10,000 Bugs Later: Anthropic's May 22 Glasswing Update for SaaS Sites

On May 22, 2026 Anthropic published the first formal update on Project Glasswing, the cybersecurity initiative it announced in April. The headline number is that roughly 50 partners using Claude Mythos Preview have found more than 10,000 high or critical severity vulnerabilities in six weeks. The supporting cast includes Cloudflare with 2,000 of its own bugs found and Mozilla patching 271 vulnerabilities in Firefox 150.

That is a one-week step change in the public threat landscape. B2B SaaS marketing sites are not the headline targets in those reports. They are the soft secondary surface that gets exploited when the headline targets harden. This is the action list I am giving Phoenix Studio retainer clients over the weekend.

What Did Anthropic Actually Announce on May 22, 2026?

Anthropic reported that 50 Glasswing partners used Claude Mythos Preview to find more than 10,000 high or critical severity vulnerabilities in six weeks. Cloudflare found 2,000 of its own bugs, 400 of them high or critical. Mozilla patched 271 vulnerabilities in Firefox 150, over ten times the count Firefox 148 caught with Claude Opus 4.6.

The Anthropic framing line is direct. Software security used to be limited by how quickly humans could find new vulnerabilities. The new constraint is verification, disclosure, and patching speed. That is a meaningful inversion of the security model that has held since the mid-2000s.

How Does a Webflow Marketing Site Fit Into the New Attack Surface?

Webflow marketing sites are not the primary target of Mythos-class scanning, but they sit downstream of every third-party tool that is. Your HubSpot forms script, Intercom widget, Segment loader, and any Code Embed pulling from a third-party CDN all expose your site to whatever vulnerabilities those vendors carry. The chain matters more than the surface.

That is why the right reaction for a marketing site is not panic. It is a script inventory. List every third-party script on your site, when it was added, who owns it, and what it does. Sites with under twelve scripts that ship from named vendors are in good shape. Sites with thirty plus scripts including legacy tags from 2023 are the exposure zone.

Which Third-Party Scripts on Your Webflow Site Are Highest Risk?

Three categories rank highest. Anything ingesting user input and posting to a third-party endpoint, like forms that bypass Webflow native and post directly to HubSpot or Marketo. Anything loading JavaScript dynamically based on URL or cookie state, like personalization tags and testing widgets. And any script you cannot identify the source of.

The third category is the one most retainer clients have. There is always one Google Tag Manager container with seventeen tags inside it that nobody on the current team remembers adding. That is your highest-risk script not because of any specific bug but because nobody can answer the question of what it does. Visibility is the first patch.

What Is CVE-2026-5194 in wolfSSL and Why Does It Matter for SaaS?

CVE-2026-5194 is a wolfSSL vulnerability disclosed in May 2026 that lets attackers forge bank certificates under specific TLS configurations. Most B2B SaaS marketing sites do not use wolfSSL directly, but financial-services SaaS that integrates with banking APIs through wolfSSL-dependent libraries are in the exposed chain. The patch path is upstream library updates, not anything in Webflow.

The general lesson matters more than this specific CVE. AI-found vulnerabilities will increasingly hit lower-profile dependencies that were ignored for years because nobody had time to audit them. Your action is not to track every CVE. It is to maintain a vendor list and subscribe to security advisory feeds for each one. Boring discipline, big payoff.

Is Claude Security Public Beta Worth Evaluating for a Solo Webflow Partner?

For most solo partners running marketing sites, not yet. Claude Security in public beta has patched 2,100 plus vulnerabilities in three weeks using Claude Opus 4.7, which is impressive but oriented at codebases with active engineering teams. A typical Webflow marketing site does not have enough custom code to justify a Claude Security retainer over standard third-party script hygiene.

The exception is partners running custom Webflow Apps or Cloud-deployed functions for clients. If your retainer scope includes deployed code beyond the no-code Designer surface, evaluation makes sense in Q3. For pure marketing-site work, the boring fundamentals beat the new tool. The boring fundamentals are documented in my agent-friendly Webflow sites piece.

Should B2B SaaS Sites Stop Running Uncategorised Code Embeds This Quarter?

Yes. If you have Code Embed blocks on your site without an owner, a purpose, and a vendor source, take them down this quarter. That is the single highest-impact action a Webflow B2B SaaS site can take in response to the Glasswing landscape. It costs nothing and removes the largest unknown variable from your security posture.

The Phoenix Studio audit pattern is one CSV file per site listing every Code Embed location, the script source, the original ticket that added it, and the owner name. Anything that cannot be filled in across all four columns gets removed pending investigation. Most sites lose four to seven Code Embeds in the first pass and nobody notices the loss.

What Does the 90.6 Percent True Positive Rate Actually Mean for Vendor Risk?

Anthropic reports that Mythos open-source scanning produced 1,752 high or critical findings that were triaged to 1,587 valid true positives, a 90.6 percent rate. That is dramatically higher than typical static analysis tooling which lands around 30 to 50 percent. The implication is that AI-found vulnerabilities arrive with high enough confidence to act on directly rather than re-triage.

For vendor risk that changes the disclosure cadence expectation. When your CMS vendor, analytics vendor, or chat-widget vendor publishes a security advisory, treat it as confirmed exploitable until proven otherwise rather than the reverse. The patch cadence on your end should be tighter than it was twelve months ago. Weekly patch reviews, not quarterly.

How Should You Communicate AI-Found Patches to Your B2B SaaS Customers?

For B2B SaaS customers, a public security advisory page is the standard. Webflow makes this fast to build with a CMS Collection for advisories, a hub page that lists them, and an RSS feed for subscribers. The content rules are factual, timestamped, and specific about scope. Avoid drama and avoid generic statements that obscure what actually happened.

The cadence I recommend for B2B SaaS is monthly summaries of patched vulnerabilities, with same-day disclosure for anything affecting customer data. That is faster than the standard quarterly cadence most SaaS still runs on, and it is the right answer for a post-Glasswing environment. Procurement teams at your enterprise customers will read it.

What Is the Right Disclosure Cadence for a Webflow Security Advisory Page?

Daily review, weekly batching, monthly publication is the cadence that works for most B2B SaaS marketing teams. Review feeds from named vendors daily. Batch findings into a weekly summary. Publish a monthly advisory page entry with the verified items. Critical findings break the cadence and ship immediately. Everything else follows the schedule.

The Webflow build pattern is a "Security Advisories" CMS Collection with fields for title, published date, severity, affected components, summary, and remediation. Link the Collection page from the footer of every page on the site. That is roughly two hours of build work and demonstrates security maturity that procurement teams credit immediately.

Which Agent Readability Practices Double as Security Practices in May 2026?

Three patterns. First is explicit semantic HTML that any browser, agent, or scanner can parse predictably. Second is documented form validation logic where every input has a stated purpose. Third is Content Security Policy headers that whitelist exactly the scripts and domains your site needs and nothing else. Each pattern hardens both agent traversal and attack surface.

I documented the agent readability layer in my WebMCP setup tutorial and the CSP layer in the CSP headers piece. The two together are most of the practical hardening surface for a Webflow marketing site without bringing in custom server-side code. Start with CSP if you do nothing else.

If you want a Phoenix Studio audit of your specific Webflow site third-party script inventory and the security posture that follows from it, drop me a line. Let's chat.