Anthropic’s experimental AI model is proving to be a powerful weapon against cyber vulnerabilities. The company reported that Claude Mythos Preview has helped partners find more than 10,000 security flaws in just one month since Project Glasswing launched in April.
The numbers tell a compelling story about AI’s potential in cybersecurity defense. Partners using the unreleased model have increased their bug-finding rate by more than ten times compared to traditional methods. Most partners discovered hundreds of critical or high-severity vulnerabilities in their software systems.
Major tech companies are seeing dramatic results from the AI-powered security scanning. Cloudflare discovered 2,000 bugs, with 400 classified as high or critical severity. Mozilla found and fixed 271 vulnerabilities in Firefox – ten times more than what it discovered using an older Claude model on a previous browser version. Microsoft’s recent warning that patch releases will “continue trending larger for some time” stems directly from bugs uncovered through Mythos Preview.
The scale of vulnerability discovery extends beyond individual companies. Anthropic used Mythos Preview to scan 1,000 open-source projects over recent months, identifying 6,202 high and critical-severity vulnerabilities out of 23,019 total findings. A security research firm recently claimed it used Mythos’ capabilities to breach macOS, an operating system known for tight security controls.
This development represents a significant shift in how organizations approach cybersecurity. Traditional vulnerability scanning often relies on known patterns and signatures, but AI models can identify complex, previously unknown security flaws by analyzing code in ways human researchers might miss. The ten-fold increase in bug discovery rates suggests AI could become essential for maintaining software security as systems grow more complex.
Anthropic isn’t releasing Mythos Preview to the public yet due to safety concerns. The company acknowledges that no organization, including itself, has developed adequate safeguards to prevent misuse of such powerful models. Bad actors could potentially use similar AI capabilities to find vulnerabilities for malicious purposes rather than defensive ones.
The company plans to release “Mythos-class models” once proper safeguards exist. For now, it’s expanding Project Glasswing through partnerships with governments, including the US, which could help repair Anthropic’s relationship with American officials.
Current Project Glasswing partners include:
- Amazon Web Services
- Apple
- Cloudflare
- CrowdStrike
- JPMorganChase
- Microsoft
- Mozilla
- NVIDIA
- Palo Alto Networks
The timing of this security initiative aligns with Anthropic’s broader business momentum. Reports suggest the company, founded in 2021, is approaching profitability for the first time. The Wall Street Journal indicates Anthropic is on track for $10.9 billion in revenue with $559 million in operating profit for the quarter ending in June. However, the company expects profitability to be temporary as it plans major investments in computing resources and other infrastructure.
Project Glasswing highlights AI’s dual nature in cybersecurity – the same technology that can defend systems could potentially be used to attack them. Anthropic’s cautious approach to releasing Mythos Preview reflects growing industry awareness that powerful AI models require careful governance. The collaboration with government partners suggests a coordinated approach to ensuring AI security tools benefit defenders rather than enable new attack vectors.




