Final month, we launched Project Glasswing, our collaborative effort to safe the world’s most important software program earlier than more and more succesful AI fashions could be turned in opposition to it.
Since then, we and our roughly 50 companions have used Claude Mythos Preview to seek out greater than ten thousand high- or critical-severity vulnerabilities throughout essentially the most systemically necessary software program on the planet. Progress on software program safety was once restricted by how rapidly we may discover new vulnerabilities. Now it’s restricted by how rapidly we are able to confirm, disclose, and patch the massive numbers of vulnerabilities discovered by AI.
On this publish, we focus on what we’ve discovered about this vital problem for cybersecurity within the first weeks of Challenge Glasswing. We give attention to the early public proof of Mythos Preview’s efficiency, on the preliminary outcomes of our effort to scan hundreds of open-source software program tasks, and on what this progress means for cyberdefenders immediately. We additionally cowl what to anticipate subsequent from Challenge Glasswing, and the way we’re serious about releasing Mythos-class fashions sooner or later.
Our early outcomes
Our strategy to discussing Mythos Preview’s findings
The software program trade’s longstanding conference is to reveal new vulnerabilities 90 days after they’re found (or, if a patch is created earlier than the 90 days is up, round 45 days after the patch turns into out there). This permits time for finish customers to replace their software program earlier than a vulnerability could be exploited by attackers. Our personal Coordinated Vulnerability Disclosure policy takes this strategy.
Nonetheless, which means disclosed vulnerabilities are a lagging indicator of the accelerating frontier of AI fashions’ cyber capabilities: we’re not but on the level the place we are able to totally element our companions’ findings with Mythos Preview with out placing finish customers in danger. As an alternative, we offer illustrative examples of the mannequin’s efficiency, together with combination statistics on our progress thus far. As soon as patches for the vulnerabilities that Mythos Preview has found are broadly deployed, we’ll present far more element about what we’ve discovered.
Proof from our companions and exterior testers
Challenge Glasswing’s preliminary companions construct and preserve software program that’s elementary to the functioning of the web and different important infrastructure. Fixing flaws of their code reduces danger for the numerous different organizations that depend on it, and subsequently reduces danger for billions of finish customers.
After one month, most companions have every discovered a whole bunch of critical- or high-severity vulnerabilities of their software program. Collectively, they’ve discovered greater than tens thousand. A number of have informed us that their fee of bug-finding has elevated by greater than an element of ten. For example, Cloudflare has discovered 2,000 bugs (400 of that are high- or critical-severity) throughout their critical-path programs, with a false constructive fee that Cloudflare’s group considers higher than human testers.
This tallies with exterior testers’ expertise of Mythos Preview’s efficiency, and with latest further evaluations of the mannequin:
- The UK’s AI Safety Institute reports that Mythos Preview is the primary mannequin to resolve each of their cyber ranges (simulations of multistep cyberattacks) finish to finish;
- Mozilla found and fixed 271 vulnerabilities in Firefox 150 whereas testing Mythos Preview—over ten occasions greater than they present in Firefox 148 with Claude Opus 4.6;
- XBOW, an impartial safety platform, reports that Mythos Preview is a “vital step up over all current fashions” on its internet exploit benchmark, and supplies “completely unprecedented precision” on a token-for-token foundation;
- ExploitBench and ExploitGym, two lately launched tutorial benchmarks for measuring fashions’ exploit growth capabilities, present Mythos Preview because the strongest performer. We focus on what these benchmarks inform us concerning the mannequin in additional element on our Frontier Red Team blog.
Extra typically, we’re now seeing that patched software program is being rolled out far more rapidly. The most recent Palo Alto Networks launch included over five times as many patches as common. Microsoft has reported that the variety of new patches they’ll launch will “proceed trending bigger for a while.” And Oracle is discovering and fixing vulnerabilities throughout its merchandise and cloud multiple times faster than earlier than.
Mythos Preview has additionally proved helpful for different kinds of safety work. For instance, at one in every of our Glasswing companion banks, Mythos Preview helped to detect and stop a fraudulent $1.5 million wire switch after a risk actor compromised a buyer’s e mail account and made spoof cellphone calls.
Open-source software program
For the previous couple of months, Anthropic has used Mythos Preview to scan greater than 1,000 open-source tasks, which collectively underpin a lot of the web—and far of our personal infrastructure.
To this point, Mythos Preview has discovered what it estimates are 6,202 high- or critical-severity vulnerabilities in these tasks (out of 23,019 in complete, together with these it estimates as medium- or low-severity).
1,752 of these high- or critical-rated vulnerabilities have now been rigorously assessed by one in every of six impartial safety analysis companies, or in a small variety of instances by ourselves. Of those, 90.6% (1,587) have proved to be legitimate true positives, and 62.4% (1,094) have been confirmed as both high- or critical-severity. That implies that even when Mythos Preview finds no additional vulnerabilities, at our present post-triage true-positive charges, it’s on monitor to have surfaced practically 3,900 high- or critical-severity vulnerabilities in open-source code—along with these it has discovered for Challenge Glasswing’s companions. To be clear, we intend to proceed scanning open-source code for a while, so we anticipate this quantity to rise.
One instance of an open-source vulnerability that Mythos Preview detected was in wolfSSL, an open-source cryptography library that’s identified for its safety and is utilized by billions of units worldwide. Mythos Preview constructed an exploit that might let an attacker forge certificates that might (as an illustration) enable them to host a pretend web site for a financial institution or e mail supplier. The web site would look completely reputable to an finish consumer, regardless of being managed by the attacker. We’ll launch our full technical evaluation of this now-patched vulnerability (assigned CVE-2026-5194) within the coming weeks.
As we famous above, the bottleneck in fixing bugs like these is the human capability to triage, report, and design and deploy patches for them. Discovering them within the first place has turn out to be vastly extra easy with Mythos Preview. We’ve created a dashboard of the open-source vulnerabilities we’ve scanned, beneath, which reveals the completely different steps in our disclosure course of and can monitor our progress over time. This reveals vulnerabilities of all severity ranges, quite than solely the subset initially assessed as high- or critical-severity by Mythos Preview. Observe the steep drop-off at every part, reflecting the quantity of human effort required to confirm and repair every of the vulnerabilities.
Our course of for triaging vulnerabilities is intensive. First, we or one of many exterior safety companies we work with reproduce the problem that Mythos has discovered and re-assess its severity. As soon as we’ve confirmed {that a} vulnerability is actual, we verify for whether or not there are already fixes in place, and write an in depth report back to the software program’s maintainers. We take appreciable care right here: on high of the common challenges of sustaining open-source software program, maintainers have been dealing with a deluge of low-quality, AI-generated bug stories. Certainly, a number of maintainers have informed us they’re at present severely capability constrained, and a few have even requested us to decelerate our fee of our disclosures as a result of they want extra time to design patches. (On common, a high- or critical-severity bug discovered by Mythos Preview takes two weeks to patch.)
On maintainers’ request, we generally disclose bugs straight, with out additional evaluation. We’ve now reported 1,129 such unvetted bugs, of which Mythos Preview estimated that 175 have been high- or critical-severity.
We estimate that we’ve disclosed 530 high- or critical-severity bugs to maintainers to date. That is primarily based on Claude’s evaluation of severity within the case of direct disclosures, and maintainers’ or our safety companions’ evaluation the place out there. There are an additional 827 confirmed vulnerabilities (estimated as high- or critical-severity in the identical method) that we’re aiming to reveal as rapidly as attainable.
75 of the 530 high- or critical-severity bugs we’ve reported have now been patched, and 65 of these have been given public advisories. The variety of patches remains to be comparatively low for 3 causes. First, we’re nonetheless early within the 90-day window that’s set out in our Coordinated Vulnerability Disclosure coverage: we anticipate many extra patches to land quickly. Second, we’re more likely to be undercounting patches as a result of some vulnerabilities are patched with out a public advisory: in these instances, we’re reliant on scanning for the patches ourselves utilizing Claude. Third, the low quantity of patches displays a real downside: even at our comparatively sluggish tempo of disclosures, Mythos Preview is including to an already-overloaded safety ecosystem.
The relative ease of discovering vulnerabilities in contrast with the issue of fixing them quantities to a serious problem for cybersecurity. Confronting this problem efficiently will make our software program far safer than earlier than. Under we focus on some ways in which cyber defenders can adapt.
Adapting to a brand new part of cybersecurity
Fashions with related cybersecurity expertise to Mythos Preview will quickly be extra broadly out there. There’s a clear want for a bigger effort throughout the software program trade to handle the amount of findings that these fashions will generate.
Presently, there’s typically an extended lag between the invention of a vulnerability, the creation of a patch for it, and the time when the patch is broadly deployed by finish customers. This leaves open a big window for attackers to use vital software program. Mythos-class fashions considerably shrink the time and price required to seek out and exploit vulnerabilities, magnifying the danger related to these time lags. In the end, Mythos-class fashions will allow builders to construct far safer software program by catching bugs earlier than they’re deployed. However this interim interval—whereas vulnerabilities are being quickly found and slowly patched—presents new dangers.
Software program builders and customers ought to act now to scale back their publicity to those dangers. The recommendation beneath shouldn’t be new, and plenty of researchers (together with at Anthropic) are at present engaged on higher and extra sturdy options. Within the meantime, it’s necessary to get the fundamentals proper:
- Software program builders ought to shorten their patch cycles and make safety fixes out there as rapidly as attainable. The considerate use of publicly-available AI fashions will help right here; we’re constructing instruments and sharing our analysis to assist this (extra particulars beneath). Builders must also assist their customers keep up-to-date with their software program by making it as straightforward as attainable to put in updates; to the extent possible, they need to be extra persistent with customers who’re nonetheless operating software program with identified vulnerabilities.
- Community defenders ought to shorten their patch testing and deployment timelines. The vital controls laid out by organizations just like the National Institute of Standards and Technology and the UK’s National Cyber Security Centre at the moment are all of the extra necessary, since they enhance safety with out relying on any single patch touchdown in time. These embody steps like hardening networks’ default configurations, implementing multi-factor authentication, and maintaining complete logs for detection and response.
Instruments for cyberdefence with publicly out there AI fashions
Many generally-available fashions can already discover massive numbers of software program vulnerabilities, even when they will’t discover essentially the most subtle vulnerabilities or exploit them as successfully as Claude Mythos Preview. Challenge Glasswing has already spurred many different organizations to take motion on their very own codebases with these generally-available fashions; we’re working to make this a lot simpler to do.
To start, we’ve launched Claude Security in public beta for Claude Enterprise prospects. It’s a software that helps groups scan their codebases for vulnerabilities, and which might generate proposed fixes for them. Within the three weeks since launch, Claude Opus 4.7 has been used to patch over 2,100 vulnerabilities. (That is sooner than the open-source patching described above largely as a result of enterprises are fixing their very own code, whereas open-source fixes normally require volunteer maintainers who work via coordinated disclosure.)
We’ve additionally begun our Cyber Verification Program, which permits safety professionals utilizing our fashions for reputable cybersecurity functions (reminiscent of vulnerability analysis, penetration testing, and red-teaming) to take action with out sure safeguards designed to forestall cyber misuse.
Now, we’re making the instruments that we and our companions have used with Mythos Preview out there to qualifying prospects’ safety groups on request. Our intention is to make it a lot simpler to get the very best efficiency out of extremely succesful public fashions with out intensive setup. This launch consists of:
- The skills (customized directions for repeated work) that we and our companions have constructed and shared;
- A harness that helps Claude map the codebase, spin up scanning subagents, triage its findings, and write stories;
- A risk mannequin builder, which maps a codebase to establish potential targets for assault and prioritizes the mannequin’s work accordingly.
Cisco, one in every of our Challenge Glasswing companions, has additionally lately open-sourced its Foundry Security Spec to assist different defenders construct an analysis system just like the one they use themselves.
Supporting the ecosystem
We’ve fashioned a partnership with the Open Supply Safety Basis’s Alpha-Omega challenge, which can assist the muse’s efforts to help maintainers in processing and triaging bug stories. We’re additionally persevering with to publish analysis into how frontier mannequin capabilities can greatest assist cyberdefenders.
We’ve additionally supported the event of ExploitBench and ExploitGym, the 2 new benchmarks that enable researchers to trace frontier AI fashions’ exploit growth capabilities over time, as we focus on here. We’re supporting the event of different high-quality quantitative benchmarks via our External Researcher Access Program. Lastly, Claude for Open Source helps maintainers and contributors, and we’re committing to scan any open-source bundle that we undertake ourselves sooner or later.
What’s subsequent for Challenge Glasswing
The velocity of AI progress implies that fashions as succesful as Mythos Preview will quickly be developed by many various AI firms. At current, no firm—together with Anthropic—has developed safeguards sturdy sufficient to forestall such fashions from being misused and doubtlessly inflicting extreme hurt. That’s the reason we have now but to launch Mythos-class fashions to the general public. But it surely’s additionally why we started Challenge Glasswing: if a equally succesful mannequin is launched with out such safeguards, it should quickly turn out to be dramatically cheaper and simpler for nearly anybody on the planet to use flawed software program.
Glasswing helps essentially the most systemically necessary cyber defenders achieve an uneven benefit. Nonetheless, there may be an pressing want for as many organizations as attainable to shore up their cyber defences. We hope that our generally-available fashions, and the brand new instruments, assets, and analysis we’re offering to accompany them, will assist these organizations to enhance their cybersecurity posture.
Subsequent, we are going to work with vital companions—together with US and allied governments—to develop Challenge Glasswing to further companions. And within the close to future, as soon as we’ve developed the far stronger safeguards we want, we look ahead to making Mythos-class fashions out there via a basic launch.
On the far facet of those dangers, there’s an encouraging world out there to us: one during which necessary code is hardened much better than it’s immediately, and during which hacking is way much less prevalent. There are numerous obstacles, however we’re nonetheless assured that Challenge Glasswing will help get us there.