Friday, Jul 10 | --:--
Back to home

Research

Cybersecurity United States

Anthropic Releases Initial Update on Project Glasswing, Reporting Over 2,100 Vulnerabilities Patched with Claude

On May 22, 2026, Anthropic published an initial update on Project Glasswing, its collaborative effort to secure critical software using restricted access to advanced Claude models. In the three weeks since launch, Claude Opus 4.7 has been used to patch over 2,100 vulnerabilities. The update includes the public beta of Claude Security for Enterprise customers, a coordinated vulnerability disclosure dashboard with 1,596 disclosed findings as of May 22, and reports of accelerated patching by partners like Palo Alto Networks (5x more patches), Microsoft, and Oracle.

Tech Insights Reporter 6 min read San Francisco, CA

TLDR

Anthropic issued its first progress report on Project Glasswing on May 22, 2026. The initiative provides controlled access to powerful Claude models (like Opus 4.7 and Mythos) for security researchers and partners to discover and fix vulnerabilities before malicious actors can exploit them. Early results include over 2,100 vulnerabilities patched using Claude, a new public beta for Claude Security in Enterprise, and a disclosure dashboard showing 1,596 findings (with 97 patched upstream as of May 22). Partners report dramatically faster remediation cycles.

Project Background and Update

Project Glasswing was launched to address the dual-use risks of advanced AI in cybersecurity—models capable of autonomous vulnerability discovery and exploit chaining. Access is restricted to vetted defenders, critical infrastructure providers, and maintainers.

Key elements from the May 22 update:

  • Claude Security beta: Tool for scanning codebases, identifying vulnerabilities, and generating proposed fixes. Available to Claude Enterprise customers.
  • Impact metrics: Claude has helped patch >2,100 vulns in three weeks.
  • Disclosure dashboard: Tracks findings from Mythos Preview scans of open-source projects (1,596 disclosed, 1,451 acknowledged, 97 remediated).
  • Partner acceleration: Palo Alto Networks released 5x more patches; Microsoft and Oracle report significantly faster vulnerability response.

The update emphasizes responsible scaling and collaboration with the security community.

Why this story matters

This provides the first public data on how frontier AI is being deployed defensively at scale in cybersecurity. It demonstrates measurable productivity gains in vulnerability management (e.g., 5x patch velocity) while highlighting governance models for high-risk AI capabilities. As models like Mythos advance, initiatives like Glasswing offer a template for balancing innovation with risk mitigation in dual-use domains.

Sources

  • Anthropic official update: "Project Glasswing: An initial update" (anthropic.com/research/glasswing-initial-update, published May 22, 2026). Primary source with metrics, beta details, and partner reports.
  • Anthropic coordinated disclosure dashboard (red.anthropic.com, updated as of May 22, 2026) for real-time stats.
  • Related coverage confirming the update timing and key figures.

Featured Image Alt Text

Anthropic Project Glasswing branding with vulnerability patching icons, code scanning visualization, and dashboard stats showing disclosed and remediated findings.

Tags

Anthropic, Glasswing, Cybersecurity, Vulnerability Management, AI Safety, Claude Security

Scroll to continue reading