Anthropic has shared the first major results from Project Glasswing, a restricted cybersecurity initiative that gives select organisations access to its new AI model, Mythos Preview. The company said the model has already identified more than 10,000 high- or critical-severity software vulnerabilities across widely used systems.

The AI startup said around 50 carefully selected partners, including technology companies and research organisations, were given limited access to the model over recent weeks. Mythos Preview was used to scan more than 1,000 open-source software projects during the trial.

According to Anthropic, the model flagged around 6,202 high- or critical-severity vulnerabilities. Independent security firms later reviewed 1,752 of those findings and confirmed that 90.6% were legitimate vulnerabilities. Around 62.4% were classified as genuinely high or critical risks.

“After one month, most partners have each found hundreds of critical- or high-severity vulnerabilities in their software. Collectively, they’ve found more than ten thousand. Several have told us that their rate of bug-finding has increased by more than a factor of ten. For instance, Cloudflare has found 2,000 bugs (400 of which are high- or critical-severity) across their critical-path systems, with a false positive rate that Cloudflare’s team considers better than human testers,” Anthropic said in a blog post.

Cloudflare reported that the AI system found about 2,000 bugs in its internal software, including 400 severe vulnerabilities. The company also said Mythos generated fewer false alarms compared with traditional human-led testing.

Meanwhile, Mozilla used the AI model to analyse the web browser Firefox’s code and fixed 271 vulnerabilities in Firefox 150. Mozilla said the new Mythos system performed significantly better than Anthropic’s earlier Claude Opus 4.6 model.

Anthropic said the growing scale of AI-powered bug detection is changing cybersecurity. The company warned that human teams may struggle to review and fix the large number of vulnerabilities uncovered by advanced AI systems.

“Currently, there’s often a long lag between the discovery of a vulnerability, the creation of a patch for it, and the time when the patch is widely deployed by end users,” the company wrote.

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!