Anthropic has launched a coordinated vulnerability disclosure dashboard for its Project Glasswing, highlighting a substantial number of vulnerabilities across open-source software. As of May 22, 2026, the dashboard shows that 1,596 vulnerabilities have been reported across 281 open-source projects. This transparency is important for improving the security of various software applications.
The dashboard also reveals that 97 of these vulnerabilities have been patched, while 88 have received a Common Vulnerabilities and Exposures (CVE) record or a GitHub Security Advisory (GHSA). This initiative offers valuable insights into both the discovery and resolution rates of vulnerabilities, benefiting developers and security teams.
Technical Insights
The dashboard employs a systematic approach in which reported vulnerabilities remain anonymous until the respective maintainers apply fixes. This method helps maintain a positive relationship with upstream developers while also making sure that the remediation process is monitored. Currently, the dashboard lists 1,611 report identifiers, reflecting ongoing efforts to effectively track vulnerabilities.
Importantly, the dashboard notes that the disclosed issues are only a subset of the total vulnerabilities identified by Mythos Preview, emphasizing the role of human triage in this process. Automated findings from tools are enhanced by human review, which can sometimes create bottlenecks in the remediation workflow. This highlights the challenges faced by security teams at scale, where the capacity of reviewers and coordination among maintainers can significantly affect response times.
Importance for Open Source Security
For the open-source community, a public-facing dashboard that aggregates nearly 1,600 reported vulnerabilities serves as a key tool for enhancing transparency. By linking these metrics to CVE and GHSA records, Anthropic seeks to improve the overall security environment for developers and users. These metrics not only illustrate the number of issues identified but also provide insight into the effectiveness of remediation efforts.
The decision to withhold specific project details until fixes are applied is strategic, aimed at preventing early exploit-focused disclosures. This cautious approach makes sure that vulnerabilities remain confidential until a resolution is in place, thus safeguarding users from potential threats.
Future Considerations
Looking ahead, industry observers will closely watch the dashboard for changes in the ratio of patched to disclosed vulnerabilities. The balance between human triage and automated findings will also be scrutinized, along with the responsiveness of maintainers in publishing advisories that correspond with the disclosed identifiers. These metrics will be essential in evaluating the success of the coordinated disclosure initiative.
The launch of this dashboard reflects a growing trend in the industry toward increased transparency and accountability in security practices. While it does not introduce new vulnerabilities or attack vectors, it enhances the understanding of existing issues and their resolutions within the open-source community. As the dashboard develops, it could serve as a model for other organizations aiming to adopt similar practices in their security protocols.