Claude Mythos Uncovers 10,000+ Critical Software Flaws in First Month
Summary: Anthropic's Claude Mythos model, deployed under Project Glasswing, scanned more than 1,000 open-source projects in its first month and surfaced over 10,000 high-severity vulnerabilities — with more than 90% confirmed as real.
Key Facts
- 1,000+ open-source projects scanned → 23,019 issues flagged; 6,202 rated high or critical severity
- 6 independent security firms reviewed 1,752 of the critical findings; >90% validated as true positives
- In wolfSSL (a cryptography library on billions of devices), Mythos found a zero-day and generated a working exploit capable of forging certificates for fake bank or email sites
- Anthropic plans to expand Glasswing with US and allied governments, but will not release Mythos-class models publicly until stronger safeguards are in place
Why It Matters
This is the first large-scale demonstration that frontier AI can outpace traditional security tooling in vulnerability discovery. The same capability that makes Mythos a powerful defender also makes access control critical — underscoring why Anthropic is keeping it tightly gated.
Read More
- Anthropic official update — Anthropic
- The Hacker News coverage — The Hacker News