Anthropic — Glasswing discovers 10,000+ zero-days, only 97 patched so far

• Anthropic published the initial update for Project Glasswing, revealing that Claude Mythos Preview found over 10,000 high- and critical-severity zero-day vulnerabilities in its first month.
• 23,019 candidate findings were generated; external security firms reviewed 1,900 and confirmed 1,726 (90.8%) as valid true positives — a false-positive rate that outperforms human testers.
• Despite 1,596 vetted findings reported directly to maintainers, only 97 vulnerabilities have been patched to date, yielding just 88 published security advisories.
• The discovery-to-patch ratio is roughly 100:1, exposing a structural bottleneck: volunteer open-source maintainers cannot process the volume of AI-discovered vulnerabilities.
• Notable discovery: CVE-2026-5194 in wolfSSL, where Mythos Preview engineered an exploit enabling certificate forgery that could spoof banking or email domains.
• Cloudflare reported 2,000 bugs including 400 high/critical severity from the model; Mozilla found and patched 271 Firefox vulnerabilities — 10× more than prior Claude Opus 4.6 testing.
• The UK's AI Security Institute observed Mythos Preview as the first model to fully solve multistep cyberattack simulations.
• Mythos remains restricted to a defensive consortium of ~50 partners (Microsoft, Apple, Google, Cloudflare, Cisco); no public release date announced.
• Anthropic launched Claude Security (public beta, Opus 4.7) for enterprise clients, which has already assisted in patching 2,100 corporate vulnerabilities in three weeks.
• Cisco open-sourced the Foundry Security Spec to help build AI-assisted evaluation systems for managing the vulnerability data pipeline.

Why it matters

AI vulnerability discovery has decoupled from human patching capacity. When models like Mythos reduce zero-day discovery to near-zero cost while traditional 90-day disclosure windows remain unchanged, the unpatched window becomes dangerously exploitable — especially for AI infrastructure components (model servers, MCP toolchains, RAG backends) that often lag behind mainstream software in patch velocity.

What to do

• Assume AI-discovered vulnerabilities exist in your stack regardless of advisory publication — enforce strict default configurations and MFA everywhere.
• Prioritize behavioral analytics and MTTD reduction over patching alone for systems where upstream fixes lag.
• Monitor the Glasswing CVD dashboard (red.anthropic.com/2026/cvd) for findings relevant to your infrastructure components.

Sources:

• Anthropic — Glasswing Initial Update
• Cyber Security News — Anthropic's Claude Mythos Preview 10,000+ 0-Days
• The Decoder — Anthropic warns Claude finds bugs faster than developers can patch
• Anthropic Coordinated Vulnerability Disclosure Dashboard