Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/Service
Summary
Hide ▲
Show ▼
Anthropic’s Project Glasswing is now showing measurable results: since launching last month, the Claude Mythos Preview-based initiative has uncovered more than 10,000 high- or critical-severity vulnerabilities in widely used software. Anthropic said 6,202 of those candidates affect more than 1,000 open-source projects, with 1,726 validated as true positives and 1,094 assessed as high- or critical-severity; one example is CVE-2026-5194 in WolfSSL (CVSS 9.1), which could let an attacker forge certificates and impersonate a legitimate service. The company said the effort has already led to 97 upstream patches and 88 advisories, and it warned defenders to shorten patch cycles, harden default configurations, enforce multi-factor authentication, and keep comprehensive logs.
Related Happenings
AI coding assistants GhostApproval symlink security flaw
Vulnerability
H score22
First: 09.07.2026 07:27
Last: 09.07.2026 07:27
Sources 1
About this happening:
A **July 8** disclosure identified **GhostApproval**, a **symlink** flaw in **six AI coding assistants** that can redirect approved writes into **~/.ssh/authorized_keys** or **~/....
AI coding assistants GhostApproval symlink security flaw
VulnerabilityAbout this happening: A **July 8** disclosure identified **GhostApproval**, a **symlink** flaw in **six AI coding assistants** that can redirect approved writes into **~/.ssh/authorized_keys** or **~/....
HalluSquatting indirect prompt-injection attack on AI coding assistants
Technical Analysis
H score3
First: 08.07.2026 18:07
Last: 08.07.2026 18:07
Sources 1
About this happening:
Researchers demonstrated **HalluSquatting**, an indirect prompt-injection technique that can push **AI coding assistants** to fetch attacker-controlled resources and execute code....
HalluSquatting indirect prompt-injection attack on AI coding assistants
Technical AnalysisAbout this happening: Researchers demonstrated **HalluSquatting**, an indirect prompt-injection technique that can push **AI coding assistants** to fetch attacker-controlled resources and execute code....
OpenAI ChatGPT Atlas BioShocking fix
Advisory/Mitigation
H score34
First: 01.07.2026 00:50
Last: 01.07.2026 00:50
Sources 1
About this happening:
OpenAI delivered a **working fix** for **BioShocking** in **ChatGPT Atlas**, closing a prompt-injection path that could push an AI browser toward unsafe real-world actions and **c...
OpenAI ChatGPT Atlas BioShocking fix
Advisory/MitigationAbout this happening: OpenAI delivered a **working fix** for **BioShocking** in **ChatGPT Atlas**, closing a prompt-injection path that could push an AI browser toward unsafe real-world actions and **c...
Skills.sh scanner blind spot for externally linked AI agent skills
Security Tool/Service
H score22
First: 23.06.2026 18:16
Last: 23.06.2026 18:16
Sources 1
About this happening:
Security scanners for **AI agent skills**, including those wired into **skills.sh**, cleared a fake skill that hid its real payload behind **stitch-design.ai**, exposing a vetting...
Skills.sh scanner blind spot for externally linked AI agent skills
Security Tool/ServiceAbout this happening: Security scanners for **AI agent skills**, including those wired into **skills.sh**, cleared a fake skill that hid its real payload behind **stitch-design.ai**, exposing a vetting...
OpenAI Daybreak expands with **GPT-5.5-Cyber** and **Codex Security** patch automation
Security Tool/Service
H score14
First: 23.06.2026 17:15
Last: 23.06.2026 17:15
Sources 1
About this happening:
OpenAI expanded **Daybreak** with a full release of **GPT-5.5-Cyber** and updated **Codex Security**, widening AI-assisted patch automation for **verified defenders**. The rollout...
OpenAI Daybreak expands with **GPT-5.5-Cyber** and **Codex Security** patch automation
Security Tool/ServiceAbout this happening: OpenAI expanded **Daybreak** with a full release of **GPT-5.5-Cyber** and updated **Codex Security**, widening AI-assisted patch automation for **verified defenders**. The rollout...
Timeline
-
03.06.2026 14:00 1 articles · 1mo ago
US executive order invites voluntary review of frontier AI models
Legal Policy Action UpdatePresident Donald Trump signed a June 2 executive order that sets up a voluntary framework for developers of covered frontier models to give the US government access for cybersecurity review for up to 30 days before release, while expressly rejecting any mandatory licensing or preclearance requirement. The order directs NSA, CISA, and NIST to build a classified benchmark for determining which models cross the covered threshold and creates an AI cybersecurity clearinghouse led by the Treasury Department. The framework closely echoes Anthropic's Project Glasswing, which gives vetted partners early access to Claude Mythos Preview to scan critical software for vulnerabilities.
Show sources
- Trump Signs Order Inviting Voluntary Review of Frontier AI Models — www.infosecurity-magazine.com — 03.06.2026 14:00
-
23.05.2026 14:55 2 articles · 1mo ago
Anthropic says Project Glasswing found more than 10,000 vulnerabilities
Campaign Scope UpdateAnthropic said Project Glasswing has uncovered more than 10,000 high- or critical-severity vulnerabilities across widely used software since the program launched last month, including 6,202 high/critical flaws affecting more than 1,000 open-source projects, 1,726 validated true positives, 1,094 high/critical flaws, a critical WolfSSL flaw tracked as CVE-2026-5194 with CVSS score 9.1, 97 upstream patches, and 88 advisories.
Show sources
- Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software — thehackernews.com — 23.05.2026 14:55
- AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs — thehackernews.com — 06.06.2026 10:28
-
14.04.2026 12:30 2 articles · 2mo ago
AISI assesses Claude Mythos Preview attack capability
Technical Analysis UpdateThe UK AI Security Institute (AISI) said Anthropic’s Claude Mythos Preview is a step up over previous frontier models and, in controlled evaluations with network access, can execute multi-stage attacks on vulnerable networks and autonomously discover and exploit vulnerabilities. The institute also urged organizations to strengthen cybersecurity basics, including regular security updates, robust access controls, security configuration, and comprehensive logging, while considering AI to improve defense.
Show sources
- AI Security Institute Advocates Security Best Practices After Mythos Test — www.infosecurity-magazine.com — 14.04.2026 12:30
- Summer of Clearinghouses — thehackernews.com — 09.07.2026 14:00
-
08.04.2026 12:16 1 articles · 3mo ago
Anthropic launches Project Glasswing with Claude Mythos
Initial DisclosureAnthropic announces Project Glasswing, a restricted security initiative that will use a preview version of Claude Mythos with a small set of organizations including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and Anthropic to find and address vulnerabilities in critical software. Anthropic says Mythos Preview has already found thousands of high-severity zero-day vulnerabilities in major operating systems and web browsers, including a now-patched 27-year-old OpenBSD bug and a 16-year-old FFmpeg flaw, and that the model is not generally available because its coding capabilities could also be used to exploit software vulnerabilities.
Show sources
- Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems — thehackernews.com — 08.04.2026 12:16