Anthropic's Project Glasswing reports 10,000+ vulnerabilities in one month — and Claude Security is now in public beta
TL;DR
Anthropic's May 22 Glasswing update says Claude Mythos Preview found more than 10,000 high- or critical-severity vulnerabilities in its first month, with independent security firms validating 90.6% of the high/critical findings they reviewed. Claude Security — the productized version of the same scanner — is now in public beta for Claude Enterprise customers.
10,000+
High/critical-severity vulnerabilities Anthropic reports were found across systemically important software in roughly one month of Glasswing operation
90.6%
Validation rate — share of the 1,752 high/critical findings independent security firms reviewed that were confirmed as true positives, per Anthropic
~50
Approximate Glasswing partner count — up from 11 founding partners; expanded list includes Cloudflare, Mozilla, and Oracle
2,100+
Vulnerabilities patched in the first three weeks of Claude Security public beta, per Anthropic
Anthropic published its first Project Glasswing update on May 22, 2026, reporting that the Claude Mythos Preview model and approximately 50 partners found more than 10,000 high- or critical-severity software vulnerabilities in roughly one month of operation. Alongside the update, Anthropic confirmed that Claude Security — the productized version of the same vulnerability-discovery capability — is now in public beta for Claude Enterprise customers. The combined release is the first concrete data we have on whether the Glasswing program announced in April is actually shipping vulnerabilities or just rhetoric.
The headline numbers, and what they mean. Anthropic reports more than 10,000 high- or critical-severity vulnerabilities identified across systemically important software since Glasswing went live. For open-source projects specifically, Mythos Preview surfaced approximately 23,019 total findings — 6,202 of which the model classified as high- or critical-severity. Of the 1,752 high/critical findings that independent security firms reviewed, Anthropic says 90.6% (1,587) were validated as true positives, with 62.4% (1,094) confirmed as actually high- or critical-severity once independently triaged. That validation rate is the meaningful figure: not "the AI found vulnerabilities," but "an independent reviewer agreed the AI's high-severity claim was correct nine times out of ten." Anthropic is the source for the validation methodology — the underlying firm names and case-by-case data have not been published.
Claude Security exits closed preview. Claude Security — built on the same Mythos Preview capability — is now in public beta for Claude Enterprise customers, with Anthropic reporting that Claude Security has helped patch "over 2,100 vulnerabilities" in three weeks of public-beta operation. The product surface in Claude.ai includes scheduled and targeted scans, the ability to point a scan at a specific repository subdirectory, the ability to dismiss findings with documented reasons, export of findings as CSV or Markdown, and webhook delivery to Slack, Jira, and similar tracking tools. Availability is limited to Claude Enterprise plans — Pro, Max, and Team tiers do not currently have access according to Anthropic's announcement language.
The partner roster grew. The original Glasswing coalition was 11 founding companies. Anthropic's May 22 update puts the partner count at "approximately 50," including names like Cloudflare, Mozilla, and Oracle now alongside the original AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. The expansion suggests Glasswing is broadening from a small invite-only group toward a larger defensive coalition, though Anthropic has not published a full partner list.
Cyber Verification Program. Anthropic also formalized the Cyber Verification Program, which lets vetted security professionals use the company's models for legitimate cybersecurity work — vulnerability research, exploit development for sanctioned engagements — with fewer of the standard refusal behaviors. Enrollment is gated on verification of the security professional's identity and the legitimacy of the work, and Anthropic emphasizes that current safeguards "remain insufficient to prevent misuse" of broader Mythos-class capabilities — language that signals the program is deliberately narrow.
What is not changing. Mythos Preview itself is not generally available — it is still under controlled access for Glasswing partners. Claude Security is in public beta for Enterprise only. Pricing for Claude Security has not been published separately from Claude Enterprise pricing. The validation rate (90.6% high/critical true positives) is Anthropic's own report based on independent-firm review; the methodology, case-list, and reviewer identities are not all public. Treat the figure as a vendor claim about an independent review rather than a fully independent benchmark.
Why this matters for developers and operators. Two things. First, a roughly 90% high-severity true positive rate — if it holds in other contexts — is a meaningful step beyond historical AI security-scanning tools, which have struggled with false positive rates that overwhelm triage capacity. Second, Claude Security being in public beta for Enterprise turns the "AI security scanner" category from a research preview into a buyable product. For solo developers and small teams not on Claude Enterprise, this is not yet a tool you can purchase — but it sets the expectation for what AI-driven code-security scanning should look like, and dependent libraries you ship today may have been scanned (and patched) by Mythos Preview before you ever notice. See our Claude AI review for the broader Anthropic product context, our Claude Code review for the coding-side capability baseline, and our best AI coding tools roundup for how Anthropic's coding stack compares to the alternatives.
Why It Matters
Claude Security is now a buyable product for Claude Enterprise, and the validation numbers are the first independent-ish signal that AI security scanning is reaching usable accuracy. A roughly 90% high-severity true positive rate — if it holds across diverse codebases — is meaningfully better than the false-positive-heavy historical baseline of static analysis tools. The caveat is that the validation methodology is Anthropic-reported, not externally audited end-to-end. For Enterprise security teams, the right move this week is to evaluate the public beta against your own codebase. For everyone else, this is a market signal: AI-driven vulnerability discovery is moving from research preview to enterprise product faster than most predicted.
Who's Affected
- — Claude Enterprise customers. The most direct beneficiary. Claude Security is now in public beta with scheduled scans, directory-targeted scans, finding dismissal with documented reasons, CSV/Markdown export, and webhook delivery to Slack/Jira. Evaluate against your own codebase before deciding whether it replaces or augments your existing static-analysis tooling.
- — Security professionals doing sanctioned vulnerability research. The Cyber Verification Program is the formal path to using Mythos-class capabilities with fewer of the standard refusal behaviors. Eligibility is gated on identity verification and work legitimacy, and current Anthropic safeguards 'remain insufficient' for broader release, per their own language.
- — Maintainers of widely-used open-source projects. Glasswing partners are scanning critical software. If you maintain a project that hits the dependency tree of major systems, you may already have been scanned. Watch your inbox for coordinated disclosure outreach from Anthropic's partners.
- — Solo developers and small teams not on Claude Enterprise. You cannot buy Claude Security today. But the second-order effect — patched dependencies, raised baseline expectations for AI security tooling — reaches you regardless. Pricing has not been published, so plan for the public availability question to remain open for at least a few months.
What To Do Now
- 1. Treat the 90.6% true positive rate as an Anthropic-reported figure, not an independent benchmark. It is based on independent-firm review of a 1,752-finding sample, but Anthropic published the methodology and the reviewer list is not all public. The directional signal is real — assume the actual rate on your specific codebase will vary.
- 2. Pilot Claude Security on a non-critical repository first. Public beta means subject to change. Run a scan against a representative but lower-stakes codebase, validate a sample of the findings yourself, and calibrate how much triage effort the false positives demand before moving to your most sensitive systems.
- 3. Do not cancel your existing static-analysis tooling yet. Claude Security's coverage profile is different from traditional SAST tools. It may catch issues they miss and miss issues they catch. Run both in parallel for at least a quarter before making subscription decisions.
- 4. If you maintain critical open-source software, prepare a coordinated-disclosure process. Glasswing partners have already found thousands of vulnerabilities. If your project is downstream of those, you may receive disclosure reports — having a clear intake, triage, and patch-release process now is cheaper than building one under deadline.
More on this topic — Best AI Coding Tools
Independent Review
Claude AI
Pricing, pros and cons, real-world verdict — no affiliate spin.
Read the Claude AI reviewMore from ToolNav News
Anthropic Launches Project Glasswing -- Claude Mythos Preview Found a 27-Year-Old OpenBSD Zero-Day
2026-04-07
Ramp June AI Index: Anthropic Hits 41% Business Adoption — Top Firms Spend $7,449/Employee/Month
2026-06-10
Anthropic Is Retiring Three Claude Features by June 15 — and Everything Moves to VM-Based Execution
2026-05-13