Anthropic has published the first results from Project Glasswing, a cybersecurity initiative that gives selected partners access to Claude Mythos Preview for finding vulnerabilities in critical software. According to the company, roughly 50 organizations used the model in its first month and identified more than 10,000 high- or critical-severity vulnerabilities.

Anthropic frames this as a major shift for cybersecurity. The bottleneck used to be finding new bugs. Now, the harder problem is verifying, disclosing and patching the volume of vulnerabilities AI can surface. Cloudflare reportedly found about 2,000 bugs, including 400 high- or critical-severity issues, while several partners saw vulnerability discovery rates rise by more than 10 times.

Anthropic also scanned more than 1,000 open-source projects. Mythos Preview identified 23,019 total potential issues, including 6,202 high- or critical-severity findings. After part of the sample was reviewed by independent security researchers, 90.6% of assessed cases proved to be valid true positives.

The model is still not publicly available. Anthropic says no organization, including itself, has yet built safeguards strong enough to prevent misuse of such cyber-capable systems. For now, the company is expanding access through controlled partnerships with major companies and government-linked organizations.