Anthropic's Mythos AI Finds 10,000 Vulnerabilities in One Month

Key Takeaways

• Claude Mythos Preview has found over 10,000 vulnerabilities in its first month, with most partners discovering hundreds of critical or high-severity bugs each
• Partners report a 10x increase in bug-finding rates compared to previous methods
• Anthropic is withholding public release of Mythos because no company has built adequate safeguards against misuse

Anthropic just published the first progress report on Project Glasswing, its AI-powered cybersecurity initiative. The numbers are striking. In one month, the company's unreleased Claude Mythos Preview model has helped partners identify more than 10,000 vulnerabilities across their software.

The initiative launched in April 2026 with a simple premise: use AI to find security flaws before attackers do. Based on the early results, it's working. Anthropic reports that most partners have "each found hundreds of critical- or high-severity vulnerabilities" using the model. Partner organizations are finding bugs at ten times their previous rate.

Partner Results Paint a Clear Picture

The individual partner numbers tell the story. Cloudflare found 2,000 bugs, with 400 rated high or critical severity. Mozilla reported finding and fixing 271 vulnerabilities in Firefox. That's ten times more than what Mozilla found in an older browser version using a previous Claude model.

Microsoft's involvement explains a trend users have noticed. The company recently announced that its patch releases will "continue trending larger for some time." The reason: bugs discovered through Mythos Preview.

Anthropic also turned the model loose on open-source software. Scanning 1,000 open-source projects over the past few months, Mythos Preview identified 23,019 vulnerabilities total. Of those, 6,202 were rated high or critical severity.

The Remediation Bottleneck

Finding bugs is only half the problem. Fixing them is the other half, and that's where things get complicated.

“The bottleneck in cybersecurity has fundamentally shifted from discovery to remediation.”

— Anthropic Security Lead, Internal Report May 2026

When an AI can find vulnerabilities ten times faster than before, engineering teams face a new challenge. They now have ten times more bugs to patch. The rate of discovery has outpaced the rate of repair.

Security researchers have noted this shift. One research firm recently claimed it found a way to breach macOS using Mythos' bug-finding capabilities. Apple's operating system is known for tight security. That a research tool could help identify a path through those defenses shows both the power and the risk of these models.

Why Anthropic Won't Release Mythos to the Public

Anthropic is keeping Mythos Preview under wraps for now. The company explained that no organization, including itself, has developed safeguards strong enough to prevent misuse of models this capable.

A model that finds security flaws faster than any human team can patch them is a double-edged sword. In the hands of defenders, it's a powerful tool. In the wrong hands, it becomes a weapon.

The company plans to release "Mythos-class models" eventually, but only after adequate safeguards exist. For now, access remains limited to vetted partners.

Expanding Access Through Government Partnerships

Anthropic is working with the US government and other governments to expand Project Glasswing's reach. This marks a potential turning point in the company's relationship with federal agencies.

The current partner list includes major players across tech and finance: Amazon Web Services, Apple, CrowdStrike, Google, JPMorganChase, NVIDIA, and Palo Alto Networks. Microsoft, Mozilla, and Cloudflare round out the group.

Anthropic's Financial Position

Project Glasswing arrives as Anthropic approaches profitability for the first time since its 2021 founding. The Wall Street Journal reports the company is on track for $10.9 billion in revenue with $559 million in operating profit for the quarter ending in June.

The company doesn't expect to stay profitable in following quarters. Anthropic plans to reinvest in computing resources and other infrastructure. Building and running models like Mythos Preview is expensive.

Frequently Asked Questions

What is Claude Mythos Preview?

Claude Mythos Preview is Anthropic's unreleased AI model designed for security vulnerability detection. It powers Project Glasswing and has found over 10,000 vulnerabilities in its first month of operation with vetted partners.

Why won't Anthropic release Mythos to the public?

Anthropic says no company has developed safeguards strong enough to prevent misuse of models this capable. A tool that finds vulnerabilities faster than teams can patch them could become a weapon if used by attackers.

Which companies are using Project Glasswing?

Current partners include Amazon Web Services, Apple, CrowdStrike, Google, JPMorganChase, Microsoft, Mozilla, NVIDIA, Palo Alto Networks, and Cloudflare.

How much faster is Mythos at finding bugs?

Partners report a 10x increase in vulnerability detection rates. Mozilla found ten times more bugs in Firefox 150 using Mythos compared to previous methods.

What is the remediation bottleneck?

The remediation bottleneck refers to the problem where AI discovers vulnerabilities faster than engineering teams can patch them. Discovery is no longer the limiting factor. Fixing the bugs is.

Source: Engadget