rethink security workflows and build safer, more resilient systems that can absorb fast-moving fixes.

Enterprises must now integrate patch governance, asset visibility, and rapid deployment into their AI rollout strategies. AI agents increase software complexity and attack surfaces. Faster discovery means defenders must also accelerate mitigation and containment.

Business Impact and Future Outlook

Anthropic’s Project Glasswing is no longer a niche experiment. It’s a wake-up call for software teams and cybersecurity operations worldwide. The technology compresses vulnerability discovery cycles from months or years into weeks.

Companies that can’t keep pace with triage, disclosure, and patching risk losing the security race. The advantage will go to organizations with streamlined processes and strong architectural safeguards.

Anthropic plans to expand Project Glasswing and work with governments to establish safer access to Mythos-class models. They’re also investing millions in compute credits and grants to support open-source security efforts.

This AI-driven vulnerability revolution forces a new cybersecurity reality. Defenders must move faster, patch smarter, and redesign systems to withstand relentless AI-powered bug hunting. Otherwise, the flood of uncovered flaws will overwhelm the slow gears of human response.