Anthropic's Claude Mythos identified 10,000 significant vulnerabilities within a single month. The patches are unable to keep pace.

      TL;DR: Anthropic’s Glasswing project identified over 10,000 critical vulnerabilities in 1,000 open-source projects within a month, yet only 97 have been addressed.

      On Friday, Anthropic revealed that its restricted cybersecurity initiative, Project Glasswing, has detected more than 10,000 high- or critical-severity vulnerability candidates in some of the most important software globally since its launch a month ago. Of these, 1,726 have been confirmed as true positives, with 1,094 classified as high- or critical-severity flaws. However, only 97 have been patched.

      The significance of this disparity is noteworthy. Anthropic’s Claude Mythos Preview, an advanced model specifically designed to identify vulnerabilities in source code, finds flaws at a speed that the open-source community is unable to keep up with. The 6,202 high- or critical-severity candidates affect over 1,000 open-source projects, with 88 advisories issued. The pace of discovery vastly outstrips the rate at which vulnerabilities are fixed.

      Anthropic acknowledged the major challenge this presents for cybersecurity, highlighting that it is much easier to find vulnerabilities than to resolve them. The company is pressing software developers to accelerate patch cycles and ensure security fixes are delivered promptly. Oracle has transitioned from quarterly to monthly patch releases in response to this issue, while Microsoft has noted that it expects the number of monthly patches to keep increasing for the foreseeable future.

      A key discovery includes a critical flaw in WolfSSL (CVE-2026-5194, CVSS score 9.1), a commonly used embedded TLS library, which could enable an attacker to forge certificates and impersonate legitimate services. This vulnerability is particularly concerning as WolfSSL is utilized in IoT devices, automotive systems, and industrial control environments, where the implications of certificate forgery exceed typical web security issues.

      Glasswing operates on a restricted partnership basis, granting access to about 50 organizations that Anthropic has designated as the most crucial cyber defenders. The model is not available to the general public. XBOW, an autonomous offensive security platform, praised Mythos Preview as a significant advancement, noting it is much more effective than previous models in finding vulnerability candidates and adept at analyzing source code from a security standpoint. According to Cloudflare’s assessment, the model excels at converting individual vulnerabilities into comprehensive attack chains, which is advantageous for defenders building threat models but potentially perilous if misused.

      The defensive capabilities extend beyond merely discovering vulnerabilities. For instance, a partner bank leveraged Claude Mythos to identify and thwart a fraudulent $1.5 million wire transfer after an attacker compromised a customer’s email account and made fake phone calls. The model detected the fraudulent behavior before the transfer occurred, emphasizing Anthropic’s claim that frontier AI models can provide significant advantages to defenders, but only when access is limited to organizations capable of responsible usage.

      The timing corresponds with a broader uptick in AI-related security disclosures. Cyera’s Claw Chain vulnerabilities in OpenClaw, revealed earlier this month, illustrated how attackers can exploit an AI agent's own sandbox privileges. Koi Security’s audit of ClawHub uncovered 341 malicious entries among 2,857 available AI agent skills. This trend indicates that AI is both creating new attack surfaces and offering enhanced tools to identify weaknesses in existing systems, raising the question of which side progresses more rapidly.

      Anthropic has initiated a Cyber Verification Program allowing vetted security professionals to use Claude without restrictions for valid purposes such as vulnerability research, penetration testing, and red teaming. OpenAI has launched a similar initiative called Daybreak, providing access to GPT-5.5-Cyber. Neither Mythos Preview nor GPT-5.5-Cyber is publicly available due to concerns regarding the lack of adequate safeguards against large-scale misuse.

      The competitive landscape between Anthropic and OpenAI in cybersecurity is becoming more intense. Both companies are marketing their advanced models as vital infrastructure for national and corporate cyber defense, while simultaneously limiting access to curb offensive uses. The dual-use nature of this technology poses a policy dilemma that neither organization has fully addressed: if models with Mythos-level capabilities become widely accessible, as Anthropic acknowledges is likely imminent, the current approach of restricting access to 50 trusted partners will be untenable.

      Anthropic’s publicly available Claude models are already some of the top coding assistants available. The difference between Mythos and the public Claude is diminishing with each update. Anthropic is urging organizations to prepare for a future where these capabilities are broadly accessible by strengthening network configurations, enforcing multi-factor authentication, and maintaining thorough logs for detection and response.

      In just one month, 10,000 vulnerability candidates have been identified through 50 partners using a single model. The software ecosystem now has a tool capable of identifying flaws quicker than developers can resolve them, representing both a significant opportunity and a substantial challenge. Anthropic refers to Glasswing as an asymmetric advantage for defenders, which it indeed is, but such advantages are often temporary