AI Found 10,000 Critical Security Bugs. 75 Are Patched.
Anthropic's AI model flagged 23,000 vulnerabilities in software you use every day. Security firms confirmed 1,587 are real. Seventy-five have been patched.

Anthropic published results from Project Glasswing last week. Their unreleased frontier model, Claude Mythos Preview, scanned more than 1,000 open-source software projects and flagged 23,019 potential vulnerabilities. Independent security firms reviewed a portion of those and confirmed 1,587 are real, high- or critical-severity flaws. Seventy-five have been patched.
That gap is the story.
Project Glasswing is a controlled initiative, running since April, that gives about 50 vetted partner organizations access to Claude Mythos Preview specifically for defensive security work. The partners include some of the most important infrastructure companies on the internet. Cloudflare found 2,000 bugs across their critical systems. Mozilla found more than ten times as many vulnerabilities in Firefox 150 as they found in Firefox 148 using the previous generation of Claude. Palo Alto Networks shipped five times its normal patch volume in its most recent release.
The numbers are striking. The dynamic underneath them is more interesting.
Open-source software is not a niche category. It is the foundation of nearly everything you interact with digitally: your browser, your operating system, the payment processing your customers use, the tools your developers build on. When Anthropic scanned open-source projects, they weren't scanning some distant corner of the technology landscape. They were scanning the shared infrastructure most of the business world runs on.
Anthropic said it directly in their update: progress on software security used to be limited by how quickly we could find new vulnerabilities. Now it's limited by how quickly we can verify, disclose, and patch what AI finds.
That's the whole constraint moving, not an incremental improvement to the existing process.
The human side of this is worth understanding. Open-source software is often maintained by volunteers, people who do critical infrastructure work in their spare time or as a small portion of their jobs. Several of those maintainers asked Anthropic to slow down sending bug reports. Not because they don't want the findings. Because they cannot process disclosures faster than they're arriving. A high- or critical-severity bug found by Mythos Preview takes an average of two weeks to patch once it's confirmed. The AI finds them in the time it takes to run a scan.
The math doesn't work yet. Anthropic is holding nearly 900 confirmed high-severity vulnerabilities waiting to be disclosed once maintainers have capacity to act on them.
For any business running software, the practical implication is simple: update aggressively right now. This is an unusual moment where the volume of patches landing is genuinely higher than normal across major vendors, driven by exactly this dynamic. Microsoft has flagged that its monthly patch releases will "continue trending larger for some time." Oracle shifted to monthly security cycles because of the same pressure. The window between a patch being available and it being deployed is where attackers operate. Shortening that window is the one thing within reach for most organizations right now.
The broader pattern is worth naming because it will keep showing up. When AI accelerates one part of a process, the bottleneck doesn't disappear. It moves. In security, finding vulnerabilities was the bottleneck for decades. Now it's human review, triage, disclosure logistics, and patch development. The same shift happens in any domain where AI takes over the discovery or drafting phase: suddenly the constraint is judgment, decision-making, and action. AI produces output faster than organizations have built capacity to evaluate and act on it.
That's not a security-specific problem. It's an organizational one.
One more thing worth noting. Anthropic is holding Mythos Preview back from public release because, as they put it, no company including themselves has developed safeguards strong enough to prevent its misuse. That's a rare kind of institutional candor. The model exists. The capability exists. The question of who gets access and under what conditions is unsolved.
A model that can autonomously find and exploit critical vulnerabilities in every major operating system, restricted to 50 vetted partners while the security ecosystem tries to keep pace, is a governance problem as much as a technical one. How that gets resolved, and how quickly, will determine whether the next phase of this looks more like defense or offense.
Free: AI Readiness Checklist
Find out if your business is ready for AI automation. 10 questions, 2 minutes.