A month ago, Project Glasswing was an announcement with a lot of potential and not many numbers. The initial update published Thursday provides numbers, and they’re worth sitting with.
In its first month, Anthropic’s Mythos Preview model — distributed to roughly four dozen organizations including Cloudflare, Mozilla, Apple, Google, Microsoft, the Linux Foundation, and AWS — surfaced more than ten thousand high- or critical-severity vulnerabilities across systemically important software. Cloudflare’s share of that total is already a matter of public record; what’s new is the aggregate picture and the results from other partners.
Mozilla is a useful data point because the comparison is clean. Mythos Preview found 271 vulnerabilities in Firefox. That’s more than ten times the count from an earlier Claude Opus 4.6 run against Firefox 148. The underlying code didn’t change that much. The model did. And for open-source projects, where the Glasswing team scanned over a thousand repositories independently, the tool produced 6,202 estimated high/critical findings, of which 1,587 have been triaged as true positives — a 90.6% precision rate against the 1,752 assessed so far.
This is a good precision number for this kind of automated analysis. It’s not perfect, but it’s high enough that the results require serious triage rather than wholesale dismissal.
The New Constraint
Here is the part that deserves attention: of the 530 high/critical findings that have been formally disclosed to open-source maintainers under standard 90-day coordinated disclosure protocols, 75 have been patched, with 65 carrying public advisories. That’s about 14%.
The remaining 86% are sitting in a queue. The vulnerability discovery pipeline can now produce findings at rates that human maintainers were never expected to absorb. Coordinated vulnerability disclosure assumes a trickle — a researcher finds something, contacts the project, a 90-day window gives the maintainer time to understand and fix it. That process was not designed for an input rate measured in thousands per month.
This isn’t a criticism of the program. Getting findings into maintainers’ hands is better than not doing so. But it does mean the current bottleneck in the AI-assisted security workflow isn’t Mythos — it’s the downstream human infrastructure. Maintainers for widely-used open-source projects are often volunteers or minimally staffed teams. A report queue that grows faster than it drains isn’t a solved problem; it’s a new kind of technical debt, except the debt is unpatched exploitable vulnerabilities.
A concrete illustration of what’s at stake: WolfSSL CVE-2026-5194, one of the findings Anthropic has chosen to surface as an example, was a certificate forgery flaw that would allow a convincing fraudulent banking website to pass TLS validation. WolfSSL is a widely embedded TLS library. These are not obscure corner cases.
The Enterprise Side
The enterprise-facing scanner that Glasswing partners deployed internally is moving faster: it has been used to patch over 2,100 vulnerabilities within three weeks of launch. This makes sense. Enterprise teams control their own codebase, their own deployment infrastructure, and their own patch timelines. When Cloudflare gets a Mythos finding against its own internal code, there is no disclosure queue — they just fix it. The speed differential between internal and open-source patching reflects the difference between having organizational control and relying on volunteer maintainers.
Mythos Preview itself remains unreleased to the general public, and Anthropic has been explicit that it will stay that way until stronger containment mechanisms are developed. That’s the right call given what the model can do. The Glasswing update notes that Mythos is capable of identifying and exploiting zero-days in every major operating system and browser when directed to do so — CVE-2026-4747, a 17-year-old stack buffer overflow in FreeBSD’s RPCSEC_GSS handler, is the disclosed example.
The security research community has spent years debating how to handle AI-assisted vulnerability discovery. The Glasswing numbers put real scale on what that conversation is actually about. The finding side of the problem is largely solved. What needs to be built now is the capacity to absorb what the finding side produces.