VERIFIEDBy Xavier Rivera· ·1.5 min read
Anthropic's Claude Mythos Finds Over 10,000 High-Severity Flaws
Anthropic's Project Glasswing used Claude Mythos Preview to discover over 10,000 high- or critical-severity vulnerabilities in critical software within one month, yielding 1,094 confirmed high-severity issues and 97 patches. The findings underscore the growing gap between AI-assisted discovery and remediation timelines, prompting calls for faster patching across the industry.
Source:thehackernews.com
Anthropic disclosed on May 23 that its Project Glasswing initiative has uncovered more than 10,000 high- or critical-severity vulnerabilities in widely used software since launching last month. The effort relies on exclusive early access to Claude Mythos Preview, a frontier model granted to roughly 50 partner organizations for defensive security research.
Of the vulnerabilities identified, 6,202 were classified as high- or critical-severity and affected more than 1,000 open-source projects. Validation confirmed 1,726 as true positives, including 1,094 rated high- or critical-severity. One example is CVE-2026-5194 in WolfSSL, a critical flaw with a CVSS score of 9.1 that could enable certificate forgery. The project has resulted in 97 upstream patches and 88 security advisories so far.
Of the vulnerabilities identified, 6,202 were classified as high- or critical-severity and affected more than 1,000 open-source projects. Validation confirmed 1,726 as true positives, including 1,094 rated high- or critical-severity. One example is CVE-2026-5194 in WolfSSL, a critical flaw with a CVSS score of 9.1 that could enable certificate forgery. The project has resulted in 97 upstream patches and 88 security advisories so far.
POST FROM @AnthropicAI· Official Anthropic announcement tweet directly referencing Project Glasswing and Claude Mythos Preview findings, linking to the research update cited in the article
https://x.com/AnthropicAI/status/2057909104090169464
Anthropic noted the disparity between rapid discovery and slower remediation as a core challenge. Partners have reported each finding hundreds of critical or high-severity issues in their own codebases. The model has also assisted a partner bank in detecting and blocking a fraudulent $1.5 million wire transfer stemming from a compromised email account.
Independent evaluations, including from XBOW, describe Mythos Preview as substantially better than prior models at generating vulnerability candidates and analyzing code with a security focus. Anthropic has launched a Cyber Verification Program allowing security professionals to use its models without standard guardrails for authorized vulnerability research and penetration testing. The company urged developers to accelerate patch cycles and adopt faster deployment timelines, citing similar shifts at vendors such as Oracle and Microsoft.
Broader coverage from outlets including Engadget and The Next Web confirms the scale of findings and highlights rising patch volumes across the industry. Anthropic emphasized that while Glasswing provides an asymmetric advantage to key defenders, organizations must strengthen default configurations, enforce multi-factor authentication, and maintain detailed logs to keep pace with AI-driven discovery capabilities.
HELP US IMPROVE
Reader-supported
The Circuitry is a passion project I've always wanted to build, and I love the work behind it.
Running it costs real money. APIs, hosting, time. To keep improving the site and growing this into something useful for everyone, those costs have to be covered.
Any contribution is appreciated. If not, no pressure. Thanks for reading.