Anthropic opened Claude Security to public beta for all Claude Enterprise customers on April 30, giving engineering teams an AI-powered codebase scanner that identifies vulnerabilities without requiring API setup or custom agent builds — and that same week, IBM joined the company's elite Project Glasswing consortium as the cumulative tally of critical software flaws found by the program crossed 10,000. Those three developments together mark the clearest picture yet of Anthropic's two-track strategy in enterprise security: a broadly available tool for production codebases today, and a gated frontier-model program for the most sensitive systemic infrastructure work.
AI Vulnerability Scanner Moves From Preview to Production
Claude Security had been in a restricted research preview since February 20, when Anthropic's Frontier Red Team ran an earlier version of the tool across open-source production codebases and surfaced more than 500 vulnerabilities — including flaws that had survived years of expert review and automated scanning without detection.
The public beta, available directly from the Claude.ai sidebar or at claude.ai/security, runs on Claude Opus 4.7 — the company's strongest publicly available model for vulnerability detection. Enterprise administrators enable it from the admin console and point the scanner at a full repository, a specific directory, or a designated branch. No API wiring or custom agent construction is required.
The tool's core proposition is methodological: where traditional static application security testing tools match code against catalogued vulnerability signatures, Claude Security reasons over code behavior. It traces data flows across files and modules, examines how components interact under edge-case conditions, and flags vulnerabilities that only emerge from understanding business logic — the class of bug that rule-based pattern matching reliably misses. A Center for Strategic and International Studies analysis by researcher Peter Dohr described the approach as representing "a structural shift" in application security. Each finding passes through an adversarial verification pipeline in which the model challenges its own result before surfacing it to an analyst, with a confidence score attached to reduce false-positive rates.
The two months of closed preview also generated a feature list shaped by early adopter feedback. Scheduled scans automate recurring coverage across repositories. Directory-level targeting focuses analysis on specific modules rather than entire codebases. Findings can be exported as CSV or Markdown, and webhooks push results to Slack, Jira, and other tools already in a team's workflow. Dismissed findings carry documented reasons, creating an audit trail that future reviewers can trust.
Access for Claude Team and Max plan customers is expected to follow the Enterprise rollout.
Project Glasswing: 10,000 Critical Flaws, One Bottleneck
Running in parallel with the Claude Security public beta is Project Glasswing, the coordinated security consortium Anthropic launched on April 7. Unlike the broadly available Claude Security, Glasswing grants approximately 50 vetted partner organizations access to Claude Mythos Preview — a frontier model not available to the public — specifically for defensive vulnerability research and coordinated disclosure work.
The original twelve named partners at launch included Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. IBM joined the consortium on May 19 as the group expanded to roughly 50 organizations in total. Rob Thomas, IBM's senior vice president of software and chief commercial officer, said the collaboration has involved hardening IBM's own products and contributing vulnerability fixes back to the open-source community, adding that the partnership "makes the entire ecosystem stronger."
By the first quantified update, published May 22, the results were striking. Glasswing partners had identified more than 10,000 high- or critical-severity vulnerabilities across systemically important software. Across 1,000-plus open-source projects scanned, Anthropic found 23,019 total issues, of which 6,202 were high or critical severity. Six independent security research firms assessed 1,752 of those findings and confirmed more than 90 percent as validated true positives.
One specific finding has been publicly disclosed: a certificate-forgery vulnerability in wolfSSL, an open-source cryptographic library used by billions of devices, assigned CVE-2026-5194. Claude Mythos Preview both discovered the flaw and constructed a working exploit that would allow an attacker to host a convincing fake website for a bank or email provider. The vulnerability has been patched.
Cloudflare and Mozilla have separately announced hundreds of vulnerabilities discovered through Glasswing deployments. Mozilla patched 271 flaws in Firefox 150 identified with Mythos' assistance.
How Claude Security Compares to Incumbent Scanners
The launch lands in a contested market. GitHub Advanced Security, Snyk, Semgrep, Veracode, and Checkmarx — among others — have layered AI-assisted features onto established scanning foundations. The CSIS analysis noted significant structural limitations that enterprise buyers should weigh. Claude Security operates at the source-code analysis stage and cannot determine whether a vulnerability is exploitable in a live environment, since security failures also arise from system configuration, authentication processes, and infrastructure dependencies that source-code analysis cannot observe. Like all large language model systems, it is subject to hallucinations and operates within context-window constraints that can reduce accuracy on very large or highly complex codebases.
The tool also carries a class of risk researchers have documented across AI-powered coding agents: in April 2026, security engineer Aonan Guan and Johns Hopkins researchers Zhengyu Liu and Gavin Zhong publicly disclosed a prompt injection vulnerability in the related claude-code-security-review GitHub Action. The technique — dubbed "Comment and Control" — could allow an attacker to embed malicious instructions in a pull request title and cause the agent to exfiltrate API keys into publicly visible logs. Anthropic initially rated it CVSS 9.4 Critical before partially mitigating the issue. The vulnerability is specific to the GitHub Action integration, not to Claude Security's core scanning product, but it illustrates the class of adversarial risk that CSIS and others have flagged for AI-driven code analysis tools more broadly.
Mitch Ashley, vice president and practice lead for software lifecycle engineering at the Futurum Group, described the potential differently: reasoning across data flows and component interactions compresses the scan-find-fix cycle into a single session, eliminating the ticket-queue handoffs that traditionally added days to application security workflows.
Patching Has Become the Bottleneck
The Glasswing results have surfaced a structural tension that neither Anthropic nor its partners fully anticipated at launch. Discovery is no longer the constraint. Patching is.
Daniel Stenberg, the founder and lead developer of cURL, warned that even improved AI-generated vulnerability reports add significant load on volunteer maintainers already operating beyond capacity. Anthropic's own update confirmed the dynamic: some open-source maintainers have asked the company to slow the pace of disclosures because they need more time to design and deploy fixes. On average, a high- or critical-severity bug found by Mythos Preview takes two weeks to patch. Of the 530 high-critical vulnerabilities disclosed to maintainers as of the May update, just 75 had been patched and publicly disclosed — a ratio that reflects the 90-day coordinated disclosure window still in progress, the uneven distribution of maintainer capacity, and the sheer volume of reports.
Anthropic has committed $4 million to the Open Source Security Foundation's Alpha-Omega project to help maintainers process and triage the volume of reports. The company also acknowledged the deeper challenge: the relative ease of finding vulnerabilities compared with the difficulty of fixing them represents a structural problem for the entire software security ecosystem — not merely an organizational one for Glasswing's partners.
The Glasswing coordinated disclosure policy sets a standard 90-day window, keeping vulnerability details private until a patch is available or the window closes. That timeline was designed around human-speed discovery; it now represents a period during which AI-enabled attackers could, in theory, find the same flaw independently.
Milan Office Anchors European Enterprise Push
The Claude Security and Glasswing announcements coincided with Anthropic opening its sixth European office in Milan on May 28. The Milan team will work with Italian companies, developers, and research institutions on deploying and scaling Claude responsibly, according to the official announcement.
The expansion follows offices in London, Dublin, Paris, Munich, and Zurich — all opened within the past twelve months as the company's EMEA revenue increased more than nine times year-over-year. Chris Ciauri, Anthropic's international managing director, described Italy as a natural progression after France and Germany, citing the country's industrial base in financial services, advanced manufacturing, luxury goods, and pharmaceuticals as a strong fit. The London office is set to expand to 800 employees.
As the EU AI Act entered its enforcement phase in early 2026 — carrying penalties of up to €35 million or seven percent of global revenue for non-compliance — European enterprises in regulated sectors face increasing pressure to demonstrate that AI systems they deploy meet continental legal standards. Having locally embedded staff is increasingly a prerequisite for winning and retaining that business.
Frequently Asked Questions
What is Claude Security and who can use it today?
Claude Security is Anthropic's AI-powered codebase vulnerability scanner, available in public beta for Claude Enterprise customers. It scans repositories using Claude Opus 4.7 to detect vulnerabilities — including business logic flaws that pattern-matching tools miss — and generates patch suggestions for human review. Team and Max plan access is expected to follow. Administrators enable it from the Claude admin console and access it at claude.ai/security.
How does Claude Security differ from traditional SAST tools?
Traditional static application security testing tools match code against catalogued vulnerability signatures, which works well for known vulnerability classes but misses context-dependent flaws. Claude Security reasons over code behavior — tracing data flows across files and components — and applies an adversarial self-verification step that assigns a confidence score to each finding. According to a Center for Strategic and International Studies analysis, the tool still has structural limits: it cannot assess runtime exploitability, is subject to large language model hallucinations, and can be vulnerable to prompt injection on untrusted repositories.
What is Project Glasswing and why is IBM joining significant?
Project Glasswing is Anthropic's invitation-only security consortium that grants vetted organizations access to Claude Mythos Preview — a frontier model not publicly available — for vulnerability research and coordinated disclosure. As of late May 2026, roughly 50 partner organizations had used the program to identify more than 10,000 high- or critical-severity flaws in critical software. IBM's addition on May 19 brought its X-Force security researchers and presence across more than 175 countries into the coalition, reinforcing coverage of financial services and hybrid cloud infrastructure.
Why is open source vulnerability patching falling behind AI-powered discovery?
AI tools like Claude Mythos Preview can now identify critical vulnerabilities at a pace that vastly outstrips the capacity of volunteer open-source maintainers to review and patch them. Anthropic's May 2026 Glasswing update reported that some maintainers have asked the company to slow its disclosure rate because the average fix takes two weeks. Of 530 high-critical flaws disclosed, only 75 had been patched at the time of reporting — a ratio that illustrates what Anthropic described as a major challenge for cybersecurity distinct from the question of discovery itself.
ⓒ 2026 TECHTIMES.com All rights reserved. Do not reproduce without permission.
