By ByteBot
Anthropic’s Claude Mythos scanned more than 1,000 open-source projects and flagged 6,202 high- or critical-severity vulnerabilities. As of late May 2026, maintainers had patched 97 of them — roughly 6%. The rest sit disclosed and unaddressed in your dependency tree right now. On June 2, Anthropic expanded Project Glasswing to 150 more organizations across 15 countries. That number is only going to grow.
What Project Glasswing Is
Project Glasswing launched in April 2026 with roughly 50 partner organizations — Microsoft, Apple, Google, AWS, the Linux Foundation, Cisco, NVIDIA, JPMorgan Chase, Palo Alto Networks. The mission: use Claude Mythos Preview, Anthropic’s unreleased frontier model, to scan critical software for vulnerabilities before the model eventually goes public and those same capabilities land in adversarial hands.
The June 2 expansion added 150 new organizations in sectors that weren’t well represented in the initial cohort: power, water, healthcare, communications, and hardware. These are systems where a successful attack could affect more than 100 million people, according to Anthropic’s own estimates. The countries involved include Australia, Canada, France, Germany, India, Japan, South Korea, and ten more.
What Mythos Actually Found
The numbers are hard to sit with. Mythos scanned over 1,000 open-source projects and flagged 23,019 potential vulnerabilities. Of those, 6,202 were classified as high or critical severity. An independent review of 1,752 findings confirmed a 90.6% true positive rate — this is not a noisy scanner throwing false alarms.
The Firefox case illustrates the depth of what AI-speed analysis can uncover. Mythos found 271 zero-day vulnerabilities in Firefox, all patched in Firefox 150. One exploit chained four separate vulnerabilities into a JIT heap spray that escaped both the renderer sandbox and the OS sandbox. The oldest vulnerability found so far was a 27-year-old bug in OpenBSD, patched earlier this year.
Across the 200 initial Glasswing partners combined, the total has crossed 10,000 high- or critical-severity findings in production infrastructure. These capabilities emerged without explicit security training — Mythos developed them as a side effect of improvements in code understanding and general reasoning.
The Patch Rate Is the Problem
Anthropic disclosed approximately 1,596 vetted findings to maintainers of 281 open-source projects. Of those, 97 have been patched. That’s the number to focus on — not the 6,202 found, but the 97 fixed.
Some maintainers have asked Anthropic to slow its disclosure rate because they cannot absorb the volume. curl maintainer Daniel Stenberg shut down the curl bug bounty program entirely — after seven years and more than $90,000 paid out for 81 verified vulnerabilities, the program collapsed under the weight of AI-generated submissions. HackerOne paused new vulnerability intake in late March for the same reason.
This is a structural problem, not a process problem. Open-source is maintained by individuals and small teams with no slack capacity. AI can now discover vulnerabilities at a rate that human teams cannot triage, let alone patch and deploy. The vulnerability bottleneck moved — it used to be finding bugs; now it’s fixing them.
The Cloud Security Alliance noted that the coordinated 90-day disclosure window was designed for human-speed discovery — not for an AI scanning 1,000 codebases in a month.
What Developers Need to Do Now
Your dependencies probably contain disclosed-but-unpatched Glasswing findings. Here’s what to act on:
- Generate an SBOM. Tools like Syft and Grype inventory your dependencies and cross-check against known vulnerabilities. Make this part of your CI pipeline.
- Don’t rely on NVD alone. The National Vulnerability Database has a documented 65% scoring gap for newer findings. Use OSV.dev or the GitHub Advisory Database alongside it.
- Watch for Glasswing-originated CVEs. Anthropic discloses under 90-day coordinated windows. New advisories will start appearing on the packages you use.
- Shorten your patch cycles. If your internal process takes 60 days to evaluate and deploy a dependency update, fix that before Mythos goes public.
Claude Mythos remains restricted to the Glasswing program for now. Anthropic confirmed a public release “in coming weeks” as of late May, with a staged rollout likely starting on AWS Bedrock. When it lands, the same model will be available to both defenders and eventually everyone else.
The real takeaway isn’t that AI found 6,200 critical vulnerabilities in open-source software. It’s that we built a software ecosystem so structurally fragile that a month of automated scanning could surface decades of accumulated risk — and we have no realistic plan for addressing it at the pace it’s being discovered.
