Anthropic says Claude Mythos Preview found over 10,000 serious security flaws

Anthropic says its unreleased Claude Mythos Preview model has helped Project Glasswing partners find more than 10,000 high- or critical-severity software vulnerabilities in the first weeks of the program. The company says the results show a major shift in cybersecurity, where AI can now find flaws faster than humans can verify, report, and patch them.

The update came through Anthropic’s Project Glasswing report, which describes a defensive effort focused on securing software used across critical infrastructure. The project gives selected partners access to Claude Mythos Preview, a frontier model that Anthropic says can find and help prove complex vulnerabilities.

Anthropic has not released Mythos Preview to the public. Instead, the company is limiting access through Project Glasswing, which includes launch partners such as Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.

What Anthropic found in the first update

Anthropic says most Project Glasswing partners have found hundreds of critical or high-severity vulnerabilities in their own software after one month. Collectively, the group has found more than 10,000 serious flaws.

Cloudflare reported 2,000 bugs, including 400 high- or critical-severity findings, across critical-path systems. The company also said Mythos Preview produced findings with a false-positive rate that its team considered better than human testers.

Mozilla also reported major results. Its Firefox team said Firefox 150 included fixes for 271 vulnerabilities identified during its initial Claude Mythos Preview evaluation, far above the 22 security-sensitive bugs fixed earlier through work with Claude Opus 4.6.

Area	Reported result	Why it matters
Project Glasswing partners	More than 10,000 high- or critical-severity findings	AI-assisted discovery is scaling faster than traditional triage
Cloudflare	2,000 bugs, including 400 high or critical	Large production codebases can generate huge review queues
Mozilla Firefox	271 vulnerabilities fixed in Firefox 150	Browser vendors can use AI to accelerate hardening work
Open source disclosure dashboard	1,596 vulnerabilities disclosed to maintainers	Verification and patching remain the bottleneck

Mythos Preview is not a normal vulnerability scanner

Cloudflare’s own write-up says Mythos Preview works differently from a generic code assistant or traditional scanner. The model can build proof-of-concept tests, combine smaller issues into larger exploit chains, and help researchers decide whether a suspected flaw is reachable.

In Cloudflare’s Project Glasswing analysis, the company said one key change is proof generation. A finding with a working proof takes less time to confirm than a vague report, which matters when teams face thousands of possible bugs.

The UK AI Security Institute also found that recent frontier models are moving quickly on cyber tasks. Its cyber capability analysis says Claude Mythos Preview and GPT-5.5 significantly outperformed earlier trend lines in its narrow cyber test suite.

Open source maintainers face the hardest pressure

Anthropic says its open-source scanning work shows how quickly the process can become limited by human capacity. Finding candidate bugs is now only the first step. Teams still need to reproduce each issue, rate severity, remove duplicates, contact maintainers, create patches, and wait for disclosure windows to close.

The public coordinated vulnerability disclosure dashboard listed 23,019 candidate findings as of May 22, 2026. Of 1,900 findings reviewed by external security firms, 1,726 were confirmed as valid, which Anthropic lists as a 90.8% true-positive rate.

The same dashboard shows the gap between discovery and remediation. Anthropic had disclosed 1,596 vulnerabilities across 281 open-source projects, but only 97 had been patched upstream, and 88 had received a CVE record or GitHub Security Advisory.

• Candidate findings still need human triage before maintainers can act.
• Security firms must reproduce and validate reports before disclosure.
• Maintainers may need weeks to design and ship safe fixes.
• Patch availability does not mean users have installed the fix.
• Disclosure windows now matter more because AI can compress discovery time.

wolfSSL shows why the findings matter

One public example involves CVE-2026-5194 in wolfSSL, a cryptography library used in many devices and embedded systems. Anthropic says Mythos Preview built an exploit for the flaw that could allow forged certificates in certain conditions.

The NVD entry for CVE-2026-5194 describes missing hash, digest size, and OID checks in ECDSA certificate verification. NVD rates the issue as critical under CVSS 3.1 with a 9.1 base score.

The vulnerability affected wolfSSL versions from 3.12.0 up to, but not including, 5.9.1. That example shows why AI-discovered bugs can matter beyond experimental benchmarks, especially when they affect cryptography code that supports real-world systems.

Why Anthropic is keeping Mythos Preview restricted

Anthropic says Mythos Preview has strong dual-use risk because the same abilities that help defenders find bugs can also help attackers build exploits. The company says it does not plan to make the model generally available in its current form.

The restricted rollout through Project Glasswing gives defenders a head start before similar capabilities become widely available. Anthropic has also committed up to $100 million in usage credits and $4 million in donations to open-source security organizations tied to the initiative.

Anthropic says it wants to make Mythos-class models broadly available in the future after stronger safeguards exist. For now, the company is pushing security teams toward controlled defensive use, stronger verification workflows, and faster patch pipelines.

What security teams should do next

The main lesson for security leaders is not that every organization needs direct access to Mythos Preview. The bigger point is that AI-assisted vulnerability discovery will increase the number of real findings that vendors, open-source maintainers, and enterprise teams must handle.

Teams should shorten patch testing windows, prioritize internet-facing and identity-adjacent systems, and improve default hardening. The AI Security Institute’s research also suggests that cyber capability benchmarks can hit measurement limits as models improve, which makes practical defense planning more urgent.

Cloudflare says generic “find bugs in this repository” prompts do not provide enough coverage. Its security harness approach uses scoped tasks, validation agents, architecture context, and parallel review to reduce noise and make findings more useful.

Priority	Action	Reason
High	Patch critical internet-facing systems faster	AI can shrink the time attackers need to find weak points
High	Improve vulnerability triage workflows	Teams will face more real reports and more duplicates
High	Harden default configurations	Good defaults reduce risk when patches lag
Medium	Use MFA and least privilege everywhere	These controls limit damage after exploit attempts
Medium	Collect detailed logs for detection and response	Post-compromise visibility matters when exploitation speeds up

Mozilla’s experience with AI-assisted Firefox hardening also shows that vendors need a full pipeline, not just a model. Teams need deduplication, triage, reproducible tests, security bug tracking, and engineering time to turn findings into shipped fixes.

The public disclosure dashboard makes the same point with numbers. Discovery has accelerated, but remediation still depends on human review, maintainer capacity, patch quality, and deployment speed.

For now, Project Glasswing marks a turning point. AI is no longer only helping developers write code. It is also changing how quickly defenders can find the flaws hidden inside it, and how quickly the industry must respond.

FAQ