Read, Watch or Listen

United States-based AI company Anthropic has disclosed that its new cybersecurity initiative, Project Glasswing, used its specialized Claude Mythos model to conduct one of the largest automated security audits yet performed by a large language model. Launched last month with a cohort of 50 cybersecurity partners, the project used the frontier AI system to scan widespread, widely used open-source codebases and identified more than 10,000 potential security vulnerabilities in critical software systems worldwide. Data released by Anthropic shows that 6,202 of the initially flagged issues were categorized as high- or critical-severity flaws, and subsequent verification confirmed 1,726 of these as true positive vulnerabilities. Among the validated findings, 1,094 were assessed as posing high or critical risks to global infrastructure and essential software components across more than 1,000 distinct open-source projects. United States security researchers working with Anthropic report that Project Glasswing was designed to address systemic software weaknesses by giving security teams a specialized interface to the Claude Mythos model, which is tuned to analyze massive codebases for flaws that conventional manual audits might miss. Anthropic stated that the initiative aims to support faster and more efficient patching cycles by surfacing serious issues in standard software libraries and the broader software supply chain. The company and its partners are now transitioning into a remediation phase, coordinating with maintainers to deploy patches for the confirmed vulnerabilities. Anthropic has not yet released a full list of affected software packages, saying it will withhold detailed names to reduce the risk that malicious actors exploit the flaws before security updates are in place.

Prepared by Jonathan Pierce and reviewed by editorial team.