The scope of Anthropic's Project Glasswing has grown considerably since the program's April launch. A progress report published this week shows that Claude Mythos has now flagged 23,019 potential vulnerabilities across more than 1,000 open-source software projects. More striking than the totals is a secondary data point: outside security firms and Anthropic researchers have now reviewed a large subset of those findings and confirmed that nine out of ten are genuine flaws. The bottleneck, Anthropic says, is no longer discovery. It is what happens after.
The Scale of the Scan
When Anthropic launched Claude Mythos Preview and the associated Glasswing coalition in April, the first public figures described roughly 10,000 high- or critical-severity findings. This week's update roughly doubles that headline count: 23,019 potential vulnerabilities across the more than 1,000 open-source projects in the scan corpus. Of those, 6,202 are estimated to be high or critical severity. The corpus includes operating system kernels, web browsers, cryptographic libraries, and the kind of foundational tooling that appears in billions of devices without most developers being aware of it. Among the confirmed findings is a 27-year-old vulnerability in OpenBSD's TCP implementation, sitting in production code maintained by some of the most security-conscious developers in the open-source world.
The scan's breadth reflects how Glasswing was designed. Anthropic restricted access to Mythos in part because the model could generate working exploits autonomously. Rather than sit on those capabilities, the company channeled them into a coordinated disclosure effort, pairing Mythos with human review teams and responsible-disclosure timelines borrowed from the professional security industry.
Project Glasswing: Key Numbers
- OSS projects scanned1,000+
- Total potential vulnerabilities flagged23,019
- Estimated high/critical severity6,202
- True-positive rate (reviewed subset)90.6%
- Vulnerabilities disclosed to maintainers1,596
- Bugs patched as of May 202697
Nine Out of Ten
The validation numbers are where this week's update becomes notable. Anthropic says a subset of 1,752 high- or critical-rated findings were reviewed by outside security firms or by Anthropic's own researchers. Of those, 90.6% were judged to be valid true positives. Within that confirmed set, 62.4% were verified as high- or critical-severity. For context, the false-positive rate in automated vulnerability scanning has historically been high enough that triage itself is a major cost center for security teams. A 90-plus-percent precision rate, if it holds across the broader corpus, would make Mythos substantially more useful for defenders than most existing tools at anything like this scale.
The findings include more than a 27-year-old OpenBSD bug. Mythos has also confirmed flaws in widely deployed cryptographic libraries, browser rendering engines, and OS-level file system code. Anthropic has not published a full list of affected projects. Under the responsible-disclosure agreement governing Glasswing, individual findings carry a 90-day window before public attribution, extendable to 135 days for complex fixes.
The Patching Gap
The harder number in this week's update is not the count of vulnerabilities found. It is the count of vulnerabilities fixed. Anthropic has disclosed 1,596 potential flaws across 281 open-source projects. Of those, 97 have been patched. Vendors have published 65 security advisories covering some of those issues. The ratio, roughly one fix for every sixteen disclosures, is a direct measure of how far the remediation pipeline lags behind the discovery pipeline. Previous Glasswing coverage flagged this gap when the count was far smaller. At 23,000 potential findings, the operational load on maintainers is substantial.
"The volume of AI-found flaws is turning verification, disclosure, and patching into the new bottleneck." Anthropic, Project Glasswing progress report, May 2026
What This Means for Open Source Maintainers
The dynamics here are not symmetrical for attackers and defenders. Anthropic controls the rate at which it discloses findings to maintainers, and has said it sequences disclosures to avoid overwhelming individual projects. But a pipeline that generates hundreds of new reports while maintainers are still working through previous batches creates a real operational burden, particularly for projects maintained by small volunteer teams or individual contributors. Most of the 281 projects receiving disclosures are not resourced like Microsoft or Google. A sustained stream of high-severity reports, however accurate, requires humans to read, triage, reproduce, and patch each one.
The broader implication is that AI-assisted vulnerability discovery has outpaced the human infrastructure needed to close the findings it surfaces. That gap is, in a sense, exactly what Glasswing was designed to close. The question the current numbers raise is whether a coordinated program with defined disclosure timelines and a closed coalition of vendors can absorb findings at this rate without itself becoming a source of delay. If verified bugs sit in a disclosure queue for months while maintainers work through the backlog, the theoretical safety benefit of finding them first erodes.
What Comes Next
Anthropic's Responsible Scaling Policy frames Mythos as a model that sits above the threshold requiring pre-deployment safety evaluation. The company has stated it intends to make Mythos-class capabilities available more broadly once defenders have had sufficient time to respond. This week's progress report suggests that moment is not imminent. The gap between what was found and what was patched will take many months to close at the current pace. When a broader release does come, the ability to scan codebases at this scale and accuracy will move from a controlled coalition context into general commercial use. The patching infrastructure will need to be ready for that when it happens.
