Timeline

Anthropic published the results of a two-week scan of ~6,000 Firefox C++ files using Claude Opus 4.6. 22 confirmed security-sensitive bugs were found (14 high, 7 moderate, 1 low) at a cost of roughly $4,000 in API credits. Firefox 148 shipped with fixes for all 22. This was a proof-of-concept ahead of the Glasswing program and the first public evidence of Claude's ability to find real vulnerabilities at scale.

Anthropic publicly announced Project Glasswing, naming eleven founding software partners and confirming Claude Mythos Preview as the discovery model. Anthropic committed $100M in usage credits and $4M in direct donations to open-source security organisations. CVE-2026-4747 — a 17-year-old FreeBSD NFS unauthenticated root flaw — was the one CVE explicitly attributed to Glasswing at launch. Dozens more remained under embargo.

The UK AI Safety Institute released its formal evaluation of Claude Mythos Preview's offensive cyber capabilities. Key finding: first model to complete the TLO 32-step corporate network attack simulation (3 of 10 attempts), and 73% success on expert-level CTF tasks. AISI noted results apply only to weakly-defended environments.

Microsoft patched 163 CVEs including CVE-2026-32201, an actively exploited SharePoint spoofing flaw added to the CISA KEV list with a 28 April federal deadline. The elevated count drew analyst attention to AI-assisted discovery, though none of the CVEs were explicitly attributed to Glasswing. Consistent with the accelerated patching cadence seen across Glasswing founding partners.

Mozilla released Firefox 150, patching 271 vulnerabilities found by Claude Mythos Preview via Glasswing in a single evaluation pass. 180 were rated sec-high, 80 sec-moderate, 11 sec-low — grouped into 41 CVE entries in MFSA2026-30. The largest single AI-discovered vulnerability batch in the public CVE record to date.

A Linux kernel logic flaw in the algif_aead / AF_ALG crypto subsystem disclosed by Theori via their "Xint Code" AI-assisted scan. Discovered in approximately one hour with a single operator prompt. Allows any unprivileged local user to escalate to root with a 732-byte exploit, affecting all mainstream distributions built since 2017. Consistent with the embargoed "Linux kernel privilege escalation chains" referenced on the Glasswing page, though not directly attributed to Glasswing.

Two chained page-cache write flaws in the Linux kernel's xfrm-ESP and RxRPC subsystems, reported by researcher Hyunwoo Kim and publicly disclosed on 7 May. Chains to root access on virtually all major Linux distributions. Patches released same day by AlmaLinux, Ubuntu, CloudLinux, and Red Hat.

Palo Alto Networks released its May security advisories covering 26 CVEs (75 issues), far exceeding the typical monthly volume of under 5 CVEs. This was the first time the majority of findings resulted from frontier AI models scanning their codebase as part of Project Glasswing. All SaaS products were patched, and patches were made available for customer-operated products. None of the CVEs were being exploited in the wild. Read the full blog post.

Anthropic published the first comprehensive results from Project Glasswing. Partners collectively found over 10,000 high- or critical-severity vulnerabilities in one month, with several partners reporting a 10x increase in bug-finding rate. Cloudflare found 2,000 bugs (400 high/critical) with a false positive rate their team considered better than human testers. Mozilla found and fixed 271 vulnerabilities in Firefox 150, over 10x more than Firefox 148 with Claude Opus 4.6. Palo Alto Networks released 5x more patches than usual. Microsoft reported patch volumes will "continue trending larger for some time."

Anthropic also scanned 1,000+ open-source projects, finding an estimated 6,202 high- or critical-severity vulnerabilities. Independent triage confirmed a 90.6% true positive rate (1,587 of 1,752 assessed), with 62.4% rated high or critical. 530 high/critical bugs were reported to maintainers, 75 patched so far. The average patch time was two weeks. Notable example: CVE-2026-5194 in wolfSSL, a certificate forgery flaw affecting billions of devices. Read the full blog post.