Project Glasswing update from Anthropic. Claude Mythos Preview flagged over 10,000 security flaws across critical systems.

[Scholar]

Anthropic published an initial update on Project Glasswing on May 22. The project uses Claude Mythos Preview for defensive cybersecurity work, specifically identifying security vulnerabilities in critical systems before attackers find them. The update disclosed that across its controlled deployments Mythos Preview has flagged over 10,000 security flaws across critical infrastructure and enterprise systems.

The update came the same week as the AISI findings that AI cyber offensive capability is doubling every four months, and directly addresses the tension between releasing capable models and using them defensively.

Newsroom

https://www.anthropic.com/news

[BankHolidayBlues87]

10,000 security flaws identified defensively is the number that justifies the model's existence despite its offensive capability. If the same system that can attack can also find vulnerabilities before attackers do the net safety calculation is different

[Marcus11]

The AISI four-month offensive doubling finding and the Project Glasswing defensive deployment in the same week is the arms race made visible. Attack and defence both accelerating simultaneously

[Lucy_35]

The controlled deployment framing matters. Mythos Preview doing defensive work in environments where Anthropic controls the access and outputs is a different risk profile from Daybreak-style commercial release

[Aaron]

The Pentagon labelling Anthropic a supply chain risk while Anthropic is simultaneously refusing autonomous weapons contracts and doing defensive cybersecurity work is a complicated relationship to navigate

[BretHart_Mike]

10,000 is a large number but the severity distribution matters enormously. Critical infrastructure flaws of critical severity are a different category from informational findings. The breakdown would be more useful than the headline count