Mythos found more than 10 thousand vulnerabilities in one month

The company stated that the speed in discovering vulnerabilities has grown exponentially. “Progress in software security used to be limited by how quickly we could find new vulnerabilities. Now, it is limited by how quickly we can scan, disclose, and fix the large number of vulnerabilities found by AI,” he wrote.

Project partners include companies such as Cloudflare, Mozilla, Oracle, Palo Alto Networks, Amazon Web Services, Apple, Google, Nvidia, JPMorgan Chase and CrowdStrike.

Cloudflare reported finding around 2,000 bugs using Mythos Preview, including 400 considered critical or high severity. Mozilla reported the identification and correction of 271 vulnerabilities in Firefox during tests with the model (a number more than ten times higher than that recorded in previous versions of the browser analyzed with other Claude models).

According to Anthropic, several partners reported a more than tenfold increase in the failure detection rate.

The company also claims that the model directly influenced the increase in the volume of security updates released by technology giants. Microsoft, for example, had already warned that its patch packages would continue to grow “for some time”.

Claude Mythos will not be released to the public

Despite the positive results, Anthropic reported that it does not intend to release the Mythos Preview to the public at this time. The company claims that there are still no safeguards robust enough to prevent the malicious use of models of this type.

The developer says it intends to work with governments (including the United States and allies) to scale up Project Glasswing while developing protection mechanisms before launching “Mythos-class models” commercially.

The fear is that highly advanced flaw detection tools could also be used to accelerate large-scale cyberattacks.

“Glasswing helps the most important cyber defenders gain an asymmetric advantage,” the company said. “But there is an urgent need for as many organizations as possible to strengthen their cyber defenses.”

Open source AI has become the target of new analyzes

In addition to its partners’ corporate systems, Anthropic revealed that it used Mythos Preview to analyze more than a thousand open source projects used widely in internet infrastructure.

• According to the company, the system identified 23,019 possible vulnerabilities, of which 6,202 were initially classified as critical or high severity;
• After validation processes conducted by Anthropic itself and independent security companies, 1,587 vulnerabilities were confirmed as true;
• Of these, 1,094 actually had high or critical severity.

One of the cases cited by the company involves the wolfSSL encryption library, used on billions of devices. Mythos Preview found a vulnerability that would allow digital certificates to be forged, opening space for attacks capable of simulating legitimate bank or email provider websites. The flaw has already been fixed and received the identifier CVE-2026-5194.

According to Anthropic, the main bottleneck now is no longer in discovering problems, but in the human ability to validate, report and correct the flaws found by AI.

The company also revealed that Mythos Preview has already started to be used in addition to searching for software flaws. According to the company, a Glasswing partner bank used the system to detect and prevent a fraudulent transfer of US$1.5 million after criminals compromised a customer’s email account and made fake phone calls.

The developer also announced new AI-based security tools for Claude Enterprise enterprise customers, including automated systems for analyzing code, identifying vulnerabilities, and generating remediation suggestions.