Anthropic Project Glasswing 2026: The Secretive AI Safety Program That Found 23,000 Security Holes

Anthropic Project Glasswing 2026 is the most consequential AI safety initiative nobody is talking about and the numbers it just disclosed should alarm anyone who uses software, banks online, or relies on any digital infrastructure in their daily life.

Anthropic expanded Project Glasswing to 200 organisations across 15 countries this week. The vetted partners inside that program have used Claude’s most powerful AI capabilities capabilities restricted from public access specifically because of how dangerous they are in the wrong hands to scan open-source software projects for security vulnerabilities. They found 23,000 of them.

Of those 23,000 vulnerabilities, 75 have been patched.

That gap 23,000 found, 75 fixed is the number that tells you everything about where the world stands on AI assisted cybersecurity right now.

What Project Glasswing Actually Is

Anthropic launched Project Glasswing in April 2026 alongside the restricted release of Claude Mythos — the company’s most powerful AI model, which was considered too dangerous for public release due to its advanced ability to identify security flaws in software.

Rather than withholding the capability entirely, Anthropic created a controlled access framework. A small group of vetted organisations — initially around 50, now expanded to 200 — received access to Mythos specifically for defensive cybersecurity research. The explicit goal was to use AI’s ability to find vulnerabilities faster than human researchers to get ahead of the attackers who would eventually develop the same capability through other means.

The logic is uncomfortable but sound. If a sufficiently advanced AI can identify security holes in software at scale, that capability will exist whether Anthropic releases it or not. The question is whether it gets deployed first by defenders or by attackers. Project Glasswing is Anthropic’s bet on defenders.

Claude Fable 5: Anthropic’s Most Powerful Public AI Model Is Here

The 23,000 Number and What It Means

The scale of what Glasswing partners found is difficult to contextualise without understanding what open-source software is and how much of the world runs on it.

Open source software is code that anyone can read, use, and modify and it forms the invisible foundation of almost every digital system you interact with. The web server software that runs most websites is open source. The encryption that protects your banking passwords is open source. The code that runs hospital systems, power grids, and government infrastructure frequently uses open source components. When there is a vulnerability in a widely-used open-source project, it is potentially a vulnerability in thousands of systems built on top of it.

Glasswing partners scanned 1,000 open source projects and found 23,000 potential vulnerabilities. That averages 23 vulnerabilities per project and these are not small projects. They are the kind of foundational software libraries that other software is built on top of.

The 75 patched number is not a failure of the program. It reflects the genuine bottleneck in cybersecurity finding vulnerabilities is now easier than it has ever been, but fixing them still requires human developers to understand the problem, write a solution, test it, and deploy it across every system that uses the affected code. AI accelerated the discovery side of that equation dramatically. The fixing side still runs at human speed.

Why Access Is Restricted to 200 Organisations

The same capability that lets Glasswing partners find and fix vulnerabilities could let a malicious actor find and exploit them first. This is the tension at the heart of every offensive security capability the knowledge of how to break something and the knowledge of how to fix it are the same knowledge.

Anthropic’s approach to managing that tension is explicit vetting of every organisation that receives Mythos access through Glasswing. The 200 partners are not random companies who applied through a website. They are organisations that Anthropic has evaluated for their security posture, their defensive intent, and their ability to handle the results responsibly meaning not selling vulnerability information, not using it for offensive purposes, and patching or disclosing what they find.

The expansion from 50 to 200 organisations is a signal that Anthropic believes its vetting process is working and that the defensive value of broader deployment outweighs the additional risk. Whether that judgment is correct will only become clear over time.

What This Means for Everyday People

If you have never heard of Project Glasswing, you are not alone Anthropic has not publicised it aggressively, partly because the specifics of which vulnerabilities were found in which software are exactly the information that should not be public until patches are available.

But the implication of 23,000 vulnerabilities found in open source software affects everyone who uses digital systems which in 2026 means almost everyone. Some percentage of the software running on your phone, protecting your financial accounts, and keeping critical infrastructure operational has security holes that AI found before the people responsible for maintaining it did.

The 75 patches deployed so far represent the beginning of a process that will take years to complete if it is completed at all. Software vulnerability patching is one of the least visible and most underfunded activities in the entire technology industry the open source maintainers responsible for fixing these issues are frequently volunteers working in their spare time, managing code that global financial systems depend on.

What Glasswing has done is put a number on the gap between the world’s vulnerability and the world’s preparedness to address it. 23,000 found. 75 fixed. The gap is not a failure of Glasswing. It is a measurement of a pre-existing reality that existed before any AI went looking.

Anthropic IPO 2026: The Shocking Truth Behind Claude AI’s Nearly $1 Trillion Valuation

The Connection to Anthropic’s IPO

The timing of the Glasswing expansion announcement coming the same week as Anthropic’s confidential IPO filing at a $965 billion valuation is not coincidental.

Project Glasswing is Anthropic’s most concrete demonstration of its safety first approach to AI development producing measurable real world results. It is easy for any AI company to publish safety principles. It is harder to point to a program that restricted its most powerful model from public release specifically because of safety concerns and then deployed it exclusively for defensive purposes with vetted partners.

For institutional investors evaluating Anthropic’s IPO, Glasswing is evidence that the company’s safety commitments are operational rather than decorative that they actually change what the company does with its most capable technology rather than just what it says in press releases.

Whether the public markets assign a meaningful valuation premium to genuine safety culture is one of the more interesting questions the Anthropic IPO will answer.

What Happens Next

Anthropic has indicated that access to Mythos level capabilities through Glasswing may expand further as the vetting process matures and as safety research produces better tools for managing the risks. The goal is eventually to have AI assisted vulnerability discovery running continuously across the open-source ecosystem finding problems in near real time rather than in discrete scanning exercises.

The patching bottleneck is the harder problem and Anthropic has not announced a solution to it. Getting from 75 patches to 23,000 patches requires either dramatically accelerating the human patching process which AI may eventually help with or changing how the open source maintenance ecosystem is funded and staffed. That is a policy and economic problem as much as a technical one.

The 200 organisations now inside Glasswing represent a network of defenders who collectively have more AI assisted security capability than any single organisation could build alone. Whether that network grows fast enough to stay ahead of the attackers who will develop similar capabilities independently is the race that Project Glasswing is running.

Frequently Asked Questions

Anthropic Project Glasswing 2026 found 23,000 security vulnerabilities in the open source software that much of the world’s digital infrastructure runs on. That number is simultaneously a demonstration of what AI assisted security research can do and a measurement of how exposed the systems we depend on actually are.

The gap between 23,000 found and 75 fixed is not a failure. It is an honest accounting of where the world stands and an argument for why the work Project Glasswing is doing needs to scale faster than the threat it is trying to get ahead of.

Anthropic restricting its most powerful model from public release and deploying it exclusively for defensive purposes is either the most important safety decision an AI company has made in 2026, or the beginning of a framework that will define how the industry handles dual-use capabilities for the next decade. Possibly both.

The 23,000 number will not stay in the headlines long. The vulnerabilities it represents will outlast the news cycle by years.