What Is Project Glasswing? Anthropic's AI Vulnerability Disclosure Program Explained
Project Glasswing is Anthropic's coordinated vulnerability disclosure program powered by Claude Mythos. Here is everything you need to know: what it is, how it works, what it has found, and what it means for security teams.

Retool's new app builder is where AI-generated code ships safely
Building apps with AI is easy. Getting them to production safely is another story.
Project Glasswing is Anthropic's answer to a question the security industry has been asking for years: what happens when you point a state-of-the-art AI at real production software and tell it to find vulnerabilities? The answer, as of July 5, 2026, is 9 confirmed CVEs, over 10,000 high or critical severity findings, and a 90-day track record that has drawn attention from critical infrastructure operators, enterprise security teams, and government institutions. This page explains exactly what Glasswing is, how it works, what it has found, and what it means for your security program.
Definition and Origin
Project Glasswing is Anthropic's coordinated vulnerability disclosure (CVD) program. It uses Claude Mythos, a specialized security AI built on Claude 4, to autonomously discover zero-day vulnerabilities in production software. Unlike traditional CVD programs, where human researchers find bugs and submit them to vendors, Glasswing uses an AI system that operates continuously, scanning code, reasoning about vulnerabilities, and building end-to-end exploit chains without waiting for a human researcher to notice something interesting. Anthropic launched the initial assessment phase in April 2026. The program went public with a benchmark report on May 22, 2026, demonstrating Mythos's capabilities against controlled exploit evaluation challenges. On June 2, 2026, Glasswing expanded to over 200 organizations across power, water, healthcare, and other critical infrastructure sectors. The July 5, 2026 progress report summarizes the first 90 days of findings.
How Glasswing Works Technically
At its core, Glasswing is a three-stage process: discovery, validation, and disclosure. In the discovery stage, Claude Mythos reads source code or analyzes binaries for participating organizations. It does not rely on fuzzing alone. Mythos reasons about code semantics: it identifies assumptions the code makes about inputs, state, and memory, then constructs scenarios in which those assumptions are violated in ways that produce security-relevant behavior. In the validation stage, Mythos attempts to build a working exploit or proof of concept. A vulnerability finding is not useful if it cannot be demonstrated to produce exploitable or impactful behavior. Mythos's ExploitBench performance (21 of 41 V8 arbitrary code executions completed, with no other AI above zero) demonstrates that the validation stage is substantive, not theoretical. In the disclosure stage, Anthropic's security team coordinates with the affected vendor using industry-standard CVD processes: notification, 90-day remediation window, patch verification, and public disclosure.
Briefings like this, every morning before 9am.
Threat intel, active CVEs, and campaign alerts, distilled for practitioners. 50,000+ subscribers. No noise.
Participating Organizations
Glasswing launched with a curated set of initial partners and expanded significantly on June 2, 2026. The expanded program targets organizations operating in sectors where software vulnerabilities have outsized societal consequences: power grid operators and energy infrastructure providers, water treatment and distribution systems, hospitals and healthcare technology vendors, financial services infrastructure, and telecommunications providers. The common thread is critical infrastructure: systems where a compromise does not just affect one organization but can cascade to affect public safety, public health, or economic stability. Participating organizations share their software surface with Glasswing in exchange for prioritized AI-driven vulnerability review and coordinated disclosure management.
What Glasswing Has Found: 9 CVEs and 10,000+ Findings
As of the July 5, 2026 progress report, Glasswing has confirmed 9 CVEs. These include: CVE-2026-4747, a remote code execution vulnerability in FreeBSD's NFS implementation that had existed in the codebase for 17 years without detection; CVE-2026-5194, a wolfSSL certificate forgery vulnerability with a CVSS score of 9.1 that allows attackers to impersonate any TLS endpoint; FFmpeg memory corruption affecting the media processing pipeline used by millions of applications; a Linux kernel local privilege escalation; a virtual machine monitor escape allowing a guest VM to break isolation and affect the host; a browser JIT type confusion vulnerability under coordinated disclosure with browser vendors; V8 arbitrary code execution; an OpenBSD denial-of-service vulnerability; and smart contract vulnerabilities with $35 million in identified value in SCONE-Bench. Beyond the 9 confirmed CVEs, Glasswing has generated over 10,000 high- or critical-severity findings that are in various stages of vendor review and remediation.
How Glasswing Differs from Bug Bounties and Traditional Red Teams
Traditional bug bounty programs depend on external researchers voluntarily submitting vulnerabilities. The quality and coverage depend entirely on which researchers happen to look at which software. High-profile software gets lots of attention; niche but critical components get almost none. Red team engagements provide deeper, more targeted review but are time-bounded and depend on the specific expertise of the team members assigned. Glasswing differs in three ways. First, it operates continuously, not for a fixed engagement period. Mythos reviews software surfaces on an ongoing basis, not once per year. Second, it covers the full surface systematically rather than following researcher interest. Third, it does not depend on human expertise accumulation. Mythos applies consistent reasoning to any codebase regardless of its language, age, or how popular it is with human researchers. This is why Glasswing found a 17-year-old FreeBSD vulnerability that human researchers had not reported: it was not a popular target.
The Coordinated Disclosure Timeline
Glasswing follows coordinated disclosure standards comparable to Project Zero and CERT/CC. When Mythos identifies a vulnerability in a participating organization's software, the disclosure process begins with Anthropic notifying the affected software vendor directly through their security contact. The vendor receives a standard remediation window, typically 90 days, to develop, test, and release a patch. Anthropic verifies the patch against the original vulnerability before the public disclosure. If a vendor fails to respond or refuses to patch within the window, Anthropic applies graduated escalation, up to and including publishing the finding publicly to protect users. The Glasswing July 5 progress report represents the first public summary of findings that have completed or are progressing through this pipeline.
Implications for Defenders
Project Glasswing changes the threat model for organizations that own or operate software. First, the discovery rate for vulnerabilities in mature codebases is about to increase. Mythos found a 17-year-old FreeBSD bug. Similar ancient vulnerabilities exist in other long-lived codebases. Defenders should not assume that software which has not generated CVEs in recent years is therefore safe. Second, the bar for patch deployment speed is rising. When autonomous AI can discover and develop exploits faster than traditional research cycles, the window between vulnerability discovery and active exploitation narrows. Patch deployment processes need to be measured in hours for critical vulnerabilities, not weeks. Third, visibility into your software supply chain matters more than ever. Glasswing's findings span not just application code but underlying runtimes, network stacks, cryptographic libraries, and hypervisor components. Know what you are running.
Full Findings Breakdown: Available in the Mythos Brief
The Mythos Brief provides full technical depth on all Glasswing findings as they progress through coordinated disclosure. Subscribe free at decryptiondigest.com/mythos-brief to receive the complete breakdown the moment embargo windows lift.
Subscribe to unlock Remediation & Mitigation steps
Free subscribers unlock full IOC lists, Sigma detection rules, remediation steps, and every daily briefing.
Why Glasswing Matters Beyond the CVE Count
The 9 CVEs and 10,000+ findings are the visible output. The more significant implication is what Glasswing signals about the future of vulnerability discovery. AI-driven autonomous review is not a supplement to human security research. It is a fundamentally different capability: tireless, systematic, and not limited by researcher interest or expertise in any specific codebase. The security industry has historically assumed that the rate of vulnerability discovery is bounded by the number of skilled researchers willing to look at any given piece of software. Glasswing removes that bound. For defenders, this means the threat landscape will accelerate. For vendors, it means no codebase is safe from review simply because it is obscure or unpopular. For the industry as a whole, it means the investment in patch deployment infrastructure, coordinated disclosure processes, and software supply chain visibility is not optional.
The bottom line
Project Glasswing is Anthropic's coordinated vulnerability disclosure program powered by Claude Mythos, and its first 90 days produced 9 confirmed CVEs and over 10,000 high or critical severity findings across 200+ organizations. The implications for defenders are immediate: autonomous AI-driven vulnerability discovery is live, the discovery rate is accelerating, and patch deployment speed is now a competitive security capability. For the complete technical breakdown of all Glasswing findings, per-CVE analysis, and sector-specific risk data, subscribe free to the Mythos Brief at decryptiondigest.com/mythos-brief.
Frequently asked questions
Who runs Project Glasswing?
Project Glasswing is operated by Anthropic, the AI safety company. The program is powered by Claude Mythos, Anthropic's specialized security AI built on Claude 4. Anthropic manages coordinated disclosure with affected vendors and publishes progress reports. The initial assessment began in April 2026, the Exploit Evals benchmark report was released May 22, and the program expanded to 200+ organizations including critical infrastructure on June 2.
How do vendors get notified when Glasswing finds a vulnerability?
Anthropic follows standard coordinated vulnerability disclosure (CVD) practices. When Mythos identifies a vulnerability in a participating organization's software, Anthropic notifies the relevant software vendor through their established security contact or PSIRT (Product Security Incident Response Team). Vendors typically receive 90 days to prepare and release a patch before public disclosure. The Glasswing 90-day progress report published July 5, 2026 describes findings that went through this process.
Can my organization join Glasswing?
Project Glasswing initially launched with a selected group of partners and expanded on June 2, 2026 to over 200 organizations across power, water, healthcare, and other critical infrastructure sectors. For current enrollment information, contact Anthropic directly through their website. Subscribe to the Mythos Brief at decryptiondigest.com/mythos-brief for updates on program expansion.
Is Project Glasswing the same as Claude Security?
No, they are related but distinct. Project Glasswing is the coordinated vulnerability disclosure program: Anthropic's autonomous AI finds vulnerabilities in partner organizations' production software and coordinates responsible disclosure with vendors. Claude Security is a public beta product that uses similar AI-driven analysis to generate patches for known vulnerabilities. As of July 5, 2026, Claude Security has generated over 2,100 patches. Glasswing finds new vulnerabilities; Claude Security helps remediate known ones.
How many vulnerabilities has Glasswing found?
As of the July 5, 2026 progress report, Glasswing has confirmed 9 CVEs and identified over 10,000 high- or critical-severity findings across all participating organizations. The 9 confirmed CVEs include a 17-year-old FreeBSD NFS remote code execution flaw (CVE-2026-4747), a wolfSSL certificate forgery vulnerability (CVE-2026-5194, CVSS 9.1), FFmpeg memory corruption, a Linux local privilege escalation, a VMM escape, a browser JIT vulnerability, V8 arbitrary code execution, an OpenBSD denial of service, and smart contract vulnerabilities.
How should security teams triage the 10,000+ Glasswing findings relative to the 9 public CVEs when they lack sector-specific disclosure details?
The 9 confirmed public CVEs are the actionable starting point: verify patch status for CVE-2026-4747 (FreeBSD NFS), CVE-2026-5194 (wolfSSL), and the remaining seven across every asset in your environment using your vulnerability scanner's latest plugin updates. For the broader 10,000+ unpublished findings, triage should be driven by software inventory audit rather than waiting for individual disclosures. Pull a current software bill of materials for your environment covering open-source C and C++ libraries, cryptographic dependencies, JavaScript runtimes, virtualization components, and media processing libraries -- these categories represent the finding distribution pattern evident from the 9 public CVEs. Apply your highest patch velocity to components in those categories even before a specific CVE is published for your environment, on the basis that the Glasswing finding distribution makes them statistically higher-risk. Components with no security updates in the past 12 months in these categories warrant manual code review or SCA tooling as a supplementary measure.
Sources & references
Free resources
Critical CVE Reference Card 2025–2026
25 actively exploited vulnerabilities with CVSS scores, exploit status, and patch availability. Print it, pin it, share it with your SOC team.
Ransomware Incident Response Playbook
Step-by-step 24-hour IR checklist covering detection, containment, eradication, and recovery. Built for SOC teams, IR leads, and CISOs.
Get threat intel before your inbox does.
50,000+ security professionals read Decryption Digest for early warnings on zero-days, ransomware, and nation-state campaigns. Free, daily, no spam.
Unsubscribe anytime. We never sell your data.

Founder & Cybersecurity Evangelist, Decryption Digest
Cybersecurity professional with expertise in threat intelligence, vulnerability research, and enterprise security. Covers zero-days, ransomware, and nation-state operations for 50,000+ security professionals every morning.
Win a $2,495 Black Hat pass.
Full-access to Black Hat USA 2026 in Las Vegas. Subscribe free to enter.
