Anthropic’s Project Glasswing Update (www.schneier.com)
<p>In April, Anthropic initated <a href="https://www.anthropic.com/glasswing">Project Glasswing</a>. The idea was to let companies use their new model to find and fix vulnerabilities in their own software. It was a fantastic PR move, and so many press outlets have uncritically parroted Anthropic’s claims that it’s now common wisdom that Mythos is better at finding software vulnerabilities than other models. Which is just <a href="https://www.theguardian.com/commentisfree/2026/may/08/how-dangerous-is-anthropics-mythos-ai">not</a> <a href="https://spectrum.ieee.org/ai-cybersecurity-mythos">true</a>.</p>
<p>In any case, Anthropic has <a href="https://www.anthropic.com/research/glasswing-initial-update">published</a> a Project Glasswing status report. It’s finding <a href="https://www.securityweek.com/anthropic-mythos-detected-23000-potential-vulnerabilities-across-1000-oss-projects/">a lot</a> of vulnerabilities in software—yay! Some of them are even dangerous. But almost none of them has been patched. It’s ...</p>
<p>In any case, Anthropic has <a href="https://www.anthropic.com/research/glasswing-initial-update">published</a> a Project Glasswing status report. It’s finding <a href="https://www.securityweek.com/anthropic-mythos-detected-23000-potential-vulnerabilities-across-1000-oss-projects/">a lot</a> of vulnerabilities in software—yay! Some of them are even dangerous. But almost none of them has been patched. It’s ...</p>
Comments