Anthropic выявила свыше 10 тысяч критических уязвимостей в мировом ПО
Anthropic запустила закрытый cybersecurity-проект Glasswing для поиска уязвимостей в критичном ПО по всему миру. За первый месяц найдено свыше 10 тысяч кандидат
Anthropic uncovered the scale of a problem that the information security world has long underestimated. Its cybersecurity project Glasswing discovered over 10,000 critical vulnerabilities in systemically important software in just one month. Of these, 1,094 were confirmed as real, high-severity threats.
The Scale of the Problem
Glasswing was launched as a limited initiative by Anthropic. In one month of operation, the system identified over 10,000 vulnerability candidates in critical software used worldwide. 1,726 true positives were confirmed. Another 1,094 were classified as high- or critical-severity — requiring urgent remediation. This is not just statistics. It is an acknowledgment that the software upon which the internet and critical infrastructure depend is full of serious flaws that no one has systematically patched.
What Vulnerabilities Were Discovered
- Critical bugs in system libraries and network services
- Authentication and authorization problems
- Memory leaks, buffer overflows, race conditions
- Incorrect configurations in popular open-source projects
- Input handling vulnerabilities
Anthropic uses Claude for large-scale code analysis. The model is capable of quickly scanning large codebases and identifying potential problems — work that would take humans years to audit. AI does not replace a security expert, but significantly accelerates detection.
The Problem of Remediation Speed
The main challenge: discovering a vulnerability is only half the battle. It still needs to be fixed, tested, and patched. If AI identifies vulnerabilities faster than developers can close them, a security debt builds up. Anthropic clearly hopes that public disclosure of this statistic will push the global development community to take code protection more seriously. But there is a risk of a backfire effect: the figure of 10,000 vulnerabilities may frighten rather than motivate.
What This Means
AI systems are now capable of auditing code at a scale and speed inaccessible to humans. This changes the security game. But the development community must accelerate in fixing identified problems, or we will live with a growing number of known but unfixed vulnerabilities in critical software.