Anthropic’s Claude Mythos Uncovers 10,000 Critical Vulnerabilities in One Month
Anthropic’s Glasswing project has made a significant impact by identifying 10,000+ critical flaws across 1,000 open-source projects within a single month. Only 97 patches have been addressed so far.
Key Findings:
- Over 10,000 high or critical severity vulnerability candidates were found in various systemically important software.
- 1,726 validated true positives and 1,094 confirmed high or critical flaws.
- A critical flaw in WolfSSL (CVE-2026-5194) allows attackers to forge certificates, posing risks to IoT devices, automotive systems, and industrial control environments.
The Challenge and Call to Action:
Anthropic emphasizes the substantial gap between vulnerability discovery and patch remediation rates. Their Claude Mythos Preview model, a frontier with specialized source code analysis capabilities, can identify flaws at an unprecedented pace. This presents a significant challenge for cybersecurity as the rate of discovery outpaces remediation.
The company urges developers to streamline patch cycles and prioritize quick security updates. Oracle has already transitioned to monthly patches, while Microsoft expects a continued increase in monthly patch releases.
Glasswing Partnership:
Glasswing operates through a restricted partnership model, providing access to Claude Mythos Preview to approximately 50 important cyber defenders. XBOW, an offensive security platform, praised the model’s superior performance in finding vulnerability candidates and its ability to analyze source code with a security focus.
Beyond vulnerability discovery, the model aids in threat modeling and prevented a $1.5 million fraudulent wire transfer for a Glasswing partner bank by detecting and stopping spoof phone calls after an attacker breached a customer’s email account.