Claude Found 10,000 Zero-Days in Open Source. Only 97 Have Been Patched.
On May 26, Anthropic published an update on Project Glasswing: Claude, working autonomously, has surfaced more than 10,000 high- and critical-severity vulnerabilities across 1,000+ open-source projects.
The number that should actually keep you up at night is smaller: roughly 97. That's how many had been patched upstream when the update went out.
The bottleneck moved
For most of software history, finding vulnerabilities was the slow, expensive part — skilled humans, weeks of effort, one bug at a time. AI just inverted that. A model can now read a million lines of C over a weekend and hand back reproducible crashes with the patience of something that doesn't sleep.
But fixing bugs still runs at human speed, and open source runs on volunteers. The maintainer of that library buried in your dependency tree — the one parsing images or XML on your server right now — may be one unpaid person with a day job. They just received a decade's worth of security reports in a month.
Both sides got the same tool
There's no version of this where only defenders run vulnerability-hunting agents. The same capability, pointed maliciously, finds the same bugs — and attackers don't file responsible-disclosure reports. The window between "discoverable" and "patched" is widening at exactly the moment discovery got automated.
Living with unpatched reality
You cannot patch what hasn't been fixed. What you can do is assume some of your stack is vulnerable at any given moment and build accordingly:
- Layered defenses — WAF rules, network isolation, least privilege — that make a single exploited library a contained incident instead of a breach.
- Monitoring that notices weirdness, not just downtime.
- Backups with tested restores, because the last line of defense is the ability to rewind.
That's been our operating assumption for years — software is always partly broken; design so it doesn't matter. The Glasswing numbers just put a figure on it.
