Anthropic's Claude Mythos AI uncovered more than 10,000 high- or critical-severity software vulnerabilities across globally important platforms [1].
This discovery demonstrates the scale at which artificial intelligence can identify systemic security gaps, potentially shifting the balance between cyber attackers and defenders. By automating the discovery of flaws that human auditors might miss, the initiative aims to secure the digital infrastructure of the modern internet.
The findings were part of Project Glasswing, an initiative that went live in April 2026 [2]. In its first month of operation, the AI scanned software used by about 50 partner organizations worldwide [1]. The scope of the sweep included major operating systems, web browsers, and platforms such as Cloudflare and Mozilla [1].
Anthropic designed the Project Glasswing initiative to accelerate the patching process and strengthen global cyber defenses [1]. The company said the goal is to improve overall software security by identifying critical weaknesses before they can be exploited by malicious actors [1].
The sheer volume of discoveries, exceeding 10,000 critical flaws in just 30 days [3], highlights the persistent fragility of widely used software. The program operates through a collaborative framework with its partners to ensure that vulnerabilities are reported and remediated efficiently [1].
“Claude Mythos AI uncovered more than 10,000 high- or critical-severity software vulnerabilities”
The deployment of Claude Mythos under Project Glasswing signals a transition toward AI-driven proactive defense. While the discovery of 10,000 vulnerabilities reveals a staggering amount of technical debt in global software, the ability to find them at this speed allows developers to patch flaws before they become zero-day exploits. This creates a new baseline for software security where AI is used not just for coding, but as a primary auditing tool.
