MP Marc Pope Let's Talk
10,000 Critical Flaws Found by AI — Now the Hard Part Begins

10,000 Critical Flaws Found by AI — Now the Hard Part Begins

Anthropic's Project Glasswing used Claude Mythos to find 10,000+ critical vulnerabilities in open-source software — but only 75 have been patched. The bottleneck isn't discovery anymore.

Something changed in April 2026, and I don't think the infrastructure world has fully reckoned with it yet.

Anthropic launched Project Glasswing that month — a collaborative cybersecurity initiative pairing their still-unreleased Claude Mythos Preview model with roughly 50 partner organizations, including AWS, Google, Microsoft, Cloudflare, Mozilla, Palo Alto Networks, NVIDIA, Cisco, CrowdStrike, and the Linux Foundation. The mandate: give Mythos access to critical software and let it hunt for vulnerabilities before the bad guys do.

What happened next needs to be stated plainly: in the first month of the initiative, Claude Mythos identified over 10,000 high- or critical-severity vulnerability candidates across more than 1,000 open-source projects. Independent security firms validated 1,752 of those findings — and 90.6 percent turned out to be genuine vulnerabilities. Of those validated, 62.4 percent were high- or critical-severity.

To put that in operational terms: a single AI model, in roughly 30 days, surfaced more real critical flaws in production open-source code than most security programs see in years.

The wolfSSL Example You Should Know About

Buried in the project's initial disclosures is a finding that should get every infrastructure engineer's attention: CVE-2026-5194, a critical vulnerability in wolfSSL carrying a CVSS score of 9.1.

wolfSSL is an open-source cryptographic library. If the name doesn't ring a bell, that's precisely the problem — it's embedded in IoT firmware, embedded systems, and network appliances at scale. Claude Mythos didn't just identify the flaw. According to Anthropic, the model constructed a working exploit that would let an attacker forge certificates and impersonate a legitimate service. An AI built the proof of concept. The model demonstrated the attack, not just described it.

Certificate forgery at CVSS 9.1 in a library protecting billions of devices is not an abstract threat. That's the kind of thing that enables man-in-the-middle attacks against embedded devices that rarely get patched — routers, sensors, industrial controllers, medical equipment. The downstream exposure from a single wolfSSL flaw is enormous.

The Numbers Don't Lie, But They Do Sting

Let me give you the partner-level breakdown, because the per-company numbers are striking:

  • Cloudflare — 2,000 bugs identified, 400 classified high or critical severity. Mythos's false positive rate was better than human testers.
  • Mozilla — 271 vulnerabilities found in Firefox 150 alone.
  • Palo Alto Networks — shipped five times more patches than usual in their latest release cycle.
  • Microsoft — expecting larger patch volumes "for some time."
  • Oracle — accelerated vulnerability detection and response by multiple times over their prior baseline.

These are not small shops with immature security programs. These are companies that spend hundreds of millions of dollars annually on security. And an AI model running for a month found hundreds to thousands of critical flaws in each of them.

I've run hosting infrastructure long enough to know what a high-volume patch Tuesday looks like. What Mythos is surfacing would overwhelm most security organizations' capacity to respond — and that's the actual story here.

The Bottleneck Has Moved

Here's the operational insight Anthropic buried in their initial update, and it's the sentence that kept me thinking:

"Finding vulnerabilities has become rapid, but patching remains slow. The challenge now is how quickly we can verify, disclose, and patch."

For decades, the security industry's constraint was discovery. Human pentesters are expensive, slow, and can only look at so much code. Static analysis tools have high false positive rates. Bug bounty programs catch things, but sporadically. The hard problem was finding the vulnerabilities.

Project Glasswing erases that constraint. At 90.6 percent true positive rates and thousands of findings per month, discovery is no longer the bottleneck. Remediation is. As of the initial update, 530 high- or critical-severity vulnerabilities had been disclosed to maintainers — and only 75 had been patched and publicly advised. Average patch development time: two weeks.

Do the math: Mythos found 530 critical flaws, disclosed them through coordinated responsible disclosure, and 455 remained open. Against a 90-day disclosure window, maintainers have a two-week development turnaround on average. That sounds manageable until you realize these patches arrive in bursts across thousands of open-source projects, many maintained by single developers or small volunteer teams working nights and weekends.

Arctic Wolf's analysis made a point worth repeating: 76 percent of actual compromises still involve known vulnerabilities with available patches. The disclosure firehose that Glasswing creates doesn't solve the problem of organizations being weeks or months behind on patches they already knew existed.

What This Means If You Run Infrastructure

I want to be direct about the operational implications, because there's a lot of breathless coverage that focuses on the AI angle without landing on what you should actually do differently.

First: your patch cadence needs to shorten. Not "eventually," not "in the next planning cycle." Anthropic is explicitly urging software vendors and operators to compress patch testing and deployment timelines. If you're running a 30-day or 60-day patch cycle, Glasswing-class AI tools — which will not remain confined to a 50-partner coalition indefinitely — will outpace your ability to close windows before attackers can exploit them. Two-week patch deployment should be the target for critical and high-severity findings. For CVSS 9.x, you need a faster lane still.

Second: your open-source inventory matters more than ever. wolfSSL sits in your infrastructure whether you know it or not. Same with OpenSSL dependencies, TLS libraries embedded in third-party appliances, cryptographic primitives in packages two levels deep in your dependency tree. If you don't have a current software bill of materials (SBOM) for your infrastructure, this is the moment to build one. When CVE-2026-5194 advisories drop, you need to know within hours whether you're exposed — not days.

Third: monitoring and visibility are non-negotiable. If an attacker with Mythos-class tooling can forge a wolfSSL certificate and impersonate a legitimate service, certificate transparency log monitoring and anomaly detection on TLS handshakes are what catch it. Full environment visibility — endpoints, network, cloud, identity — matters more as zero-day exploitation timelines compress.

Fourth: start evaluating AI-assisted patching tools now. Anthropic launched Claude Security in public beta for Enterprise customers alongside the Glasswing update. In a three-week test, Claude Opus 4.7 generated patches for 2,100 vulnerabilities. That's not a silver bullet — patches still need human review and testing — but a toolchain that helps maintainers close findings faster directly addresses the remediation bottleneck. If you run or support open-source projects, this is worth evaluating seriously.

The Threat Model Has Changed

I want to be honest about the dual-use dimension here, because anyone working in security has to think about it.

Anthropic has not released Claude Mythos Preview publicly. They're explicit that they haven't done so because the safeguards against misuse aren't adequate yet. The UK AI Security Institute independently tested Mythos and confirmed it's the first model to solve cyber range simulations end-to-end — both discovery and exploitation, not just one or the other. Anthropic is deliberately sitting on that full capability while the defensive partnership matures.

That's a reasonable call. It's also temporary. The capability exists. Other labs are working on the same problem. The question isn't whether AI-driven vulnerability discovery at scale will become widely accessible — it's when. Help Net Security's coverage frames this correctly: the Glasswing update is a warning shot as much as a success story.

I've spent enough time in infrastructure to know that security improvements made in advance of pressure are infinitely cheaper than those forced by breach. The pressure is coming. The wolfSSL CVSS 9.1 flaw, discovered by a model that isn't publicly available, is a preview of what a fully weaponized version of this capability looks like in less careful hands.

Shorten your patch cycles. Know your dependencies. Build your SBOM now.

The bottleneck isn't discovery anymore. It's you.

Back to Blog