May 22, 2026

Bugs, bragging, and a big AI tease

Article URL →HN comments →

Project Glasswing: An Initial Update

AI says it found 10,000 software flaws, and the internet is yelling ‘show us’

TLDR: Anthropic says its new AI security effort helped find over 10,000 serious software problems in a month, a huge claim with real stakes for the internet. The community reaction is split between awe and suspicion: some are impressed, while others are loudly demanding proof — and access.

Anthropic’s Project Glasswing dropped a flashy update: in just one month, it says its AI security system and about 50 partners found more than 10,000 serious software flaws in important internet infrastructure. That’s the kind of number that makes headlines — and instantly sends the comment section into full popcorn mode. The company says the bottleneck is no longer finding bugs, but checking, reporting, and fixing them before bad actors can pounce. In plain English: the machine may be spotting problems faster than humans can clean them up.

But the real show is the crowd reaction. One camp is impressed but deeply skeptical, basically saying: cool story, where’s the proof? Commenters zeroed in on the lack of public access and the awkward fact that many of the details are hidden for now because the bugs haven’t been patched yet. That led to a spicy trust-me-bro vibe, with people asking whether this miracle tool is truly unique or if a different model could have done the same job with enough effort.

Then came the conspiracy-flavored jokes and release-demanding chaos. One commenter wondered if the model will suddenly become “safe” to release once more computing power arrives. Another went full action-movie villain, bragging about getting a patched exploit to work and arguing that 100 okay-ish AI helpers could match the big fancy system anyway. And the purest reaction of all? A primal scream from the cheap seats: “BOOO RELEASE THE MODEL ALREADY GAWD.” Subtle, this crowd is not.

Key Points

  • Anthropic says Project Glasswing, launched the previous month, has worked with about 50 partners to find more than 10,000 high- or critical-severity vulnerabilities.
  • The company says AI-assisted vulnerability discovery is now outpacing the capacity to verify, disclose, and patch discovered flaws.
  • Anthropic says it cannot yet fully detail specific findings because standard coordinated vulnerability disclosure timelines delay publication until users can patch systems.
  • Most partners reportedly found hundreds of severe vulnerabilities within one month, and several said their bug-finding rate increased by more than tenfold.
  • Anthropic cites Cloudflare as finding 2,000 bugs, including 400 high- or critical-severity issues, with a false-positive rate Cloudflare judged better than human testers.

Hottest takes

"we still have no data to prove this wasn’t doable" — OsrsNeedsf2P
"I wonder if it coincidentally becomes safe to release" — InsideOutSanta
"BOOO RELEASE THE MODEL ALREADY GAWD" — orangebread

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.