Anthropic reports 10,000 high-severity flaws in Project Glasswing

• Anthropic said its Project Glasswing update and the accompanying research post have already surfaced more than 10,000 high- or critical-severity vulnerabilities in essential software through work with partners.
• According to AnthropicAI's thread, the bigger constraint is no longer finding candidate bugs, it is reviewing, disclosing, and patching them at volume.
• testingcatalog's quote post, daniel_mac8's summary, and scaling01's excerpt all point to the same new line from Anthropic: Mythos-class models are intended for general release, but only after "far stronger safeguards."
• badlogicgames' note about triage and false positives and the Hacker News discussion both zero in on the operational mess beneath the headline, including false positives, exploitability, disclosure flow, and which findings actually become patched CVEs.

You can read Anthropic's initial update, skim the broader Glasswing page, and jump straight to the main HN thread, where commenters immediately argued over exploitability, disclosure status, and whether Anthropic is describing a real shift or just packaging work security researchers were already doing.

Anthropic's new claim is simple and big: since launching Glasswing last month, it and its partners have found more than 10,000 high- or critical-severity vulnerabilities in essential software, according to AnthropicAI's update and the research post.

That number matters less as a scoreboard than as a throughput signal. Anthropic framed Glasswing as a collaborative vulnerability-finding pipeline, not a public model launch, and the post explicitly ties the result to partner workflows rather than unsandboxed public access.

The evidence we have does not break out how many of those findings were duplicates, how many were exploitable end to end, or how many have already shipped fixes. Anthropic's public materials linked from the thread emphasize aggregate volume, while the more practical accounting questions are left mostly to discussion and follow-up.

The most useful line in Anthropic's update is the bottleneck shift. As levie put it while quoting the update, making bug discovery dramatically easier does not automate the review, response, and remediation work that turns a raw finding into a security improvement.

That lines up with what badlogicgames highlighted in Anthropic's writeup: triaging false positives and judging real-world severity are part of the story, not cleanup details. The company is effectively describing a world where vulnerability discovery scales faster than patch pipelines.

For engineers, the interesting systems problem is the queue. A model that can flood a program with plausible high-severity findings changes disclosure operations, partner coordination, and maintainer workload even before it changes offensive security.

Anthropic also used the Glasswing update to say something it had not said this plainly before: Mythos-class models are headed for general release once stronger safeguards are in place, according to testingcatalog's excerpt, daniel_mac8's summary, and scaling01's quote post.

The exact wording matters. Anthropic did not announce a date, product tier, API plan, or deployment surface. It said a general release is something it "look[s] forward to" after building "far stronger safeguards," which makes the safeguard stack part of the product story, not a separate policy wrapper.

That also explains why Glasswing is being framed as a partnership program first. Anthropic is treating high-end cyber capability as something that needs operational controls before it becomes a normal model SKU.

The Hacker News thread is where the tidy headline breaks down into the questions security people actually ask. As summarized in the discussion digest, one commenter challenged whether Anthropic was blurring the line between technically valid bugs and findings that could actually be exploited, while another asked which reported issues were patched and how they mapped to CVEs.

Those are not side arguments. They determine whether "10,000 high- or critical-severity vulnerabilities" should be read as an ecosystem-scale patching event, a massive triage burden, or a capability demo with uneven downstream impact.

The same thread is not one-sided. Ryan5453's HN summary notes that some commenters cited outside security experts who have seen a real increase in valuable AI-assisted vulnerability reports, while others argued Anthropic was overselling work that frontier models and researchers were already inching toward.

That dispute is the last important fact in this story: Anthropic has made the volume claim public, but the public evidence still does not let outsiders cleanly separate confirmed exploitable bugs, patched vulnerabilities, and model-generated leads that mainly increase human review load.