Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label WolfSSL flaw. Show all posts
WolfSSL flaw
AI cybersecurity Anthropic Claude Mythos Preview Project Glasswing software vulnerabilities Vulnerabilities and Exploits WolfSSL flaw

Anthropic’s Project Glasswing Detects Over 10,000 Critical Software Vulnerabilities Worldwide

 

iArtificial intelligence company Anthropic has revealed that its cybersecurity initiative, Project Glasswing, has successfully identified more than 10,000 high- and critical-severity vulnerabilities across globally significant software systems since the program was introduced last month.

The initiative was designed as a defensive cybersecurity program aimed at strengthening critical software infrastructure worldwide. Through Project Glasswing, around 50 trusted partners receive early access to Claude Mythos Preview — an advanced AI model capable of autonomously discovering vulnerabilities in widely used software before malicious actors can exploit them.

According to Anthropic, 6,202 of the detected vulnerabilities were categorized as high or critical severity and affected over 1,000 open-source projects. Further review confirmed 1,726 of these findings as legitimate true positives, while 1,094 vulnerabilities were assessed as either high or critical in severity.

Among the major discoveries was a critical security flaw in WolfSSL identified as CVE-2026-5194, carrying a CVSS score of 9.1. The vulnerability could potentially allow attackers to forge certificates and impersonate legitimate services. Anthropic noted that the initiative has already contributed to 97 vulnerabilities being patched upstream along with the release of 88 security advisories.

"The relative ease of finding vulnerabilities compared with the difficulty of fixing them amounts to a major challenge for cybersecurity," Anthropic acknowledged. "Confronting this challenge successfully will make our software far safer than before."

The announcement comes amid a broader rise in AI-assisted vulnerability discovery, with software vendors releasing patches at an unprecedented pace. Microsoft recently indicated that the number of monthly security patches is expected to continue increasing over time.

Cybersecurity firm XBOW described Mythos Preview as "a major advance" that is "substantially better than prior models at finding vulnerability candidates" and "adept at analyzing source code with a security mindset." Researchers have also observed the model’s effectiveness in converting vulnerabilities into complete end-to-end attack chains.

Anthropic highlighted that the capabilities of Mythos Preview extend beyond vulnerability detection. In one reported incident, a banking partner participating in Glasswing used the AI model to identify and block a fraudulent wire transfer worth $1.5 million after a threat actor compromised a customer’s email account and attempted spoofed phone calls.

The company warned that AI models with capabilities similar to Mythos could become widely accessible in the near future, prompting a need for organizations to accelerate their patch management processes. Oracle has already transitioned to a monthly patch cycle to respond more quickly to critical security vulnerabilities.

"Network defenders should shorten their patch testing and deployment timelines," Anthropic said. "These include steps like hardening networks' default configurations, enforcing multi-factor authentication, and keeping comprehensive logs for detection and response."

Anthropic also announced the launch of its Cyber Verification Program, which allows verified security researchers to use its AI models without standard guardrails for legitimate cybersecurity activities such as penetration testing, vulnerability research, and red teaming. The move mirrors OpenAI’s Daybreak initiative, which enables defenders to work with GPT-5.5-Cyber for specialized security workflows.

Despite their advanced capabilities, models such as Mythos Preview and GPT-5.5-Cyber have not yet been publicly released due to concerns surrounding potential misuse and the absence of sufficient safeguards against large-scale abuse.

"Glasswing helps the most systemically important cyber defenders gain an asymmetric advantage," it pointed out. "However, there is an urgent need for as many organizations as possible to shore up their cyber defenses. We hope that our generally available models, and the new tools, resources, and research we're providing to accompany them, will support those organizations to improve their cybersecurity posture."
Read more »
Subscribe to: Posts (Atom)