Anthropic Uncovers 10,000+ Zero-Days in Project Glasswing
ITSecurityNews reports that Project Glasswing, a controlled research program using the unreleased Claude Mythos Preview model, discovered more than 10,000 high- and critical-severity zero-day vulnerabilities in its first month. Reporting also states Cloudflare ran the model against over 50 internal repositories and observed the model chaining bugs into working proof-of-concept exploits. ITSecurityNews reports that Anthropic has not released Claude Mythos Preview to the general public because of its cyberattack capabilities. Editorial analysis: Industry observers are likely to treat these results as strong evidence that frontier code-capable models can materially accelerate automated offensive vulnerability research, creating new disclosure and operational-security challenges.
What happened
ITSecurityNews reports that Project Glasswing, Anthropic's controlled cybersecurity research program, used the unreleased Claude Mythos Preview model and discovered more than 10,000 high- and critical-severity zero-day vulnerabilities in its first month. ITSecurityNews reports that Cloudflare's security team ran the model against more than 50 internal repositories as part of the project and observed that the model could chain multiple vulnerabilities into working proof-of-concept exploits. ITSecurityNews reports that Anthropic has not released Claude Mythos Preview to the general public, citing the model's cyberattack capabilities.
Technical details
ITSecurityNews reports the findings emphasize two observed capabilities of Claude Mythos Preview: autonomous vulnerability discovery at scale and automated exploit chaining into proof-of-concept exploits. The article characterises the model as being used for active scanning and research across public-domain and internal code repositories.
Editorial analysis - technical context: Models that combine code generation, program analysis, and multi-step reasoning can automate parts of what specialist vulnerability researchers and red teams do manually. Industry observers note that automated chaining of vulnerabilities into exploit paths reduces the human effort required to turn individual bug findings into actionable exploit code. For practitioners, that changes the threat model for both open-source software and internal codebases because tooling that speeds discovery also speeds exploit construction.
Context and significance
The reported results underscore the dual-use nature of frontier code-capable models. Several recent public incidents and research projects have shown that improvements in model reasoning and code synthesis yield practical offensive tradecraft as well as defensive tooling. Observers following the sector will weigh faster discovery against responsible disclosure, vendor patch cycles, and access controls on high-capability models.
What to watch
For practitioners: monitor whether Cloudflare or other Project Glasswing participants publish technical write-ups or PoC traces, whether vendors accelerate patching or change disclosure timelines, and whether Anthropic or other labs publish safe-access policies or reproducible methodology for the experiment. Changes in vendor response times, disclosure practices, or regulatory attention to AI-assisted offensive research would be key indicators of downstream operational impact.
Scoring Rationale
A frontier model reportedly found and chained over **10,000** high-severity zero-days, which is material for security teams and the AI safety debate; this raises urgent questions about disclosure, access controls, and defensive tooling.
Practice interview problems based on real data
1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
