Anthropic plans public release of Mythos AI after discovering 10,000+ security vulnerabilities

Anthropic to release Mythos-class models to the public

Anthropic has revealed its intention to one day release models that match the performance of its Mythos bug-finding AI to the public, once it can make them safe. In case you came in late, in early April Anthropic announced it had developed a model called Mythos that is so good at finding security vulnerabilities in programming code that the company decided to offer it only to select entities because allowing unfettered access would mean cybercriminals could quickly discover and exploit software flaws. That access program is called "Project Glasswing" and participants report it quickly finds many bugs but few that humans couldn't find given enough time and resources. Those with access to Mythos have also sometimes said the quantity of bugs it finds somewhat overwhelms their ability to patch them all. The mere existence of Mythos has sparked a little panic - Japan's government ordered a sweeping security review and Indian authorities demanded a patching spree at financial institutions - plus a general realization that even lesser AI models are also decent bug-finders, meaning cyber-defenders must now expect attackers will weaponize more flaws, more often. No company -- including Anthropic -- has developed safeguards strong enough to prevent such models from being misused Anthropic last week published an "initial update" on Project Glasswing that in its second-to-last paragraph reveals the company's next step will see it "... work with critical partners - including US and allied governments - to expand Project Glasswing to additional partners. And in the near future, once we've developed the far stronger safeguards we need, we look forward to making Mythos-class models available through a general release." The company didn't explain what it means by "near future" and admits that "At present, no company -- including Anthropic -- has developed safeguards strong enough to prevent such models from being misused and potentially causing severe harm." Further illustration of that assertion can be found earlier in the company's post, which reveals that Anthropic has used Mythos to scan more than 1,000 open-source projects that it says "collectively underpin much of the internet - and much of our own infrastructure." To date, Mythos has found an estimated 6,202 high-or-critical-severity vulnerabilities in these projects - and 23,019 flaws in all. The post reveals that when Mythos finds a flaw, Anthropic and its pals in the security community reproduce the issue that Mythos has found and "re-assess its severity." "Once we've confirmed that a vulnerability is real, we check for whether there are already fixes in place, and write a detailed report to the software's maintainers," Anthropic explains. "We take considerable care here: on top of the regular challenges of maintaining open-source software, maintainers have been facing a deluge of low-quality, AI-generated bug reports. Indeed, several maintainers have told us they're currently severely capacity constrained, and some have even asked us to slow down our rate of disclosures because they need more time to design patches." 1,752 of the high-or-critical-rated vulnerabilities Mythos found in FOSS have gone through that process and 90.6 percent (1,587) proved to be valid flaws. Of those, 62.4 percent (1,094) "were confirmed as either high-or-critical-severity," the post states. One of the critical flaws impacted the wolfSSL cryptography library used by billions of devices worldwide. "Mythos Preview constructed an exploit that would let an attacker forge certificates that would (for instance) allow them to host a fake website for a bank or email provider," Anthropic wrote. "The website would look perfectly legitimate to an end user, despite being controlled by the attacker." Thankfully, developers have already patched wolfSSL, and Anthropic said it will deliver a full technical analysis "in the coming weeks." Keep an eye out for CVE-2026-5194 to learn more about this one. Mythos is adding to an already overloaded security ecosystem "75 of the 530 high-or-critical-severity bugs we've reported have now been patched, and 65 of those have been given public advisories," the post states, then explains that low fix rate by revealing Anthropic is "still early in the 90-day window that's set out in our Coordinated Vulnerability Disclosure policy: we expect many more patches to land soon." The company thinks it is also "likely to be undercounting patches because some vulnerabilities are patched without a public advisory." Lastly, the flood of bugs Mythos found "is adding to an already overloaded security ecosystem." Anthropic's suggestion for security teams struggling to develop fixes for bugs AI discovered is, unsurprisingly, more AI such as skills that improve its Claude model's ability to help developers. ®

Anthropic confirms Claude Mythos-class models will roll out to the public

Anthropic has confirmed that it plans to bring Mythos-class models to the general public after delaying the rollout due to security risks to public and private software. Mythos was announced in April as a restricted model and was made available only to select companies, including security researchers. At that time, Anthropic cited major "security" risks with the Mythos model and decided against a public rollout. "The advantage will belong to the side that can get the most out of these tools," Anthropic warned in April when it announced the Mythos model. "In the short term, this could be attackers, if frontier labs aren't careful about how they release these models. In the long term, we expect it will be defenders who will more efficiently direct resources and use these models to fix bugs before new code ever ships." AI companies typically avoid rolling out powerful models until they develop strong guardrails that prevent misuse. It appears that Anthropic has managed to develop strong guardrails to prevent misuse of the Mythos model, which is believed to be far more powerful than Opus 4.8 and other models available on the internet. Anthropic prepares roll out of Mythos model In a blog post, Anthropic confirmed that it plans to release Mythos-class models to the public in the coming weeks, but it has not committed to a specific timeframe. "We're making swift progress on developing these safeguards and expect to be able to bring Mythos-class models to all our customers in the coming weeks," Anthropic said in a blog post. Anthropic says it is already allowing a small number of organizations to use Claude Mythos preview for cybersecurity work, but it is unclear if the same model will be rolled out to the public. According to the company, the Mythos model shows major improvements in code reasoning and autonomy, far above Claude's current flagship model, Opus 4.8. It is also worth noting that the "Mythos-preview" model briefly appeared for some users on Claude Code before it was taken offline.

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most "systemically" important software across the world since the cybersecurity initiative went live last month. Project Glasswing is an effort led by the artificial intelligence (AI) company, as part of which a small set of about 50 partners have obtained access to Claude Mythos Preview, a frontier model with capabilities to find vulnerabilities in widely-used software. Of these vulnerabilities, 6,202 have been classified as high- or critical-severity flaws impacting more than 1,000 open-source projects. Subsequent analysis of these vulnerability candidates has identified that 1,726 are valid true positives. As many as 1,094 flaws are assessed to be either high- or critical-severity. One of the identified weaknesses is a critical flaw in WolfSSL (CVE-2026-5194, CVSS score: 9.1) that could allow an attacker to forge certificates and masquerade as a legitimate service. In all, these efforts have led to 97 findings being patched upstream and 88 advisories being issued. "The relative ease of finding vulnerabilities compared with the difficulty of fixing them amounts to a major challenge for cybersecurity," Anthropic acknowledged. "Confronting this challenge successfully will make our software far safer than before." The development comes as software vendors are shipping more fixes than ever before, driven by a surge in AI-assisted vulnerability discovery, with Microsoft noting that the number of new patches it expects to release on a monthly basis to "continue trending larger for some time." Autonomous offensive security platform XBOW has described Mythos Preview as "a major advance" that's "substantially better than prior models at finding vulnerability candidates" and "adept at analyzing source code with a security mindset." Recent analyses have also found the model to excel at turning vulnerabilities into end-to-end attack chains. Mythos Preview's utility, Anthropic added, goes beyond finding security flaws. In one case, a Glasswing partner bank is said to have leveraged the AI model to detect and prevent a fraudulent $1.5 million wire transfer after an unknown threat actor breached a customer's email account and made spoof phone calls. Given that models with similar capabilities to Mythos could become broadly available in the near future, Anthropic is urging software developers to shorten their patch cycles and make security fixes available. It's worth mentioning here that Oracle has recently shifted to a monthly patch cycle to address critical security issues. "Network defenders should shorten their patch testing and deployment timelines," Anthropic said. "These include steps like hardening networks' default configurations, enforcing multi-factor authentication, and keeping comprehensive logs for detection and response." The AI company also said it has launched a Cyber Verification Program that allows security professionals to use its models without guardrails for legitimate purposes such as vulnerability research, penetration testing, and red teaming. This is similar to OpenAI's Daybreak, which also allows defenders to leverage GPT-5.5-Cyber for specialized workflows. Models like Mythos Preview and GPT-5.5-Cyber have yet to be released to the public owing to concerns that there currently exist no adequate safeguards to prevent their misuse at a large scale. "Glasswing helps the most systemically important cyber defenders gain an asymmetric advantage," it pointed out. "However, there is an urgent need for as many organizations as possible to shore up their cyber defenses. We hope that our generally available models, and the new tools, resources, and research we're providing to accompany them, will support those organizations to improve their cybersecurity posture."

Anthropic says Mythos has already found more than 10,000 vulnerabilities - Engadget

The company has published an update about Project Glasswing, a month after its launch. Anthropic has published an initial report for Project Glasswing, the cybersecurity initiative it launched in April that aims to prevent AI cyberattacks with, well, AI. The initiative is powered by Claude Mythos Preview, the company's unreleased model, which Anthropic says has already helped its partners find more than ten thousand vulnerabilities overall just a month after Glasswing's launch. In addition, it says most of its partners have "each found hundreds of critical- or high-severity vulnerabilities in their software" using the model. The company said that its partners' rate of bug-finding has increased by more than a factor of ten. Cloudflare found 2,000 bugs, 400 of which are high or critical in severity. Mozilla previously reported that it found and fixed 271 vulnerabilities in Firefox, 10 times more what it found in an older version of the browser using another Claude model. Microsoft's recent announcement that its patch releases will "continue trending larger for some time" is apparently because of the bugs it found through Mythos Preview. Anthropic also used Mythos Preview to scan 1,000 open-source projects over the past few months and found 6,202 high- and critical-severity vulnerabilities out of 23,019. While the company didn't include it in the report, a security research firm recently claimed that it found a way to breach macOS, an operating system known for having tight security, with help from Mythos' bug-finding capabilities. The company explained in its report that it hasn't released Mythos Preview to the public yet, because no company (including itself) has developed safeguards strong enough to prevent models like it from being misused. It intends to release "Mythos-class models" in the future, though, when those safeguards become available. For now, it's planning to work with partners like the US and other governments to expand the availability of Project Glasswing. That indicates that the company may be on its way to repairing its relationship with the US government. The company is already working with several partners at the moment, including Amazon Web Services, Apple, CrowdStrike, Google, JPMorganChase, NVIDIA and Palo Alto Networks, in addition to the others we've already mentioned. Anthropic is reportedly about to be profitable for the first time since it was founded in 2021. According to a recent report by the The Wall Street Journal, it's on track to post a revenue of $10.9 billion with an operating profit of $559 million for the quarter ending in June. The company doesn't expect to remain profitable in the quarters that will follow, however, as it intends to invest more money into computing resources and other expenses.

Anthropic's restricted Claude Mythos model may be coming to Claude Code

Anthropic appears to be preparing for the public rollout of "Mythos," which was announced in April as a restricted model that poses major security risks to private and public software. On April 7, Anthropic announced the Mythos in early preview and called it a new frontier model with strikingly advanced capabilities in computer security tasks. Anthropic said the Mythos model shows major improvements in code reasoning and autonomy, far above its current flagship model, Opus 4.7. Coding improvements aren't new for AI models, but in the case of Mythos, Anthropic found that the model can automatically develop functional cyberattacks at a highly professional level. The company also claimed its rollout poses a severe risk to global digital infrastructure. "The advantage will belong to the side that can get the most out of these tools," Anthropic warned. "In the short term, this could be attackers, if frontier labs aren't careful about how they release these models. In the long term, we expect it will be defenders who will more efficiently direct resources and use these models to fix bugs before new code ever ships." To prevent attackers from exploiting a massive volume of unpatched vulnerabilities in popular apps, such as Firefox, Anthropic decided against the public rollout of the Mythos model until it prepared a powerful guardrail system. It looks like Anthropic may have developed a strong guardrail system, as Claude Code and Claude Security now have references to the Mythos model. In fact, some users briefly noticed the toggle to enable Mythos in the public version of Claude Code before it was taken offline. The model is called claude-mythos-1-preview, and it also briefly appeared in the public version of Claude Security. This confirms that Anthropic is preparing the model for public rollout, but it's unclear whether it'll be available across all subscription tiers. Anthropic has confirmed it's working on a new project called "Glasswing," where the AI startup collaborates with other companies to secure the world's most critical software from potential AI-driven exploits. This initiative uses the unreleased Claude Mythos Preview, and it has already managed to help up to 50 organizational partners. Mythos model managed to uncover 10,000 high- or critical-severity vulnerabilities in its first month alone, which explains why Anthropic has been holding off its public release. Anthorpic currently offers Claude Opus 4.7, Opus 4.6, Opus 4.5, Sonnet 4.6, and Haiku 5.5.

Anthropic's Claude Mythos might get public release

Anthropic has announced plans to eventually release a public version of Mythos, its AI model with advanced cybersecurity capabilities. First, the AI company needs to develop adequate safeguards, which, by its own admission, don't yet exist. The company revealed in an update to Project Glasswing, its limited-access security program, that it intends to expand access to U.S. and allied governments before pursuing a broader public release of "Mythos-class models" in the "near future." As reported by The Register, Anthropic was candid about the timeline's uncertainty, stating that no company, including itself, has built safeguards sufficient to prevent the model from being misused. Even so, Anthropic said in a related blog post that it believes "Mythos-level models will become widely available in the next 6-12 months." Are you an Apple superfan? Enter Mashable's Big Guessing Game to win prizes. Claude Mythos was initially revealed in April. Anthropic said that the model succeeded at generating working exploits 72.4 percent of the time during testing -- compared to just above zero percent for Claude Opus 4.6. In those reports, Anthropic researchers with no formal security training reportedly asked Mythos to hunt for vulnerabilities overnight and woke up to complete, functional exploits. Since then, the model has scanned over a thousand open-source projects and identified more than 23,000 flaws, including more than 6,000 rated high or critical severity. Among them was a vulnerability in the wolfSSL cryptography library, used by billions of devices, that would have allowed attackers to forge certificates and impersonate legitimate websites. It has since been patched. As AI tools get better at finding exploits, they've sparked a zero-day bug discovery crisis, with some bug bounty programs shutting down entirely. Open-source maintainers have reportedly asked Anthropic to slow its disclosure rate, saying the flood of bug reports exceeds their capacity to address them. Anthropic's suggested solution to the capacity crunch is, of course, more AI. The Claude Mythos system card predicts that AI tools will ultimately benefit cybersecurity defenders, though Anthropic also notes that hackers may have an advantage for the time being.

'After one month, most partners have each found hundreds of critical- or high-severity vulnerabilities': Anthropic claims Mythos has found over ten thousand major security vulnerabilities across 'the most systemically important software in the world'

* Anthropic reported Mythos Preview uncovered over 10,000 high‑ and critical‑severity vulnerabilities in under two months, with Cloudflare alone finding 2,000 bugs * Independent validation confirmed 90% of assessed findings as real, though critics argue the breakthrough may stem from massive compute and workflows rather than unique reasoning * The bottleneck has shifted from discovery to verification, disclosure, and patching, as AI now surfaces vulnerabilities faster than organizations can remediate them In less than two months, Anthropic and friends have apparently discovered more than ten thousand critical and high-level security vulnerabilities using the famed Mythos Preview artificial intelligence tool. In a brief update on the state of the project, published late last week, Anthropic said that since the release of the tool, roughly 50 organizations that got to use it each found "hundreds" of vulnerabilities. "Several have told us that their rate of bug-finding has increased by more than a factor of ten," the company said. "For instance, Cloudflare has found 2,000 bugs (400 of which are high- or critical-severity) across their critical-path systems, with a false positive rate that Cloudflare's team considers better than human testers." Anthropic explained that sharing details on vulnerabilities is usually done with a 90-day delay, to give users enough time to patch and to not put anyone at risk of compromise. Therefore, it only shared general, "illustrative examples" to prove, once again, just how powerful the tool is. With that in mind, it said that Mythos found an estimate of 6,202 high- or critical-severity vulnerabilities in these projects (out of 23,019 in total, including those it estimates as medium- or low-severity). Skepticism lingers Of those, 1,752 have been assessed by independent security researchers, and 90% were confirmed as valid positives, while 62.4% were confirmed as either high- or critical-severity. But while the overall reaction to Mythos Preview has been extremely positive, there are voices saying the hype may be overstated, as well. Techzine analysis, for example, argues that AI-assisted vulnerability discovery already existed through systems like Google's Big Sleep, and that the real challenge is still human operational security. A recent academic paper, "Benchmarking Mythos-Linked Bug Rediscovery," found that under controlled conditions, public frontier models like GPT-5.5 were able to rediscover some of the same vulnerabilities attributed to Mythos, and on Reddit, different communities have been even more skeptical. The key takeaway seems to be that Mythos may simply be using enormous amounts of compute and long-running agentic workflows rather than possessing qualitatively different reasoning abilities. In any case, Anthropic now says that progress on software vulnerability is no longer limited by the speed of discovery, but rather by the speed of verification, disclosure, and patching. Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

A Complete Breakdown of the Claude Mythos 1 Leak and Features

The recent leak of Claude Mythos 1 has provided a rare look at Anthropic's advanced AI model, sparking discussions about its potential applications and implications. In a detailed hands-on review, World of AI examines the leaked outputs, including standout examples like solving Erdos Problem 90, a challenging geometry problem and generating a Python-based visualization titled Saturn spaceship pie art. These examples highlight the model's strengths in mathematical reasoning, creative problem-solving, and programming expertise, underscoring its potential to tackle complex, high-stakes challenges. Anthropic's cautious approach to a possible public release reflects its focus on safety, making sure that such capabilities are deployed responsibly. Dive into this breakdown to explore how Claude Mythos 1 performed on the Exploit Bench, where it achieved a leading score of 69%, and what this means for its role in cybersecurity. You'll also gain insight into its versatility across fields like research and development, enterprise systems, and cloud security, as well as its implications for developers navigating AI integration. This review offers a comprehensive look at the model's potential impact while addressing the safeguards needed for its responsible use. What is Claude Mythos 1? Claude Mythos 1 is a innovative AI model designed to address high-stakes challenges with precision and adaptability. Its core strengths lie in areas such as cybersecurity, software exploitation, and complex problem-solving, making it a versatile tool for tackling intricate tasks. Anthropic has positioned the model as a solution for scenarios requiring long-term reasoning and adaptive thinking, setting it apart from many existing AI systems. Initially, the model was restricted to internal use to mitigate risks of misuse. However, Anthropic has recently hinted at the possibility of a public release. This potential shift reflects the company's growing confidence in its ability to implement robust safety measures, making sure that the model's capabilities are harnessed responsibly. Leaked Outputs Showcase Advanced Capabilities The leaked outputs of Claude Mythos 1 provide a compelling glimpse into its advanced capabilities, showcasing its potential applications across various domains. Notable examples include: * Creating a detailed visualization titled "Saturn spaceship pie art" using Python libraries, demonstrating its programming expertise and creative problem-solving skills. * Solving Erdos Problem 90, a complex geometry problem, with an elegant and efficient solution that surpasses prior approaches, highlighting its deep mathematical reasoning. These examples underscore the model's ability to handle tasks that demand a combination of precision, creativity, and technical expertise. Such capabilities position Claude Mythos 1 as a powerful tool for addressing challenges that were previously considered beyond the reach of AI. Expand your understanding of Claude Mythos with additional resources from our extensive library of articles. Performance Benchmarks: Leading the Pack Claude Mythos 1 has demonstrated exceptional performance in key benchmarks, particularly in the field of cybersecurity. On the Exploit Bench, a rigorous test designed to evaluate software exploitation capabilities, the model achieved a leading score of 69%, outperforming many of its competitors. This achievement highlights its potential to address real-world challenges in software security, making it an invaluable asset for developers, enterprises and security professionals. Beyond cybersecurity, the model's performance in other domains further solidifies its reputation as a versatile and reliable AI system. Its ability to excel in diverse tasks underscores its potential to drive innovation across industries. Applications Across Industries The versatility of Claude Mythos 1 opens up a wide range of applications across various sectors. Its advanced capabilities make it a valuable tool for addressing complex challenges and driving innovation. Key areas where the model could have a fantastic impact include: * Research and Development: With its strengths in mathematical exploration and adaptive reasoning, Claude Mythos 1 can accelerate scientific research and enable breakthroughs in fields such as physics, biology and engineering. * Enterprise Systems: The model's ability to integrate seamlessly into enterprise environments offers opportunities to enhance cloud security, streamline coding workflows, and improve API interactions, boosting overall efficiency. * Cybersecurity: Its performance in software exploitation benchmarks positions it as a critical resource for identifying and addressing security vulnerabilities, helping organizations safeguard their systems against emerging threats. These applications highlight the model's potential to transform how organizations approach problem-solving, security, and innovation in an increasingly complex digital landscape. Speculation on Public Release Anthropic has suggested that Claude Mythos 1, along with other Mythos-class models, could be made available to the public in the near future. While no official timeline has been confirmed, industry speculation points to a potential release within the next few months. Anthropic has emphasized the importance of implementing comprehensive safety protocols to ensure that the model is used responsibly and ethically. The company's cautious approach reflects its commitment to balancing innovation with safety. By prioritizing the development of robust safeguards, Anthropic aims to mitigate risks while allowing broader access to the model's advanced capabilities. Comparison Tools for Developers For developers seeking to evaluate Claude Mythos 1 against other AI models, platforms like Open Router provide valuable resources. These platforms offer tools for direct comparisons between models such as Claude Mythos, Opus 4.7 and Gemini 3.5 Flash. Key features include: * Unified APIs: Simplifying the process of integrating and testing multiple AI models. * SDK Support: Providing developers with the tools needed to customize and optimize AI performance for specific tasks. * Routing Fallback Systems: Making sure seamless task execution by automatically redirecting requests to alternative models when necessary. These tools empower developers to make informed decisions about which AI model best suits their needs, fostering innovation and collaboration across the AI ecosystem. Strategic Shifts and Broader Implications Anthropic's evolving approach to Claude Mythos 1 reflects a broader strategic shift within the company. Originally developed as an internal tool, the model is now being considered for public release, a move that signals Anthropic's growing confidence in its safety protocols and its commitment to advancing AI technology responsibly. This transition has significant implications for the future of AI adoption. By making such advanced tools accessible to a wider audience, Anthropic could play a pivotal role in shaping the trajectory of AI development across industries. The potential public release of Claude Mythos 1 represents not just a technological milestone but also a step toward fostering greater collaboration and innovation in the AI community. Media Credit: WorldofAI Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.

Expansion Of Mythos-Level LLMs Makes Exploitability The Key Focus: CISO

The expected spread of frontier AI capabilities for vulnerability discovery such as Anthropic's Claude Mythos means that organizations will need to prioritize patching based on the exploitability of software flaws, Optiv's Rob Gregory tells CRN. The expected spread of frontier AI capabilities for vulnerability discovery such as Anthropic's Claude Mythos means that organizations will need to prioritize patching based on the exploitability of software flaws, according to Optiv security chief Rob Gregory. That's a shift from traditional vulnerability management approaches that focused more on seeking to reduce the total number of vulnerabilities in the organization's environment, said Gregory, CISO at Denver-based Optiv, No. 28 on CRN's 2025 Solution Provider 500. [Related: How CISOs Need To Prepare For The Claude Mythos Era Of Cyberattacks: Experts] With the massive awareness generated by Anthropic's disclosures about Mythos starting in early April, "I think it's been positive overall to allow the entire industry to shift focus," he told CRN. "Historically, we'd gotten to a point where, specifically around vulnerabilities, we were managing the risk based on the cumulative number of vulnerabilities -- how many are in your environment," Gregory said. "For a while, that's been a legacy way of thinking. But [until Mythos] it really hadn't gone mainstream, to no longer view vulnerabilities like that." The necessity of shifting focus in this way is likely to only become more urgent, given the latest signals from AI platforms such as Anthropic about where frontier AI models such as Claude Mythos are going next. Last week, Anthropic disclosed that it now expects to release vulnerability-discovery capabilities akin to Mythos, which seemed to indicate a shift from prior messaging that implied Mythos might never become public. In an update about its Project Glasswing initiative on May 22, Anthropic wrote that "in the near future, once we've developed the far stronger safeguards we need, we look forward to making Mythos-class models available through a general release." A separate post from Anthropic, published the same day, likewise suggested that publicly available capabilities comparable to Mythos are not far off. "We believe that Mythos-level models will become widely available in the next 6-12 months," a team at Anthropic wrote in the post. Other disclosures about the proficiency of frontier AI for vulnerability discovery have concerned Anthropic's Opus 4.7 model, as well as OpenAI's GPT 5.5. Without a doubt, the latest generation of models are more capable at coding and reasoning around vulnerability discovery and exploitability, as well as at executing complex cybersecurity use cases, CrowdStrike CTO Elia Zaitsev said during an event earlier this month. This is both because of improvements and due to reductions in guardrails, Zaitsev said. However, where the latest frontier models are "particularly good [is] at chaining together existing vulnerabilities and identifying these non-obvious attack paths, as well as some reverse- engineering tasks," he said. This new level of vulnerability risk means that organizations will need to understand more than just how many vulnerabilities they have or what the severity level is of those vulnerabilities, Optiv's Gregory said. "I think what Mythos and what other frontier LLMs will start to identify and drive -- from a vulnerability management standpoint -- is starting to look at not vulnerability, but exploitability," he said. "What are your exploitability weaknesses, and what are you doing about those? And do you already have emergency patching cycles? Do you already have the capability to do agentic patching?" Ultimately, what Mythos brought to the forefront is that AI will "not only shift how we focus on risk, but it's really going to reduce the skill floor that is required for a threat actor to be able to [execute] a pretty complicated cyberattack," Gregory said. "Exploitability has always been kind of a niche skill set," he said. "Being able to have that in an LLM that [attackers] can access would be a massive risk, globally."

Anthropic's Project Glasswing Finds 'More Than 10,000' Critical Bugs, Expands To Additional Partners

Anthropic shared a sweeping update on Project Glasswing, saying its artificial intelligence-assisted security testing effort has already uncovered "more than 10,000 high-or critical-severity vulnerabilities" across widely used software systems. Several partner organizations reported that they saw an increase in bug discovery rates after integrating AI into their testing workflows, with some seeing gains of more than 10 times. The company cited results from Cloudflare, which said internal testing uncovered roughly 2,000 bugs, including 400 classified as high or critical severity, while producing fewer false positives than conventional human-led testing. Mozilla also identified and fixed 271 vulnerabilities in Firefox 150 during testing with Mythos Preview, a result the company contrasted with earlier runs using Claude Opus 4.6, stating that this new model is more effective. Anthropic noted that its Mythos Preview was even able to detect and prevent a fraudulent $1.5 million wire transfer after a threat actor compromised a customer's email account and made spoof phone calls. The company plans to publish a more detailed technical analysis of the vulnerability in the coming weeks. "There is a clear need for a larger effort across the software industry to manage the volume of findings that these models will generate. Currently, there's often a long lag between the discovery of a vulnerability, the creation of a patch for it, and the time when the patch is widely deployed by end users," the company wrote. Anthropic also noted that it plans to work with "critical partners," including the U.S. and allied governments, to expand Project Glasswing to additional partners. "In the near future, once we've developed the far stronger safeguards we need, we look forward to making Mythos-class models available through a general release," the company said. Photo: Shutterstock This content was partially produced with the help of AI tools and was reviewed and published by Benzinga editors. Market News and Data brought to you by Benzinga APIs To add Benzinga News as your preferred source on Google, click here.

Anthropic Says Mythos Has Uncovered More Than 10K Vulnerabilities | PYMNTS.com

By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions. That's according to a report issued last week by the artificial intelligence startup on Project Glasswing, its effort to use AI to counter AI-powered cyberattacks. "Progress on software security used to be limited by how quickly we could find new vulnerabilities," the report said. "Now it's limited by how quickly we can verify, disclose, and patch the large numbers of vulnerabilities found by AI." Launched in April, Project Glasswing is a joint venture by Anthropic and 50 partner organizations. Since the project began, their work has found more than 10,000 "high- or critical-severity vulnerabilities" in "the most systemically important software in the world," the report added. In addition, several of these companies have reported that their rate of bug-finding has risen by more than a factor of 10, Anthropic said. The startup cites the example of Cloudflare, which has found 2,000 bugs (400 of them high- or critical-severity) within its critical-path systems,"with a false positive rate that Cloudflare's team considers better than human testers." The report also noted that the rate of AI progress means that many other AI companies will soon develop their own models on the same level as Mythos Preview. However, no company has created protections that can keep these models from being misused, Anthropic added, which is why it has yet to make Mythos-class models publicly available. "But it's also why we began Project Glasswing: If a similarly capable model is released without such safeguards, it will soon become dramatically cheaper and easier for almost anyone in the world to exploit flawed software," Anthropic said. Research by PYMNTS Intelligence and Trulioo shows that large enterprises are increasingly dealing with AI-powered cyberattacks. "Larger firms, with their larger footprints, can be more susceptible to the AI-powered spoofing of identity documents thanks to the industrialization of deepfakes and automated data scraping capabilities by adversarial cyber actors," PYMNTS wrote last week. The research found that most companies (58%) with more than $1 billion in annual revenue surveyed reported dealing with AI-generated documents or deepfake-related attacks in the past year, a full 11 percentage points more than smaller firms. Automated scraping attacks also increased sharply with scale. "Against this backdrop, enterprise-grade firms increasingly depend on identity systems not only to stop fraudsters, but also to determine whether legitimate customers can transact, onboard, access services and remain engaged," PYMNTS wrote. "In that environment, every authentication decision becomes a revenue decision."

Anthropic's Claude Mythos Briefly Surfaces Online After Restricted Access Claims

Project Glasswing has become the main reason Claude Mythos is receiving attention. In one month, more than 50 major developers and infrastructure partners reportedly worked with Claude Mythos Preview. The model helped identify over 10,000 high-severity or critical software vulnerabilities. Reports linked the work to major systems, including Cloudflare, Firefox, OpenBSD, and security libraries used across connected devices. Some reports also said Mythos found a long-hidden OpenBSD bug that had remained unnoticed for 27 years. The model's role was not limited to finding flaws. Reports said it also helped block a $1.5 million fraud attempt at a partner bank. The case reportedly involved suspicious behavior linked to a wire transfer, which Mythos helped detect before funds moved. These claims have not all been described in full technical detail. That is expected in security reporting, as teams often withhold details until patches are ready. However, Anthropic's update points to a new phase where AI systems can find bugs faster than many teams can fix them.