Anthropic published an initial update on Project Glasswing on May 22, 2026. The headline: in its first month of operation, Claude Mythos Preview found more than 10,000 high- or critical-severity zero-day vulnerabilities across the world's most widely deployed software.

That number needs context. The context makes it more interesting, not less.

Project Glasswing launched April 7, 2026 as a controlled research initiative pairing Claude Mythos Preview — Anthropic's unreleased frontier model — with 12 launch partners: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, plus more than 40 additional organizations maintaining critical software infrastructure. The goal was straightforward: use Mythos to find vulnerabilities in critical software before adversaries do. Access costs $25 per million input tokens and $125 per million output tokens, with $100 million in model credits committed by Anthropic to cover participants throughout the research preview.

What Mythos found in one month was, by any benchmark I know of, extraordinary.

Source spread

• Anthropic — Project Glasswing initial update — safety. Primary source with named partner results, specific CVEs, and the remediation status as of May 22.
• The Hacker News — safety. Technical framing on what "zero-day" means in this context; neutral on Anthropic's role.
• The Ringer — skeptic. Raises the dual-use question: a model that finds these vulnerabilities at scale can also be turned toward exploiting them.
• Forrester — academic. Second-order consequences the initial coverage missed — insurance market implications, SOC team restructuring, regulatory pressure.

What Glasswing actually found

The partner-specific numbers are the ones worth sitting with.

Cloudflare ran Mythos Preview across their critical-path systems and found 2,000 bugs, 400 of which are high- or critical-severity, with a false positive rate their team described as better than human testers. Mozilla found and fixed 271 vulnerabilities in Firefox 150 — more than ten times the number identified in Firefox 148 using Claude Opus 4.6.

That Firefox comparison is the number I keep coming back to. Ten times. Same task type. Different model. If that differential persists across security audits generally, it is not a capability improvement — it is a category change. You are no longer doing the same thing faster. You are doing a fundamentally different volume of the same thing, with different implications for every downstream process that depends on bug counts being manageable.

Anthropic also directed Mythos Preview to scan over 1,000 widely used open-source projects. Among the confirmed findings: CVE-2026-5194, a critical flaw in the wolfSSL cryptography library allowing forgery of security certificates, which Mythos engineered a working exploit for end-to-end. That's not "found a bug." That's "found a bug, confirmed it was exploitable, and produced a working demonstration."

The bottleneck nobody is writing about

Here is the uncomfortable part of the initial update. As of May 22, 2026, of the 1,596 findings reported to open-source software maintainers, 1,451 have been acknowledged — but only 97 have been patched upstream, and 88 security advisories have been published.

That's a 6% patch rate on acknowledged findings.

Claude Mythos found bugs faster than the open-source community can fix them. This is not a criticism of open-source maintainers. It's a structural observation. Most critical open-source projects are maintained by a small number of people who are not working full-time on security patches. When an AI system delivers 10x more vulnerability findings than they've seen in a typical year, in a single month, the bottleneck shifts immediately from discovery to remediation.

This is a genuinely new problem. Prior to systems like Mythos, the limiting factor in security research was finding the vulnerabilities. The patch queue was long, but it was roughly matched to the rate of discovery. AI-driven discovery at this scale breaks that match. The queue grows faster than it can be drained, and the window in which unpatched known-but-not-yet-public vulnerabilities exist gets longer, not shorter.

Further reading

• Anthropic — Project Glasswing: An initial update — the primary source; read the remediation status section specifically
• Anthropic — Project Glasswing — background, partner list, and access information
• Claude Mythos Preview announcement — the model's security-specific capabilities and the launch context
• The Ringer — Could Claude Mythos Actually Destroy the Internet? — the dual-use framing
• Forrester — Project Glasswing: The 10 Consequences Nobody's Writing About Yet — second-order effects worth reading before the mainstream coverage catches up