Anthropic published the first quantified update on Project Glasswing three days ago. The headline numbers reset what every CISO should be doing this quarter.
In about one month of coalition use, Claude Mythos Preview surfaced more than 10,000 high- or critical-severity vulnerabilities across the most widely used software on the internet. The post-triage true-positive rate is 90.6%. Cloudflare alone reported about 2,000 bugs, 400 high or critical. Mozilla fixed 271 vulnerabilities in Firefox 150 — ten times what was found in Firefox 148. wolfSSL, a crypto library running on billions of devices, had a certificate-forgery path identified. At one partner bank, Mythos prevented a fraudulent $1.5 million wire transfer in real time. The UK AI Security Institute confirmed Mythos autonomously completes expert-level cyber-range tasks end-to-end.
And the single line everyone is quoting:
“Progress on software security used to be limited by how quickly we could find vulnerabilities. Now it’s limited by how quickly we can patch them — maintainers are asking us to slow down because they can’t patch fast enough.”
The lane-defining post on X this week came from @dannylivshits, a former Meta GenAI red-team lead: “10,000 critical vulns in 30 days. 75 patched. Your new attack surface lives in the patch pipeline. Plan for the leak. Use the next 90 days.” That framing — patch pipeline as the new attack surface — is the one your AppSec team is going to be hearing from every direction for the rest of the year.
So here’s the procurement question every CISO, VP-AppSec, DevSecOps lead, and platform-security architect has on their Q3 budget cycle right now: what do we actually do with this? Three choices are on the table, none of them are obvious, and the SERP is full of explainers but empty of a decision table. This is the decision table.
The 3-choice decision table
| Dimension | Choice 1: Apply to Glasswing partner waitlist | Choice 2: Deploy Claude Security in public beta | Choice 3: Wait for Mythos GA (July) and reassess |
|---|---|---|---|
| Time to first signal | 4-8 weeks earlier than GA | This week | After July GA + 30-60d evaluation |
| Commitment | Share findings with coalition | API-metered + seat licensing TBD | None |
| Integration with existing SAST/SCA | Coalition-coordinated; varies | Sits alongside Snyk / Semgrep / CodeQL / GitHub Advanced Security | Decide post-GA |
| False-positive risk | Coalition-vetted (90.6% TP rate baseline) | Beta — expect noise + alert-fatigue spike | Mitigated by post-GA SLA |
| Patch-volume absorption | High — coalition is shipping serious advisory volume | High — you absorb the full 10x bump alone | None until you deploy |
| Regulatory / audit posture | Adds attestation; some orgs need legal review | Beta software in regulated production = risk | Defensible “we waited for GA” stance |
| Cost over 12 months | Coalition share — non-monetary commitment | $TBD; Anthropic pricing usage-based | None until decision |
| Headcount required | 1-2 additional AppSec engineers to absorb finding volume | 2-3 additional engineers minimum | 0 now |
| Good fit for | Regulated F500, security vendors, mature AppSec teams | AppSec teams with mature SCA already in place | Compliance-gated orgs, teams underwater on existing backlog |
| Risk of doing nothing | Coalition closes around ~52 partners; window narrowing | Competitors get 5-6 weeks of vuln-prevention lead | Quarter of catch-up after GA |
Three of those rows deserve more than a cell can hold.
On false-positive risk (row 4). The 90.6% true-positive rate is the coalition baseline after human triage — meaning the partner SOC teams are absorbing the triage labor. When Claude Security beta lands inside your own SDLC, you absorb the triage labor. Plan for 8-12% false-positive overhead in your initial 30-day window, which translates to real engineer-hours every day if your codebase is large. The mitigation: stage the rollout to one or two services first, instrument the false-positive rate honestly, and only expand after the human-review-per-finding cost drops below an acceptable threshold.
On patch-volume absorption (row 5). The maintainer-throttle story is the canary. Microsoft has already publicly stated that patch volumes will trend larger for some time. If your team currently absorbs 50-100 high/critical vulns per quarter, brace for a 5-10x increase under sustained Mythos-class scanning. That’s not a tooling problem; it’s a headcount problem. The CFO conversation belongs in the FY27 budget cycle, not the FY28 one.
On the cost-of-doing-nothing row. “We didn’t know” is becoming a weaker audit defense fast. Once Mythos GA lands in July and the technology is broadly available, the implied standard-of-care for your security program steps up. Regulators (banking, healthcare, critical infrastructure) and class-action plaintiffs both work backward from what was reasonably available. By Q4, “we waited for the second-generation product” will be a defensible position; “we ignored it for two more quarters” probably won’t be.
How to choose: 5 questions to run with your team this week
1. What’s your current critical-vuln-patch-velocity? If you’re patching critical vulns within 14 days currently, you have absorption capacity to consider Choice 2 (Claude Security beta) seriously. If your average is 60+ days, the rational sequence is Choice 3 (wait for GA) plus an immediate hiring conversation about absorption capacity.
2. Is your existing AppSec stack mature enough to coexist with another scanner? Mythos-class output sits alongside Snyk, Semgrep, CodeQL, GitHub Advanced Security, Checkmarx — not as a replacement. If your team is currently running 1 SAST tool and struggling, layering on Claude Security beta creates more alert volume than your triage process can handle. Build the triage maturity first.
3. Do you have a regulated production environment that forbids beta software? Banking, healthcare, defense, critical-infrastructure orgs typically have written policies against deploying beta tooling against production code. Choice 2 may be off the table for compliance reasons regardless of the technical merits. If so, Choice 1 (partner waitlist) and Choice 3 (wait for GA) are your only options.
4. Is your CFO’s FY27 budget locked, or is there a Q3 supplemental? Both Choice 1 and Choice 2 require AppSec headcount to absorb the finding volume. If your FY27 budget is locked and your CFO has no supplemental appetite, Choice 3 is the only honest answer — and the next planning cycle is when you fix that. Going into Choice 1 or 2 without absorption headcount creates a backlog you’ll be apologizing for in Q1 2027.
5. Are you a security vendor or a customer of one? Security vendors should apply for Choice 1 unconditionally — the coalition position is strategic for any company whose product overlaps with Mythos’s capability. SCA / SAST / DAST vendors who are not in the coalition will face a “buy-vs-build vs partner-with-Anthropic” question by Q4 that’s better answered with coalition data than without.
The “patch pipeline is the new attack surface” reframe
The most consequential thing in @dannylivshits’ framing isn’t the numbers. It’s that the threat model has inverted. For 25 years, AppSec assumed attacker has limited time to find a vuln; defender has months to patch. Project Glasswing inverts both halves.
The attacker side: any sophisticated adversary now has access to Mythos-class capability inside 12-18 months (open-source equivalents are already being prototyped; nation-state actors will deploy faster). Time-to-find collapses from months to days.
The defender side: time-to-patch is essentially unchanged. Maintainer throughput is human-bound. Internal AppSec triage is human-bound. The patch-deployment window — staging, regression test, CAB, production push — is process-bound. Even with full Mythos coverage on your codebase, your effective time-to-patch is measured in weeks not days unless you’ve already invested in automated regression + canary + auto-rollback infrastructure.
The CISO implication: window-of-exposure becomes the metric that matters. Not vuln count, not severity distribution, not mean-time-to-patch by itself. The number to put on the board dashboard this quarter is the time interval between when a critical vuln in our production code is discoverable by a Mythos-class tool and when our patch is in production. Anything over 30 days is now a structural risk you need to either close or document why you can’t.
What this means for you
If you’re a CISO at a regulated F500 (banking, healthcare, critical infrastructure)
Apply for Choice 1 (Glasswing waitlist) now, even if you don’t yet know what you’d do with access. The coalition position is strategic for any org whose security posture is subject to regulator review. Choice 2 (beta deployment) is likely off-limits for compliance reasons; plan for Choice 3 (GA in July) on the production-deploy side, with Choice 1 supplying the early-warning channel.
If you’re a VP-AppSec or DevSecOps lead at a 500-2,000 person tech company
Choice 2 (Claude Security beta) is your highest-leverage move IF your SCA / SAST tooling is mature enough to coexist with the finding volume. Stage to one or two services first; measure your real false-positive rate; bring the headcount conversation to your CFO this quarter for FY27. Choice 1 supplements but doesn’t substitute.
If you’re a platform-security architect at a high-growth startup
Most of this doesn’t apply yet — your codebase is small enough that Snyk-level tooling still covers you. The piece worth doing this week: write down the window-of-exposure target for your production code and instrument your tooling to measure it. When Mythos GA lands in July, that baseline is what tells you whether you need to deploy or wait.
If you maintain or contribute to a load-bearing open-source project
The maintainer-throttle phenomenon is real. The funding-side story Forrester forecast in late April — that the Linux Foundation and OpenSSF will launch a patch-maintenance fund — looks more likely than not by Q4. Your project’s case for that fund will be stronger if you can document your maintainer hours, your historical patch velocity, and the gap that a Mythos-class discovery rate would create. Start that documentation now.
If you’re a security vendor (SCA, SAST, DAST, ASPM)
Apply for Choice 1 unconditionally. The buy-vs-build vs partner-with-Anthropic decision is coming for every security vendor in 2026-27, and coalition data improves every option you have. If you can’t get into the coalition, build the integration path now so your customers can route Mythos findings into your platform when GA lands.
What this decision can’t fix
It can’t fix understaffing. None of the three choices reduces your AppSec headcount need; Choices 1 and 2 increase it. If your team is currently below the headcount you’d need at current vuln-volume — let alone 5-10x — start the hiring conversation regardless of which choice you pick.
It can’t fix a fragmented dev pipeline. If your patch deployment requires manual coordination across 6 teams in 3 time zones, no scanner — Mythos or otherwise — closes the window-of-exposure gap. The deployment automation work probably matters more this quarter than the scanner choice.
It can’t fix tool sprawl. Layering Claude Security on top of 4 existing scanners that all surface partially-overlapping findings will create alert fatigue faster than it surfaces threats. Consolidation work is the prerequisite for layering on a higher-volume scanner.
It can’t speak for the 52 coalition partners’ commercial path. Anthropic has not published a commercial structure for post-GA Mythos beyond signaling that pricing is forthcoming. Your procurement counsel should expect to negotiate carefully on data-residency, IP indemnification, and the question of whether Mythos findings on your code remain confidential to your org or feed coalition learning. Get the contract template under review now; don’t wait for GA.
The bottom line
The 10,000-vulns number is the marketing line. The 90.6% true-positive rate, the maintainer-throttle quote, and the absence of a published commercial structure are the procurement story.
If you have absorption capacity and mature SCA tooling, deploy Choice 2 in beta now, measure honestly, and prepare for the Q3 FY27 headcount conversation. If you’re regulated and risk-averse, run Choice 1 for early signal and plan Choice 3 for production. If your team is already underwater, be honest about it — Choice 3 plus a Q3 hiring conversation is the responsible answer, not a failure of nerve.
If you’re building the security-engineering and AI-governance muscle on your team to make these calls — covering AppSec workflow, AI risk frameworks, regulatory posture, and the procurement language that turns coalition relationships into real contracts — our AI Agent Security and AI Compliance & Governance courses walk through the working frameworks.
Sources
- Project Glasswing: An initial update (Anthropic, May 22)
- Project Glasswing: Securing critical software for the AI era (Anthropic)
- Claude Mythos Preview (Anthropic red team)
- Anthropic CVD dashboard
- Our evaluation of Claude Mythos Preview’s cyber capabilities (UK AI Security Institute)
- Project Glasswing: The 10 Consequences Nobody’s Writing About Yet (Forrester, Jeff Pollard)
- CrowdStrike on Anthropic Mythos founding-partner role
- Anthropic Glasswing CVE attribution tracking (VulnCheck)
- 6 Steps to be Mythos Ready (Cycode)
- Anthropic’s Project Glasswing Update — 10,000 critical vulnerabilities (Quasa)
