AI cybersecurity: 10,000 Project Glasswing bugs and Fable 5
Read Time 7 mins | Written by: Cole
Project Glasswing's partners have found more than 10,000 high- or critical-severity vulnerabilities in a single month. Only a fraction have been patched.
We've been tracking the security fallout from Anthropic's Mythos-class models since the red team report landed in April and covered what it means for CTOs and how one researcher used it to mass-produce zero-days.
Since then, two things happened that change the shape of this story. Project Glasswing produced its first real numbers, and Anthropic shipped Fable 5 and Mythos 5, the production successors to Mythos Preview, only to have the US government suspend both models worldwide 3 days later. Fable 5 is back until July 12 and in the hands of paid users.
Here's what this means if you're responsible for cybersecurity at your company.
What is Project Glasswing and who's involved?
Anthropic launched Project Glasswing in April: a coordinated effort to put Mythos Preview's vulnerability-finding capability into the hands of defenders before models with similar capability spread to attackers.
Launch partners included AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, plus more than 40 organizations maintaining critical open-source infrastructure.
The coalition has since grown to more than 150 organizations across 15+ countries, adding sectors the original launch didn't cover: power, water, healthcare, communications, and hardware.
Anthropic has committed $100M in Mythos usage credits across participants and $4M in direct donations to open-source security organizations, including Alpha-Omega, OpenSSF, and the Apache Software Foundation.
Companies that compete on nearly everything else are sharing a table on this one.
How many vulnerabilities has Project Glasswing found?
Anthropic's May 22 update on Glasswing is the first report on what happens when you point a model like Mythos Preview at the world's most important software.
A few of the results:
- Cloudflare found 2,000 bugs across its critical-path systems, 400 of them high or critical severity, at roughly 10 times its normal bug-finding rate, with a false positive rate the team rated better than human testers.
- Mozilla found and fixed 271 vulnerabilities in Firefox 150, more than 10 times what it found in Firefox 148 using Claude Opus 4.6.
- The UK's AI Security Institute reported that Mythos Preview was the first model to solve both of its cyber ranges (simulated multistep attacks) end to end.
- Palo Alto Networks shipped a release with 5 times its usual number of patches. Oracle reported finding and fixing vulnerabilities multiple times faster than before.
- At one Glasswing partner bank, Mythos Preview helped detect and stop a fraudulent $1.5M wire transfer after a threat actor compromised a customer's email and spoofed follow-up phone calls.
Why can't patching keep pace with AI-discovered vulnerabilities?
Anthropic used Mythos Preview to scan more than 1,000 open-source projects on its own. The gap between finding bugs and fixing them shows up clearly in the numbers:
- 6,202 high- or critical-severity vulnerabilities – flagged out of roughly 23,000 total findings across every severity level
- 90.6% true-positive rate – confirmed across the 1,752 findings independently assessed so far, with 62.4% confirmed high or critical severity
- ~3,900 high- or critical-severity bugs – the projected total in open-source code alone at that rate, still climbing as scanning continues
- 530 bugs disclosed, 75 patched – the current state of high- or critical-severity findings reported to maintainers so far
- 2 weeks – the average time to patch a high- or critical-severity bug once it's reported
Several maintainers have asked Anthropic to slow down its disclosures. They don't have the capacity to triage what's already coming in, on top of a separate flood of low-quality, AI-generated bug reports clogging the same inboxes.
Human capacity to verify, prioritize, and patch vulnerabilities is now the main constraint on software security. The one place patching is keeping pace is inside companies fixing their own code.
Anthropic's Claude Security, now in public beta for Enterprise customers, has been used to patch more than 2,100 vulnerabilities in 3 weeks. That's faster than the open-source numbers above, mostly because enterprises can fix their own code directly instead of routing through volunteer maintainers and coordinated disclosure.
Why did the US government suspend Fable 5 and Mythos 5?
On June 9, Anthropic released Fable 5 and Mythos 5. Fable 5 shipped with the heaviest safeguards Anthropic has ever applied, for general availability. Mythos 5 shipped with fewer safeguards, restricted to vetted Glasswing partners.
Three days later, the US Commerce Department ordered a worldwide suspension of both models after Amazon reported a technique for bypassing Fable 5's safeguards, a finding Anthropic disputed but complied with immediately. The suspension lasted 19 days.
Mythos 5 access returned for roughly 100 vetted organizations on June 26, and the export controls were fully lifted on June 30, when Anthropic detailed the new safety classifier and jailbreak-severity framework it built with Amazon, Microsoft, and Google in response.
That classifier blocks the reported bypass in more than 99% of cases, and Fable 5 has been fully live again since July 1.
Can Fable 5 still find vulnerabilities like Mythos 5?
Not as reliably, and that's by design. Fable 5 and Mythos 5 run on the same underlying model, but Fable 5 ships with classifiers that detect cybersecurity-flavored prompts and quietly hand the response to Claude Opus 4.8 instead.
That fallback triggers in under 5% of sessions, but when it does, Fable's offensive capability drops to effectively zero. You're notified whenever the switch happens.
Even when Fable 5 answers as itself, it's doing static analysis: reading your code and flagging what looks reachable, not testing whether a finding is actually exploitable against your live, deployed, authenticated system.
Fable 5 can still surface real vulnerabilities in your own codebase. It just comes with more friction than it used to, and nowhere near the throughput Mythos 5 gives Project Glasswing's partners.
The classifiers also catch more than intended. Dark Reading reported that one security researcher got rerouted to Opus 4.8 while trying to build a legitimate digital forensics tool, a sign the safety margin blocks real defensive work along with the misuse it's designed to stop.
If you need the full capability, that lives in Mythos 5 (restricted to vetted Glasswing partners), Anthropic's Cyber Verification Program (for vetted security professionals doing legitimate research or pentesting), or Claude Security.
What should security teams do about AI-discovered vulnerabilities?
Nobody, including Anthropic, has a full playbook for this yet. A few things are worth doing regardless:
- Shorten your patch cycle now before the next audit. With disclosure volume climbing and maintainers already behind, the gap between "vulnerability exists" and "vulnerability gets exploited" keeps shrinking. A monthly patch cadence for critical infrastructure isn't fast enough.
- Point AI at your own codebase before someone points it at you. Claude Security's 2,100 patches in 3 weeks shows what's possible when you're fixing your own code instead of waiting on someone else's. Run a scan-and-verify pass on a regular cadence.
- Map your open-source dependency tree. The bugs Mythos Preview found in OpenBSD, FFmpeg, and wolfSSL were in code everyone assumed was safe because it had survived decades of review.
- Ask your vendors what they're doing. If a supplier isn't participating in Glasswing, running its own AI-assisted audits, or shortening its patch cycle, that's worth flagging now and thinking about new vendors.
- Watch the disclosure pipeline, not just your own scans. More CVEs are coming out of Glasswing and the broader industry every week. Staying current on advisories for your dependencies matters more than it did a year ago.
More on Mythos, Fable 5, and AI cybersecurity
For the technical detail on what Mythos found in the first place, read Inside the Mythos red team report. For the researcher's-eye view, read Anthropic researcher mass-produced security exploits with Mythos. For the original action CTO items, read AI cybersecurity after Mythos: what CTOs need to do now.
If you want help building AI-assisted cybersecurity into your business let's talk.
Don't Miss
Another Update
new content is published
Cole
Cole is Codingscape's Content Marketing Strategist & Copywriter.
