About
Project Glasswing and the attribution gap
Project Glasswing is Anthropic's effort to use a frontier AI model (Claude Mythos Preview) to find vulnerabilities in critical software at a depth and pace that manual auditing cannot match. Announced in April 2026, the program works with the twelve founding partners tracked by this dashboard. By mid-2026 it had reportedly identified a large number of high-severity findings, including vulnerabilities in code that had previously passed extensive automated fuzzing and manual review.
None of that shows up cleanly in the public CVE record.
When a Glasswing-discovered vulnerability is disclosed, the vendor files the CVE through their own process. Credit is typically attributed to the researcher or team named in the CVE record, which may not reflect the broader discovery method. No field in the CVE schema captures discovery program attribution. As a result, the scale of what Glasswing may be producing, which vendors are processing findings, and whether the pace is changing cannot be read directly from public data.
A VulnCheck analysis in April 2026 found 75 CVE records mentioning "Anthropic," of which 40 could be plausibly linked to Glasswing-affiliated research. Only one CVE - CVE-2026-4747 - was directly attributed to the project. Dozens more remain under embargo pending coordinated disclosure. The true count is unknown and will stay that way until vendors choose to disclose and Anthropic publishes a full accounting, expected around July 2026.
Rather than looking for explicit Glasswing attribution (which is not present in public data), this dashboard tracks vendor self-disclosure cadence across the twelve founding partners. If a large-scale AI-assisted vulnerability discovery effort is producing findings, that may leave a pattern: volume spikes, unusual severity concentration, or cadence shifts that deviate from a partner's established baseline.
That is not a direct count of Glasswing findings. It is an indirect indicator. If a partner appears to be processing a wave of findings through their own CNA, it may register as a change in their normal filing pattern. That change is worth noting, even when the CVEs themselves give no indication of the cause.
Mozilla Firefox sits outside the formal Glasswing partner list, but 28 of the 40 CVEs publicly traceable to Anthropic-affiliated research were reported against Firefox codebases. Based on available public data, this makes Firefox the most frequently cited codebase in Anthropic-linked disclosures, though patches may already be in place that are not yet reflected in the public record.
To support anomaly detection, six additional vendors - Mozilla Firefox, Fortinet, Arista Networks, Red Hat, Sophos, and F5 - have been added to the dashboard as baseline comparators. They are not Glasswing partners. Tracking their filing cadence and severity mix alongside the founding partners provides a broader industry reference point, making it easier to distinguish Glasswing-specific signal from sector-wide CVE trends.
Detection runs at four granularities (daily, weekly, monthly, and quarterly), each with its own baseline and lookback window. All passes are computed at ingest time and stored with the data; the dashboard filters to whichever granularity you select in the Group dropdown.
Z-score > 3 over the baseline window, with count ≥ 2.5× the mean. Applied at every granularity; may surface single-day surges at daily resolution and multi-week surges at weekly/monthly resolution.
Recent-window mean falls below 40% of the prior-window mean. At daily resolution this is a 7-day vs 21-day comparison; at weekly it compares the last 4 weeks against the prior 4. Only fires when the partner's baseline exceeds the minimum-volume threshold.
Three or more consecutive days with zero reports. Ongoing gaps are medium severity; escalates to high after 5 or more days with no activity. Daily granularity only, as silence loses meaning at weekly/monthly aggregation.
Linear regression slope over the drift window. Fires at ±50% projected change (medium severity), escalates to high at ±80%. Only active for partners averaging more than 1 report per period. At quarterly resolution this can surface multi-year structural shifts invisible in daily charts.
Two related rules. Severity mix: a period where ≥ 70% of reports are critical, when the partner's baseline critical fraction is below 25%. Severity spike: z-score > 3 on the critical+high count within the recent window, requiring at least 4 CVEs. Both apply at all granularities.
Attribution is based solely on the CNA assigner short name in each CVE record (e.g. microsoft, palo_alto, AMZN). A CVE is counted toward a partner only when that partner, or one of its known CNA aliases, is listed as the assigner. This means self-reported vendor CVEs only; third-party filings on behalf of a vendor are not attributed to that vendor.
Each partner has a set of regex patterns covering known CNA name variations, subsidiaries, and abbreviations. Because matching is by assigner only, a CVE where Microsoft is the CNA but the affected product is Linux counts for Microsoft only, not Linux Foundation. GitHub-filed CVEs (CNA GitHub_P, GitHub_M) are attributed to Microsoft.
CVEs filed under a vendor's own CNA will be attributed to that partner regardless of how the finding was originally discovered, as the CVE record itself does not capture the discovery method.
Each CVE record may include a credits field listing the researchers or organisations acknowledged by the vendor. These names are displayed as small pills next to the CVE ID on partner pages, so you can see who was credited for each finding without leaving the dashboard.
We are aware that some of the CVEs counted toward a vendor include findings from external researchers unaffiliated with that vendor. In practice this introduces only a small error in the overall counts, since the majority of self-filed CVEs credit the vendor's own security team or coordinated disclosure participants. We are exploring possibilities of filtering out externally credited findings to tighten the signal, but have not yet implemented a reliable heuristic for doing so.
All CVE data originates from the CVEProject/cvelistV5 repository, maintained by MITRE and the CVE Program. This is the authoritative public record of all assigned CVEs. Data is used under the CVE Program terms. No proprietary or private vulnerability data is used.