Anthropic Mythos Project Glasswing Floods Maintainers with Vulnerabilities

Anthropic’s Project Glasswing, leveraging the Mythos AI model, aims to identify critical software vulnerabilities before attackers exploit them. LΣҒΔ𝕽ΩLL 🇮🇱 reports that approximately 50 partners using Mythos Preview discovered over 10,000 high and critical severity vulnerabilities within the first month. Cloudflare alone identified 2,000 bugs, with 400 deemed serious, while Mozilla found and patched 271 vulnerabilities in Firefox 150. Across the open-source landscape, Mythos flagged 6,202 potential high/critical vulnerabilities, with over 90% validated as genuine upon manual review.

The sheer volume of findings, however, is creating significant downstream challenges. LΣҒΔ𝕽ΩLL 🇮🇱 highlights that out of 530 high/critical vulnerabilities already reported to maintainers, only 75 have been closed. Some maintainers have even requested a slower pace, unable to keep up with the influx of disclosures. This bottleneck raises critical questions about the scalability of AI-driven vulnerability discovery when the human capacity for verification, reporting, patching, and deployment remains a limiting factor.

While AI can accelerate the identification phase, the reality is that remediation requires human effort and organizational bandwidth. The effectiveness of such initiatives hinges not just on finding vulnerabilities, but on the ecosystem’s ability to absorb, prioritize, and address them. The current situation suggests that the rate of discovery is far outstripping the rate of resolution, creating a backlog that could still be exploited.