Anthropic’s Mythos AI model uncovered more than 10,000 critical flaws across widely used open-source software, exposing growing risks in the infrastructure powering the internet, cloud platforms, and AI systems.
Anthropic has revealed that its AI cybersecurity initiative, Project Glasswing, identified more than 10,000 high- and critical-severity vulnerabilities across widely used open-source software projects, highlighting how artificial intelligence is rapidly reshaping software security.
The vulnerabilities were discovered using Anthropic’s advanced AI model, Mythos Preview, across operating systems, developer tools, open-source libraries, cloud infrastructure software, and internet-facing systems. Anthropic said the restricted-access initiative has already been deployed across more than 50 partner organisations and software ecosystems to help identify vulnerabilities before attackers exploit them.
One of the biggest developments is the speed advantage AI offers over traditional security research. Advanced AI systems can analyse massive codebases, trace data flows, detect hidden weaknesses, and identify unusual patterns significantly faster than human researchers. Reports suggest Mythos even uncovered decades-old software bugs that had escaped years of audits and testing.
The findings place renewed focus on the security risks surrounding open-source software, which powers much of the internet, enterprise infrastructure, cloud platforms, and AI systems. Many open-source projects are maintained by small volunteer teams with limited resources, making rapid patching difficult.
Security experts also warned that shrinking patch windows and the growing AI cybersecurity arms race could allow malicious actors to exploit vulnerabilities faster. Anthropic said Project Glasswing includes strict safeguards and limited-access controls designed to prevent misuse of its vulnerability-detection capabilities.
