Overview
- Anthropic said late May that Project Glasswing partners using the unreleased Claude Mythos Preview uncovered more than 10,000 high‑ and critical‑severity vulnerabilities in roughly 30 days.
- Access to Mythos remains tightly limited to a curated partner group that includes major U.S. tech and security firms and IBM, and talks with EU officials over testing for European institutions have made minimal progress.
- Independent security firms sampled 1,752 high‑ or critical‑rated findings and reported about a 90.6 percent validation rate for that subset, supporting Anthropic's claim that many discoveries are real and high severity.
- Software maintainers and open‑source projects are overwhelmed by the volume of reports and have asked partners to slow disclosures as vendors struggle to verify, triage, and deploy fixes faster than bugs are found.
- Anthropic has committed substantial resources, including up to $100 million in compute credits and grants to security groups, while regulators and global financial bodies press for coordinated disclosure rules and tighter controls because Mythos can both find and exploit zero‑days.