Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery

Security Tool/Service
First reported
Last updated
Happening score
H score 27
2 unique sources, 3 articles

Summary

Hide ▲

Anthropic’s Project Glasswing is now showing measurable results: since launching last month, the Claude Mythos Preview-based initiative has uncovered more than 10,000 high- or critical-severity vulnerabilities in widely used software. Anthropic said 6,202 of those candidates affect more than 1,000 open-source projects, with 1,726 validated as true positives and 1,094 assessed as high- or critical-severity; one example is CVE-2026-5194 in WolfSSL (CVSS 9.1), which could let an attacker forge certificates and impersonate a legitimate service. The company said the effort has already led to 97 upstream patches and 88 advisories, and it warned defenders to shorten patch cycles, harden default configurations, enforce multi-factor authentication, and keep comprehensive logs.

Related Happenings

CERT-In issues 12-hour patch guidance for Indian organizations

Public Sector Action
First: 26.05.2026 13:30 Last: 26.05.2026 13:30 Sources 1

About this happening: **CERT-In** published new guidance on **May 25** urging Indian organizations to patch **actively exploited internet-facing vulnerabilities** within **12 hours**, tightening respon...

Open Happening

Microsoft open-sources RAMPART and Clarity for AI agent security testing and design review

Security Tool/Service
First: 20.05.2026 20:06 Last: 20.05.2026 20:06 Sources 1

About this happening: **Microsoft** open-sourced **RAMPART** and **Clarity**, adding **AI agent security testing** and **design-time reasoning** capabilities that help developers catch risks before dep...

Open Happening

ModeloRAT malicious PowerShell and Dropbox delivery activity

Malware Activity
First: 14.05.2026 15:12 Last: 14.05.2026 15:12 Sources 1

About this happening: The **ModeloRAT** activity now uses a **malicious PowerShell command** and a **Dropbox ZIP payload** to gain persistent footholds, enabling **system reconnaissance**, **screenshot...

Open Happening

OpenAI launches Daybreak cybersecurity initiative for AI-powered vulnerability detection and patch validation

Security Tool/Service
First: 12.05.2026 09:55 Last: 12.05.2026 09:55 Sources 1

About this happening: OpenAI's **Daybreak** launch adds an **AI-powered cybersecurity service** for **vulnerability detection** and **patch validation**, helping organizations fix flaws before attacker...

Open Happening

Google GTIG analysis of adversary AI use for exploit development and attack orchestration

Technical Analysis
First: 11.05.2026 16:00 Last: 11.05.2026 16:00 Sources 1

About this happening: **Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...

Open Happening

Timeline

  1. 23.05.2026 14:55 1 articles · 4d ago

    Anthropic says Project Glasswing found more than 10,000 vulnerabilities

    Campaign Scope Update

    Anthropic said Project Glasswing has uncovered more than 10,000 high- or critical-severity vulnerabilities across widely used software since the program launched last month, including 6,202 high/critical flaws affecting more than 1,000 open-source projects, 1,726 validated true positives, 1,094 high/critical flaws, a critical WolfSSL flaw tracked as CVE-2026-5194 with CVSS score 9.1, 97 upstream patches, and 88 advisories.

    Show sources
    Open in new tab
  2. 14.04.2026 12:30 1 articles · 1mo ago

    AISI assesses Claude Mythos Preview attack capability

    Technical Analysis Update

    The UK AI Security Institute (AISI) said Anthropic’s Claude Mythos Preview is a step up over previous frontier models and, in controlled evaluations with network access, can execute multi-stage attacks on vulnerable networks and autonomously discover and exploit vulnerabilities. The institute also urged organizations to strengthen cybersecurity basics, including regular security updates, robust access controls, security configuration, and comprehensive logging, while considering AI to improve defense.

    Show sources
    Open in new tab
  3. 08.04.2026 12:16 1 articles · 1mo ago

    Anthropic launches Project Glasswing with Claude Mythos

    Initial Disclosure

    Anthropic announces Project Glasswing, a restricted security initiative that will use a preview version of Claude Mythos with a small set of organizations including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and Anthropic to find and address vulnerabilities in critical software. Anthropic says Mythos Preview has already found thousands of high-severity zero-day vulnerabilities in major operating systems and web browsers, including a now-patched 27-year-old OpenBSD bug and a 16-year-old FFmpeg flaw, and that the model is not generally available because its coding capabilities could also be used to exploit software vulnerabilities.

    Show sources
    Open in new tab