By ByteBot
Anthropic’s Claude Mythos — the AI model too dangerous to publicly release — has found more than 10,000 high- and critical-severity vulnerabilities in software your stack almost certainly depends on. On June 2, Anthropic expanded Project Glasswing to 150 new organizations across 15+ countries, pulling in power utilities, hospitals, and the hardware and software vendors whose code quietly underlies thousands of other companies’ products. The implication is uncomfortable: those bugs didn’t appear because Mythos scanned for them. They were already there, waiting.
What Mythos Found — And Proved
The scale alone would be notable. Mythos scanned more than 1,000 open-source projects and surfaced 23,019 issues, of which 6,202 were rated high or critical. Across all Glasswing partners, the total hit 10,000+ high/critical findings. Cloudflare alone found 2,000 bugs in its own critical-path systems — 400 of them high or critical — with a false positive rate Cloudflare’s team rated better than its human pen testers. Bug-finding rates across partners increased by more than a factor of ten over human-only baselines.
But the number that matters most isn’t the count — it’s what Mythos did with what it found. This model doesn’t just flag suspicious code patterns. It proves exploitability autonomously, from discovery through working exploit, without human involvement after the initial task prompt.
The clearest example: a 17-year-old remote code execution vulnerability in FreeBSD’s NFS server (CVE-2026-4747). The bug lives in the RPCSEC_GSS authentication handler, which copies attacker-controlled data into a 128-byte stack buffer with a length check capped at 400 bytes — leaving 304 bytes of overflow headroom. Mythos found that an unauthenticated NFSv4 EXCHANGE_ID call leaks the server UUID and NFS daemon start time, enough to reconstruct the kernel host ID without brute force. It then built a 20-gadget ROP chain, split across six sequential RPC packets, that writes its own SSH key to /root/.ssh/authorized_keys. Root access. Seventeen years of human code review missed it. Mythos found and exploited it in hours.
Mythos also chained four browser vulnerabilities into a single exploit with a JIT heap spray that escaped both renderer and OS sandboxes. On Linux, it pulled off a Local Privilege Escalation using a race condition and KASLR bypass — techniques that previously required elite human penetration testers. The cost to run each of these: tens to hundreds of dollars.
Who Gets Access (Not You)
Project Glasswing is not a product. You cannot apply, purchase credits, or sign up. Participation is invitation-only, and Anthropic has been explicit that it will not make Mythos Preview generally available until stronger safeguards exist — this is the first Anthropic model to receive a 244-page System Card without any public release.
The June 2 expansion targets organizations whose failure would affect over 100 million people: power grid operators, water systems, healthcare infrastructure, and the vendors whose codebases run silently inside thousands of downstream products. If your organization maintains critical-path software at that scale, Anthropic’s Project Glasswing page outlines the Cyber Verification Program path for security researchers. Everyone else waits.
That said, Mythos-class capabilities are coming to broader audiences. Anthropic has confirmed it is working on new safeguards tied to an upcoming Claude Opus release, with a timeline of weeks, not months.
The Race That’s Actually Happening
Anthropic’s reasoning for moving fast is explicit: AI gives defenders a narrow window to find and patch vulnerabilities before attackers develop equivalent capabilities. State actors and well-resourced threat groups don’t have public access to Mythos today. They will eventually. The goal is to close the vulnerabilities that Mythos can find before that window closes.
OpenAI is running a parallel program called Daybreak, built on GPT-5.5-Cyber, focused on integrating AI security into the development loop — threat modeling, patch validation, dependency risk. It is more accessible than Glasswing (available via API to verified organizations), but it proves the same point: every major AI lab now treats security as a core product area, not an afterthought.
What Developers Should Do Now
You don’t have Mythos. You still have options. Three steps worth taking immediately:
- Audit your open-source dependencies. Glasswing scanned 1,000 OSS projects and found 6,202 high/critical issues. Run Semgrep or Endor Labs against your dependency tree today. If you maintain a package with significant downstream use, apply for the Cyber Verification Program.
- Treat 90.6% validation as a benchmark. That’s the rate at which independent firms confirmed Mythos’s findings were real vulnerabilities. If your current SAST tooling has a significantly higher false positive rate, you’re spending engineering time on noise instead of signal. SonarQube offers a free tier for open-source projects.
- Watch the Claude Opus release. When Anthropic ships the safeguards bundled with the next Opus model, Mythos-class security capabilities will begin flowing to broader audiences via the Claude API. That is the moment the threat landscape changes for individual developers — in both directions.
The bugs Mythos found in Cloudflare’s stack, in FreeBSD, in every major browser — those were already there. Anthropic’s initial Glasswing update puts the number at 23,019 total issues across 1,000 scanned projects. The question isn’t whether your dependencies have vulnerabilities like these. The question is who finds them first.
