Project Glasswing launched last month to wrestle AI‑driven vulnerability hunting from malicious hands. Anthropic’s Claude Mythos Preview now flags more than ten thousand high‑or critical‑severity flaws in the world’s most essential software. Partners like Cloudflare report a ten‑fold rise in bug detection, finding 2,000 issues—400 rated high—while keeping a false‑positive rate below human levels for developers daily use in 2024.

Current disclosure norms push new flaws to public only 90 days after discovery, a lag that limits rapid patching. Glasswing’s coordinated policy mirrors this, delaying full detail until fixes are widespread. Yet the sheer volume of findings forces a bottleneck in triage and patch development, as maintainers juggle high‑severity defects with a flood of AI‑generated reports for security teams daily.

Open‑source scans reveal 6,202 high‑or critical‑severity bugs across 1,000 projects, with 90.6% of triaged cases proving true positives. A wolfSSL flaw, now CVE‑2026‑5194, could let attackers forge certificates and masquerade as banks. The bottleneck remains human verification; without faster patch cycles, even the best AI tools risk leaving critical holes open for developers and users everywhere in 2024 and.