Anthropic's Project Glasswing CVE tally is still anyone's guess

Anthropic has announced Project Glasswing, an initiative involving over 50 selected companies to evaluate its latest AI model, Mythos, which the company claims demonstrates exceptional capability in identifying software vulnerabilities. Anthropic has withheld public disclosure of the specific number of vulnerabilities the model can detect, citing concerns that releasing such information could create security risks or be exploited maliciously.

The project represents a cautious approach to responsible AI disclosure, where participating organizations conduct controlled evaluations of Mythos's vulnerability-finding abilities rather than making the model's capabilities immediately public. This methodology reflects growing industry recognition that powerful security tools, even when beneficial, require careful handling to prevent misuse by bad actors.

The decision to keep vulnerability metrics under wraps highlights the tension between demonstrating AI progress and protecting against potential security exploitation. While the secrecy around Project Glasswing's findings may frustrate transparency advocates, it underscores Anthropic's position that some AI capabilities—particularly those related to cybersecurity—warrant restricted disclosure protocols until safer deployment frameworks can be established.