Overview
- Anthropic disclosed Friday that Project Glasswing partners using the Claude Mythos Preview identified more than 10,000 high‑ or critical‑severity software vulnerabilities in about one month.
- Independent reviewers sampled 1,752 high‑severity candidates and judged roughly 90.6% to be valid, with 1,094 confirmed as high‑ or critical‑severity, showing a high true‑positive rate for the model’s findings.
- Despite many validated bugs, fewer than 100 confirmed patches had been deployed at the time of reporting, leaving vendors and open‑source maintainers strained by a fast‑moving discovery pipeline.
- Mythos has produced verifiable fixes and CVEs for some flaws — for example wolfSSL’s CVE‑2026‑5194 and long‑undetected bugs in OpenBSD and FFmpeg — and one Glasswing partner used the model to stop a fraudulent $1.5 million wire transfer.
- Anthropic limits access through Project Glasswing, has pledged up to $100 million in compute credits and grants for open‑source security, and is negotiating controlled expansion while regulators and governments press for faster coordination and stronger safeguards.