Overview
- Anthropic says its Mythos Preview scanned more than 1,000 open‑source projects and flagged about 23,019 potential vulnerabilities, with the company estimating roughly 6,200 may be high or critical.
- Project Glasswing partners reported finding more than 10,000 high‑ or critical‑severity flaws in the model’s first month, and independent reviewers have so far confirmed about 1,726 real vulnerabilities from sampled findings.
- The model can do more than flag bugs: Anthropic demonstrated Mythos constructing functional exploits, including a certificate‑forgery flaw now catalogued as CVE‑2026‑5194 in the wolfSSL library.
- Access to Mythos remains tightly limited to roughly 40–50 vetted organizations under Project Glasswing while Anthropic develops guardrails and has released defensive tools such as Claude Security and a Cyber Verification Program.
- Security teams and open‑source maintainers are the bottleneck because triage, coordinated disclosure, and patch development are human tasks that currently lag behind the model’s discovery rate, creating a time window that regulators and firms say must be closed with faster reporting, more resources, and coordinated government and industry action.