AI Discovers Tens of Thousands of Vulnerabilities, Posing a New Challenge for the Security Industry

Anthropic has released early findings from its "Project Glasswing" security initiative. The project aims to use advanced AI to protect critical infrastructure before malicious actors can strike. At its core is the yet-unreleased Claude Mythos Preview model, which autonomously identified over 10,000 high-severity and critical zero-day vulnerabilities in its first month alone. These vulnerabilities were found across the world's most critical software systems, and their scale and speed have sent shockwaves through the industry.

The British AI Safety Institute observed that Mythos Preview is the first model capable of fully solving its multi-step cyberattack simulation tasks. Meanwhile, Mozilla used the model in Firefox 150 to find and fix 271 vulnerabilities — ten times the number found in previous tests using Claude Opus 4.6. This massive discovery rate exposes a structural problem in the software industry: manual vulnerability triage, reporting, and patching can no longer keep pace with AI-driven discovery.

These results are not just a demonstration of AI's capability in cybersecurity; they signal a fundamental shift in how security operations will work in the future. As AI becomes the primary "vulnerability detector," security teams must accelerate the development of automated response and patch management workflows. Otherwise, the flood of vulnerabilities will become a management burden rather than a security asset.