Anthropic Project Glasswing first-month report — Claude Mythos found 23,019 vulnerabilities across 1,000+ open-source projects, 90.6% confirmed real on independent sampling

Project Glasswing's first-month report (May 22) on Claude Mythos defensive cybersecurity work: 23,019 vulnerabilities identified across 1,000+ open-source projects, with 90.6% confirmed real on independent sampling. The deployment to 50 partner organizations (AWS, Apple, Google, Microsoft, NVIDIA, CrowdStrike, JPMorgan, others) for defensive-only cybersecurity work is the largest operational alignment-and-capability test of a frontier lab's safety posture to date.

The substantive piece is the operational alignment-and-capability validation at production scale. Mythos 1's deployment to ~50 partner organizations with explicit defensive-only constraints tests whether a frontier model can be operationally constrained to a single use case without capability leakage to dual-use scenarios. The 90.6% real-confirmation rate validates the model's actual cybersecurity capability; the absence of reported offensive-use incidents validates the alignment constraints.

The competitive read for safety-engineering procurement is that the Project Glasswing pattern — explicit-use-case constrained frontier-model deployment with partner-organization validation — is a credible operational alignment-deployment model. OpenAI's GPT-5.5-Cyber and Trail of Bits partnership launching today directly mirrors the pattern. The H2 2026 frontier-AI deployment landscape will include increasingly more use-case-constrained model variants.

See our analysis →

WaveSpeed — June 2026 AI Launch Wave: A Builder's Decision Map → · AI Tools Recap — AI News June 23 2026 →