AI can now find software flaws much faster than humans can fix them, putting extra pressure on an already stretched security ecosystem.A month after Anthropic announced Project Glasswing, its collaborative effort to secure critical software from increasingly capable AI models finding vulnerabilities, the frontier AI lab has published an initiatl update on the project. The AI startup claims that Claude Mythos, its yet-to-be public AI model under Project Glasswing, has found over 10,000 critical vulnerabilities in just a month.The company shared evidence from its partners and external testers. The initial partners in the effort built and maintained software that is key to the functioning of the internet and other essential infrastructure. After a month, these partners each found hundreds of critical or high-severity vulnerabilities in their software. Of these, Anthropic said that several partners reported bug-finding rates increased by more than a factor of ten.Cloudflare found 2,000 bugs, 400 of which are high or critical severity across their critical path systems. These findings were made with a false-positive rate that the Cloudflare team feels is better than human testers. Meanwhile, Mozilla found and fixed as many as 271 vulnerabilities in Firefox 150 while testing Mythos Preview. This is reportedly over ten times more than they found in Firefox 148 with Claude Opus 4.6.Also Read | Too powerful to release? Claude Mythos triggers debate across tech worldOn the other hand, the UK AI Security Institute said that it was their first model to solve both their cyber attack simulations end-to-end. Reportedly, with one partner bank, Mythos averted a fraudulent $1.5 million wire transfer in real time.When it came to open-source projects, Anthropic said that in the last few months it used Mythos Preview to scan over 1,000 projects, which it claims to underpin much of the internet. From these open-source projects, so far, Mythos Preview has found about 6,202 high- or critical-severity vulnerabilities. Of these, Anthropic said that it has carefully assessed 1,752 high or critical vulnerabilities by one of six independent security research firms. Out of these, 90.6 per cent have reported being valid true positives, and 62.4 per cent were confirmed as either high or critical severity.In its update, Anthropic elaborated on the process of triaging vulnerabilities. In cybersecurity, triaging is a process of quickly assessing, sorting, and prioritising security alerts to understand which threats require immediate attention or response and which can wait.When it comes to Mythos, the process of handling security flaws is fairly complex and time-consuming. At first, Anthropic or external cybersecurity firms verify whether the reported issue is real and its severity. Once confirmed, they later check whether a fix already exists and then proceed to prepare a detailed report for the software maintainers responsible for the code.Story continues below this adAlso Read | Why AI still struggles to defend against cyberattacks even in the age of MythosThis is a meticulous process, as many open-source developers are already overwhelmed with poor-quality, AI-generated bug reports. Some maintainers have also asked Anthropic to slow down reports so they get enough time to create fixes. On average, serious bugs found by Mythos take about two weeks to patch.Overall, Anthropic estimates it has reported 530 serious vulnerabilities, with another 827 waiting to be disclosed. Of the 530 serious bugs, 75 have already been fixed, and 65 received public security advisories. According to the company, this highlights a growing cybersecurity challenge: AI can now find software flaws much faster than humans can fix them, putting extra pressure on an already stretched security ecosystem. © IE Online Media Services Pvt LtdTags:Anthropic