Anthropic says Claude Mythos Preview has helped uncover more than 10,000 serious software flaws, and the harder problem now is not finding bugs. It is fixing them fast enough.
Anthropic has turned one of the most uncomfortable truths in AI security into a public benchmark. Its unreleased Claude Mythos Preview model, used through Project Glasswing, has helped roughly 50 partners find more than 10,000 high- or critical-severity vulnerabilities in software that underpins major parts of the internet, cloud infrastructure and enterprise systems.
That number matters because it changes the conversation around AI security. For years, companies treated red-teaming as a specialist exercise: bring in experts, test the product, produce a report, patch the worst issues and move on. Mythos points to a different model, where vulnerability discovery becomes continuous infrastructure. The model keeps looking. The backlog keeps growing. The old rhythm of occasional testing starts to look too slow.
According to Anthropic's May 22 update, most Project Glasswing partners have each found hundreds of serious vulnerabilities in their own software after one month, while several reported that their bug-finding rate increased by more than ten times. Cloudflare found 2,000 bugs across critical-path systems, including 400 high- or critical-severity issues. Mozilla found and fixed 271 vulnerabilities in Firefox 150 while testing Mythos Preview, more than ten times what it found in Firefox 148 with Claude Opus 4.6.
The immediate implication is practical. Finding a flaw is no longer the scarce resource. The scarce resource is human review, coordinated disclosure, maintainer attention and patch deployment. That is a very different bottleneck from the one most companies designed for.
Anthropic's own open-source scan shows the shape of the problem. Over the last few months, the company used Mythos Preview to scan more than 1,000 open-source projects. The model identified 23,019 total vulnerability candidates, including 6,202 it estimated as high or critical severity. Of the high- or critical-rated findings reviewed by independent security firms or Anthropic itself, 90.6% were valid true positives, and 1,094 were confirmed as high or critical.
Even those figures need careful reading. Anthropic has disclosed 1,596 vulnerabilities across 281 open-source projects as of May 22, while 97 have been patched and 88 have received a CVE record or GitHub Security Advisory. That gap is not necessarily negligence. It reflects the reality that maintainers, many of them volunteers, now face a volume of plausible findings that would have been hard to imagine only a short time ago.
One example gives the numbers more weight. Mythos found a critical issue in wolfSSL, the widely used cryptography library, assigned CVE-2026-5194. Anthropic said the exploit could allow an attacker to forge certificates and make a fake banking or email website appear legitimate to an end user. That is not an abstract lab result. It is the kind of bug that can sit inside trusted infrastructure and quietly expand the blast radius for everyone built on top of it.
Mythos is not a normal product launch
This is also why Mythos is not being released like a conventional AI product. Anthropic says Mythos-class models are still too risky for broad public access because no company, including Anthropic, has safeguards strong enough to prevent misuse at scale. For now, access is limited through Project Glasswing and selected security programs, with partners including Amazon Web Services, Apple, Google, Microsoft, NVIDIA, CrowdStrike, JPMorgan Chase and Palo Alto Networks.
That restricted release is important for enterprise buyers and AI founders. It suggests the frontier in security tooling will not simply be another dashboard sold to every customer with a budget. The most powerful systems may be distributed first through trusted partnerships, critical infrastructure channels and verified security workflows. Procurement teams will need to know whether testing is continuous, whether findings are validated by humans, and how quickly patches move from discovery to production.
Anthropic is trying to widen the defensive side without making Mythos itself generally available. It has released Claude Security in public beta for Claude Enterprise customers, saying Claude Opus 4.7 has been used to patch more than 2,100 vulnerabilities in three weeks. It has also launched a Cyber Verification Program for legitimate security professionals and is making some Glasswing tools available to qualifying customer security teams on request.
The broader market will not stand still. OpenAI has been moving in the same direction with cyber-focused model access, and security vendors are already testing advanced models against their own products. Palo Alto Networks said its latest release included more than five times as many patches as usual, while Microsoft has warned that its patch volume will continue trending larger for some time. That is what happens when the cost of discovery falls before the cost of fixing does.
For founders building AI products, the lesson is direct. Model capability is no longer only a product advantage. It is a security pressure. Agentic systems, code assistants and automated infrastructure tools expand the surface area that attackers can probe, and AI now makes that probing faster. A yearly penetration test will not look credible in a market where competitors and adversaries can run automated vulnerability discovery continuously.
The next phase will be decided by process, not just models. Companies that shorten patch cycles, keep cleaner logs, enforce multi-factor authentication and make updates easier to deploy will absorb this shift better than companies that treat AI security as a compliance checkbox. Mythos has shown that software may contain far more serious flaws than teams can comfortably process. The winners will be the ones that build systems to keep up.
Also read: Grok is struggling to turn Musk's reach into enterprise trust • Brain implants are pushing artificial vision closer to practical use • UK MPs want an AI kill switch for data centres
