Anthropic's Project Glasswing CVE tally is still anyone's guess - theregister.com

Detailed Analysis

Anthropic's Project Glasswing, launched around April 7, 2026, represents one of the most consequential deployments of AI in cybersecurity to date — and yet the concrete scope of its real-world impact remains frustratingly opaque. The initiative grants more than 50 organizations, including Google, Cisco, CrowdStrike, Palo Alto Networks, and Microsoft, controlled access to the unreleased Claude Mythos Preview model for the explicit purpose of discovering zero-day vulnerabilities in critical software. The model has reportedly identified thousands of high-severity flaws across major operating systems and web browsers, outperforming prior models on specialized benchmarks such as CTI-REALM. Despite this reported scale, Anthropic has released no official tally of CVEs attributable to the project, leaving analysts and the broader security community to work from incomplete signals.

Security researcher Patrick Garrity attempted to quantify Glasswing's footprint through a systematic analysis of the CVE database, which contains over 327,000 records. His methodology identified 75 entries that mention "Anthropic" in records filed since February 2026. Of those, 35 are traceable to Anthropic's own tooling — including Claude Code and the MCP Inspector — and are unrelated to Glasswing. The remaining 40 entries are credited to Anthropic or its affiliates and *may* originate from the project, but Garrity acknowledges that definitive attribution is impossible without explicit disclosures from Anthropic. He has recommended the company establish a dedicated public security advisory page to provide meaningful transparency into what Glasswing is actually surfacing.

The opacity surrounding Glasswing's CVE output is not merely a bookkeeping inconvenience — it has substantive implications for the vulnerability management ecosystem. Traditional patching pipelines are already strained by the volume and complexity of disclosed vulnerabilities; a model capable of generating thousands of high-severity findings in a compressed timeframe could overwhelm those pipelines in ways that are difficult to anticipate or measure. The controlled-access model Anthropic employs is a deliberate hedge against misuse, recognizing that the same capabilities enabling defensive discovery could, in adversarial hands, dramatically accelerate exploitation. By restricting Claude Mythos Preview to vetted organizations, Anthropic is attempting to engineer a temporary asymmetric advantage for defenders — though the durability of that advantage depends heavily on how quickly affected vendors can act on disclosures.

Project Glasswing connects to a broader and rapidly accelerating trend in which frontier AI models are being purpose-built or repurposed for offensive and defensive security tasks. The AI security research space has seen increasing investment from both private labs and government-adjacent organizations, with models demonstrating emergent competence at tasks like reverse engineering, fuzzing, and exploit chaining that once required highly specialized human expertise. Anthropic's decision to restrict the Glasswing model rather than release it broadly reflects a pattern of capability-gating that the lab has applied across other sensitive domains, effectively positioning itself as a gatekeeper for how and when its most capable systems interact with high-risk applications. The lack of transparent reporting, however, undercuts the credibility of that stewardship posture and creates a verification gap that the security community is unlikely to accept indefinitely.

Garrity's recommendation for a public advisory page reflects a reasonable and well-established norm in responsible disclosure: organizations that discover or facilitate the discovery of vulnerabilities are generally expected to maintain transparent records of those findings. If Anthropic's internal accounting shows a significantly larger or smaller number of attributable CVEs than the 40 Garrity estimates, the discrepancy itself would be informative — either validating or complicating the narrative of Glasswing as a transformative security tool. As AI-driven vulnerability discovery matures into a recognized discipline, the standards for disclosure, attribution, and accountability will need to evolve alongside it, and Anthropic's choices around Project Glasswing are likely to serve as an early and closely watched precedent.