Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: glasswing (2 articles)Clear

Anthropic to give EU cybersecurity agency ENISA access to Mythos via Project Glasswing - first non-US/UK entity, terms still negotiating

Anthropic is set to give the EU's cybersecurity agency ENISA access to its restricted Mythos model through Project Glasswing - making ENISA the first EU institution and first entity outside the US and UK to join. The move, communicated to the European Commission over the weekend, ends a weeks-long standoff after euro-area finance ministers, the ECB, and member states demanded access on learning Mythos had found flaws in systems European banks, governments, and critical infrastructure rely on. Terms covering data sovereignty, sharing findings with member states, and the scope of systems ENISA may test are still being negotiated. BNP Paribas and Mistral continue building a European alternative.

Check
EU-based organizations: track ENISA's Mythos access as a future channel for coordinated vulnerability findings affecting European infrastructure. Factor frontier-AI vulnerability discovery into your patch-SLA planning.
Affected
European banks, governments, and critical-infrastructure operators whose systems Mythos has already flagged but whose findings were not previously visible to any EU institution until ENISA's access.
Fix
Compress patch cycles in anticipation of AI-surfaced vulnerability disclosures. Engage national CERTs and ENISA channels as they mature. Assume similarly capable models will broaden access over coming months.

Anthropic Project Glasswing reveals 1,094 confirmed high/critical flaws and WolfSSL CVE-2026-5194 (CVSS 9.1) in first month with Apple, AWS, Microsoft, Google partners

Anthropic has named the program behind its Claude Mythos Preview model 'Project Glasswing' and disclosed the first-month results. Working with AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, the program flagged 6,202 high or critical vulnerability candidates across 1,000+ open-source projects; 1,726 were validated by human reviewers and 1,094 confirmed as genuine high or critical severity. A WolfSSL certificate-forgery flaw (CVE-2026-5194, CVSS 9.1) is the named-and-shamed example. 97 upstream patches and 88 security advisories have landed. Anthropic itself warns that finding flaws is far easier than fixing them.

Check
Audit your dependency manifest for WolfSSL across all projects and check the version (CVE-2026-5194 fix). Map your overall SBOM coverage of the 1,000+ open-source projects on Glasswing's scope.
Affected
Software relying on WolfSSL for certificate validation (IoT, network equipment, industrial systems). Broader: any defender whose patch SLAs are slower than AI-assisted vulnerability discovery rates.
Fix
Patch WolfSSL to the version fixing CVE-2026-5194. Compress patch SLAs on internet-facing services. Monitor Glasswing's public advisories for additional CVEs landing across the next 30-60 days.