Project Glasswing: 10,000 vulnerabilities, GitHub Gartner Leader, Mistral acquires Emmi AI

Two highly dense days for the AI ecosystem: Anthropic publishes the first report on Project Glasswing with figures that rewrite the scale of vulnerability detection, GitHub Copilot earns its third consecutive Gartner Leader title while OpenAI joins the same podium with Codex, and Mistral makes a strategic acquisition in industrial AI. On the developer tools side, Gemini CLI 0.43.0, Antigravity 2.0.6, and Bumblebee enrich a rapidly heating ecosystem.

Project Glasswing — 10,000 vulnerabilities detected in one month

May 22 — One month after the launch of Project Glasswing, its collaborative cybersecurity initiative involving around fifty partners and the Claude Mythos Preview model, Anthropic publishes a first report whose figures exceed initial expectations.

“Last month we launched Project Glasswing, our collaborative AI cybersecurity initiative. Since then, we and our partners have found more than ten thousand high- or critical-severity vulnerabilities in essential software.” — @AnthropicAI on X

The results are striking in several respects. Cloudflare, one of the partners, found 2,000 bugs on its own — including 400 of high or critical severity — with a false positive rate lower than that of human testers. On the open source side, Anthropic used Mythos Preview to scan more than 1,000 projects, identifying 6,202 estimated high- or critical-severity vulnerabilities (out of 23,019 in total). Of 1,752 vulnerabilities assessed by independent firms, 90.6% turned out to be true positives — a rate that validates the model’s reliability on this type of task.

Mozilla illustrates the acceleration: Firefox 150 revealed 271 vulnerabilities, ten times more than Firefox 148 with the previous methods.

Metric	Value
High/critical vulnerabilities (partners)	10,000+
Open source projects scanned	1,000+
Open source high/critical vulnerabilities (estimate)	6,202
True positive rate (independent evaluation)	90.6%
Cloudflare bugs (including high/critical)	2,000 (400)
Firefox 150 vs Firefox 148 bugs	271 vs ~27 (×10)
Vulnerabilities fixed via Claude Security (3 weeks)	2,100+

Three new features accompany this report. Claude Security moves into public beta for Enterprise customers: in three weeks, the tool powered by Claude Opus 4.7 has already fixed 2,100+ vulnerabilities. The Cyber Verification Program opens model access without certain restrictions for legitimate security professionals. Finally, Anthropic is sharing with its partners the scanning tools it developed: a sub-agent scanning harness, a threat model builder, and a Skills library.

One noteworthy point should be emphasized: detection has become so fast that the real bottleneck is now remediation. Some open source maintainers asked Anthropic to slow the pace of its disclosures, due to insufficient human capacity to deploy fixes.

The UK’s AI Security Institute confirms it: Mythos Preview is the first model to solve their two families of cyberattacks end to end.

🔗 Project Glasswing report — Anthropic

GitHub Copilot — Gartner Enterprise AI Coding Agents Leader for the 3rd consecutive year

May 22 — GitHub Copilot is recognized for the third year in a row as a Leader in the Gartner Magic Quadrant for Enterprise AI Coding Agents. The article by Mario Rodriguez, GitHub’s CPO, lays out a paradigm shift that Gartner quantifies directly.

“By 2028, asynchronous AI coding agent workflows will improve software engineering team productivity by 30% to 50%, surpassing the 0% to 20% gains from AI code assistants in 2025.” — Gartner, cited in the GitHub report

This figure (+30 to 50% versus 0-20% today) illustrates the gap between point assistance and asynchronous agentic work. Rodriguez puts it another way: the bottleneck is no longer code generation, but delivery — review, security, governance, and deployment.

GitHub Copilot’s positioning in this report rests on its coverage of the Software Development Life Cycle end to end. Not just autocomplete or function generation, but code review, vulnerability detection, governance, and deployment. The article describes a new way of working: a developer assigns a task to an agent on an issue, walks away, and comes back to review, guide, and validate — rather than coding line by line.

The recognition also rests on GitHub’s ability to ground its improvements in an understanding of how software is actually built on GitHub, which gives it a structural advantage over competitors without that scale of data.

🔗 GitHub blog — Gartner MQ Enterprise AI Coding Agents Leader

Gartner and enterprise: OpenAI Codex joins the Leaders table

May 22 — OpenAI announces its own recognition in the Gartner Magic Quadrant for Enterprise AI Coding Agents 2026. The report evaluates Codex, which now exceeds 4 million weekly users, and is used by Cisco, Datadog, Dell Technologies, and NVIDIA.

Gartner positively assessed four dimensions: agentic software development, enterprise governance, sandboxing, and flexible deployment options. The developer surface covered includes application, IDE extensions, CLI, SDK, and cloud orchestration.

The Cisco example is revealing: the company used Codex to build most of its AI Defense security platform, compressing a delivery timeline from several quarters to a few weeks.

Until June 12, eligible enterprise accounts can benefit from two months of free use for new Codex users.

🔗 OpenAI — Gartner recognition 2026

Mistral acquires Emmi AI — A bet on industrial computational physics

May 22 — Mistral AI announces the acquisition of Emmi AI, an Austrian pioneer in computational physics applied to AI, founded by Johannes Brandstetter. Emmi’s team — more than 30 researchers and engineers — joins Mistral’s Science and Applied AI teams as of May 2026.

Emmi AI has developed large-scale engineering models capable of replacing physical simulations that require several days of computation with real-time results, creating digital twins for industrial asset optimization, and powering AI agents in complex engineering workflows. Target sectors: aerospace, automotive, and semiconductors.

Guillaume Lample, co-founder and Chief Scientist, announces the goal of building “the first complete physics-powered AI software stack,” enabling the solving of technical challenges blocked for decades. Arthur Mensch, CEO, sees it as a way to “cement Mistral’s leadership in industrial AI.”

🔗 Official Mistral announcement — Emmi AI acquisition

DeepSeek — 75% discount on V4-Pro API made permanent

May 22 — DeepSeek makes permanent the 75% promotional discount applied to its V4-Pro API. Initially introduced at the launch of DeepSeek-V4 on April 24 and extended once through May 31, this reduction now applies without a time limit.

We are making our discount permanent! Enjoy building with DeepSeek-V4-Pro and bring your innovative ideas to life! — @deepseek_ai on X

Metric	Price per million tokens
Input (cache hit)	$0.003625
Input (cache miss)	$0.435
Output	$0.87

By comparison, the original non-discounted prices were $0.0145 / $1.74 / $3.48. The 1 million token context window and Thinking/Non-Thinking modes are maintained for both V4-Flash and V4-Pro variants.

🔗 DeepSeek API pricing

Google CLI ecosystem: Gemini CLI v0.43.0 and Antigravity 2.0.6

Gemini CLI v0.43.0 — Surgical edits and session portability

May 22 — Gemini CLI version 0.43.0 brings three practical improvements. Surgical Code Edits steer the Gemini model toward tool edit for precise changes rather than rewriting entire blocks — improving speed and accuracy for targeted edits. Session export and import lets you save a session to a file and re-import it via a new CLI flag, making it easier to resume work across machines or share context. Adaptive token estimation introduces a more accurate calculator for context management during long sessions.

🔗 Gemini CLI changelog

Antigravity 2.0.6 — IDE integration completed

May 22 — Version 2.0.6 of Antigravity, available in phased rollout, adds native integration with Antigravity IDE. This update completes the Antigravity ecosystem announced at Google I/O 2026: after the CLI and SDK released on May 19, the integrated development environment now has its direct connection to the coding agent. Two additional improvements accompany this version.

🔗 Antigravity changelog

Google AI I/O Developer Recap — Ecosystem overview

May 22 — @GoogleAI publishes a structured recap of Google I/O 2026 developer announcements, with 71,000 views. The thread presents the full Antigravity ecosystem (Antigravity 2.0, CLI, SDK, increased limits), AI Studio updates (Vibe Code Android with Kotlin, export to Antigravity, upcoming iOS/Android mobile app), and web/Android tools: Managed Agents in the Gemini API, Android CLI and open source skills, WebMCP in origin trial in Chrome 149, and Chrome DevTools for agents.

🔗 @GoogleAI recap thread

Security and provenance: Perplexity Bumblebee and SynthID

Perplexity — Bumblebee open source

May 22 — Perplexity releases Bumblebee, its internal security scanner written in Go, open source, designed to protect development environments against software supply chain risks. The tool operates in read-only mode — it never touches package managers, never triggers any postinstall scripts — and covers npm, pnpm, Yarn, Bun, PyPI, Go modules, RubyGems, Composer, MCP configurations, VS Code/Cursor/Windsurf/VSCodium extensions, as well as Chrome, Edge, Brave, Arc, and Firefox extensions.

Three scan profiles: baseline (MDM routine), project (targeting a directory), deep (active incident). Perplexity Computer writes the threat catalog updates, which are subject to human review before feeding scans. The launch tweet totals 552,000 views.

🔗 Perplexity blog — Bumblebee open source

SynthID — Partner expansion and built-in detection

May 22 — Google DeepMind announces a dual expansion of SynthID, its imperceptible digital watermark for AI-generated content. On the production side, more partners can now integrate SynthID into their generation workflows. On the detection side, users can verify whether a piece of content was generated by AI directly from the Gemini app or via Google Search, without a third-party tool. This announcement follows the SynthID expansion presented at Google I/O 2026 on May 19.

🔗 SynthID announcement — @GoogleDeepMind

Genspark built on Claude: CTO interview

May 22 — Kay Zhu, CTO and co-founder of Genspark, spoke with Anthropic’s engineering team in an unscripted conversation about building Genspark on Claude. Genspark presents itself as an all-in-one AI workspace built on Claude. The conversation illustrates a concrete case of technical partnership between an AI vendor and its model provider, and underscores how “the right AI partnership changes everything,” in the words of the official tweet.

🔗 Genspark × Anthropic interview

Cohere Command A+ available on Azure AI Foundry

May 22 — Two days after its open source launch (May 20), Cohere Command A+ is available as a Managed Compute offering in Microsoft Azure AI Foundry. The model (218B/25B in MoE architecture, Apache 2.0 license) brings Azure customers: reasoning, multilingual support (48 languages), multimodal understanding, RAG, code, and tool use. This is the first major cloud integration announced for Command A+ since its release.

🔗 Azure announcement — Cohere Command A+

Briefs

Google DeepMind × Singapore — Google DeepMind expands its partnership with Singapore to deploy AI at scale in three areas: scientific discovery, pandemic preparedness, and improved healthcare. 🔗 Source

What it means

Cybersecurity is entering the era of throughput. Project Glasswing’s figures (10,000+ critical vulnerabilities in one month) do not just mark technical performance — they change the structure of the problem. Vulnerability detection is no longer the bottleneck: remediation is what can no longer keep up. This reversal poses an unprecedented question for the software security industry: how do you industrialize patch management at a speed only AI can reach? Perplexity’s Bumblebee and Google DeepMind’s SynthID are part of the same dynamic — security and provenance are becoming infrastructure layers of AI, not optional add-ons.

The Gartner MQ Enterprise AI Coding Agents is drawing a new hierarchy. GitHub Copilot (for the third consecutive year) and OpenAI Codex in the same Leader quadrant mean that competition for enterprise is now being decided across the entire SDLC, not by autocomplete quality. Gartner’s projection — +30 to 50% productivity by 2028 via asynchronous agents — is a strong signal for CIOs and CTOs who are still unsure about the level of adoption. The “assign and come back to validate” paradigm described by GitHub CPO Mario Rodriguez is closer to an organizational shift than to a tool update.

Industrial AI is becoming a strategic differentiator. Mistral’s acquisition of Emmi AI positions the French company in a segment that the major U.S. platforms have not yet saturated: real-time physical simulations for aerospace, automotive, and semiconductors. Cohere Command A+ on Azure Foundry and DeepSeek V4-Pro’s permanent discount illustrate another parallel trend — pressure on API prices is becoming structural, and players that want to survive in the enterprise market must either lower access costs or move up the vertical value chain. Mistral is choosing the latter path.

The CLI agent ecosystem is consolidating quickly. Gemini CLI 0.43.0, Antigravity 2.0.6, and this week’s published Google I/O developer recap show that Google is building a coherent ecosystem around Antigravity — from the terminal to the IDE, as well as the SDK and the cloud. The arrival of WebMCP in origin trial in Chrome 149 is worth watching: if this open standard gains traction for exposing tools to browser agents, it could become a critical interoperability layer among the various players in the agentic market.