By ByteBot
Anthropic’s Claude Mythos has found more than 10,000 high- and critical-severity vulnerabilities in the software running your operating system, your browser, and your cloud stack. Fewer than 1% have been patched. And Anthropic just doubled the number of organizations scanning for more.
That gap — not the discovery count — is the real story coming out of Project Glasswing’s expansion this week.
150 New Partners, 15 Countries, New Sectors
Announced June 2–3, Anthropic is adding roughly 150 organizations to Project Glasswing, the initiative that gives partners exclusive access to Claude Mythos Preview to find and fix vulnerabilities in critical software. The original cohort of around 50 included AWS, Apple, Google, Microsoft, NVIDIA, and the Linux Foundation. The new wave adds healthcare providers, energy operators, water utilities, communications companies, and hardware vendors — sectors that were not well represented in round one and whose software governments depend on.
New partners must meet security requirements before gaining access. Anthropic intends to expand further still, prioritizing maintainers of critical open-source software and eventually scaling a Cyber Verification Program that would grant Mythos-class capabilities to more organizations for specific cyberdefense tasks.
What Mythos Actually Found
Since Project Glasswing launched April 7, Claude Mythos Preview has generated 23,019 potential findings. External security firms triaged these down to 1,726 candidates; 90.8% were confirmed true positives. The result: 1,094 high- or critical-severity vulnerabilities confirmed across more than 1,000 open-source projects.
The most illustrative example is CVE-2026-5194 in wolfSSL, the C-based cryptography library embedded in IoT devices, automotive systems, and embedded hardware worldwide. CVSS score: 9.3. The flaw allowed attackers to bypass cryptographic digest checks and forge digital certificates — effectively enabling complete identity spoofing. Mythos did not just find it; it engineered a working exploit capable of impersonating a banking domain invisibly.
Cloudflare, one of the original partners, reported that Mythos’s false-positive rate in vulnerability discovery is better than that of human testers.
The Uncomfortable Math
Here’s what the headline numbers do not lead with: of the 1,094 confirmed critical vulnerabilities, only 97 have been patched. That’s roughly 9%. Of 23,000+ total findings, fewer than 1%.
This is not a criticism of the program — it’s a structural reality. The bottleneck in software security has shifted. It used to be finding vulnerabilities. AI solved that. The new bottleneck is the human capacity to triage, report, and patch them.
Many open-source projects are maintained by volunteers and small teams without the budget to process hundreds of vulnerability reports per month. AI-generated bug reports currently take two to eight hours each to triage manually. Some open-source maintainers have already asked Anthropic to slow down disclosures. Quarterly patch cycles, designed for a pre-AI vulnerability landscape, simply cannot absorb the volume.
Mythos Is Not Public — But Something Like It Will Be
Claude Mythos Preview remains restricted. Anthropic is frank about why: no company, including itself, has developed safeguards strong enough to prevent a model at this capability level from being misused. The UK’s AI Security Institute found that Mythos is the first model to fully solve its rigorous corporate network attack simulations, completing 22 of 32 steps on average and achieving full end-to-end compromise in 30% of attempts.
The current public-facing architecture routes sensitive security queries away from Mythos entirely — Fable 5 handles general requests, Opus 4.8 handles high-risk cyber queries.
But Anthropic is explicit: Mythos-class capability will reach general availability, once stronger safeguards exist. The expansion of Glasswing is Anthropic’s attempt to give defenders a head start before that happens.
What You Should Do Now
Anthropic’s explicit ask to developers: shorten your patch cycles and make security fixes available as fast as possible. The 90-day coordinated disclosure norm was calibrated for human-speed vulnerability discovery. That baseline no longer holds.
For teams maintaining software in production — especially open-source libraries or infrastructure others depend on — the practical direction is continuous validation rather than periodic security audits. Anthropic is planning to publish guidance on patching automation, supply-chain security, and SDLC practices to help organizations adapt. Its public CVD dashboard at red.anthropic.com tracks all active disclosures, with hash commitments proving findings exist without exposing their contents before patching is complete.
The gap between what AI can find and what humans can fix is widening. Glasswing is trying to close it on the defender’s side first. Whether patch pipelines and maintainer capacity can keep pace is the open question — and the one every developer with a dependency tree should be thinking about.
Sources: Anthropic, Help Net Security, The Hacker News
