Anthropic's Mythos AI disclosed 1,596 critical bugs — open source patched 97
On May 22, Anthropic published the first month of data from Project Glasswing, the cybersecurity initiative it launched in April with around 50 partners. Running a restricted research model called Claude Mythos Preview against systemically important open-source software, Anthropic sifted 23,019 candidate findings down to 1,596 confirmed bugs reported to maintainers — and only 97 of those have been patched upstream so far. Anthropic still refuses to release the model publicly, saying the dual-use risk is too high.
What the funnel says
Read the chart carefully and the headline "10,000+ vulnerabilities" the press has been running with starts to look like the least interesting number. Of 23,019 candidate findings from the open-source scan, Anthropic sent 1,900 to external security firms for review; they confirmed 1,726 as valid — a 90.8% true-positive rate that is unusually high for an automated bug-finder. From there 467 were reported to maintainers through the formal path, while a separate 1,129 were reported direct by Anthropic at maintainers' explicit request (those may include some false positives). Total disclosures: 1,596. Total acknowledged: 1,451. Total patched: 97.
Partner-side numbers are equally lopsided. Cloudflare ran Mythos Preview against 50+ of its own repositories and surfaced about 2,000 bugs, ~400 of them high or critical. Mozilla found and fixed 271 vulnerabilities in Firefox 150 — more than ten times what testing Firefox 148 with Claude Opus 4 produced. External evaluators reinforced the capability story: the UK AI Security Institute reported Mythos Preview as the first model to solve both their cyber ranges end-to-end, and benchmark vendor XBOW called its web-exploit precision "unprecedented."
Why it matters
The bottleneck just moved. For two decades the rate-limiter on open-source security has been finding bugs; fuzzers and static analyzers throw heat without much signal, and human researchers are scarce. A model that produces 1,596 disclosed bugs in a month at 90.8% TPR — with the proof-of-concept already written, per Cloudflare's writeup — collapses that side of the funnel. What it doesn't collapse is the human cycle on the other side: triage, regression testing, backport, release. 97 patches against 1,596 disclosures is roughly 6%, and the gap will widen if the model accelerates while maintainer capacity stays flat.
That gap is also the strongest argument for not shipping the model. Anthropic is committing up to $100M in Mythos credits and $4M in direct donations to open-source security organizations, but it has deliberately kept Mythos Preview restricted to ~50 vetted partners — concluding that a generally-available model that "can autonomously find and exploit zero-day vulnerabilities across every major operating system and browser" would help attackers more than defenders during the patch lag. Cloudflare's own post notes the same tension bluntly: the same capabilities "will, in the wrong hands, accelerate the attack side." Bruce Schneier called the dynamic the central unsolved question of AI security: defenders get a working tool now, attackers get one later, and the only thing standing between them is how long Anthropic can keep the model behind its API.
What to watch
Three signals. First, the 88-to-1,596 advisory ratio next month: if patches close even half the gap, the maintainer-side story changes; if it stays at 6%, expect louder calls for paid-maintainer programs funded by the labs that produce the findings. Second, whether any of the 23,019 candidates lands as a high-profile CVE in a widely-deployed package — that will tell us how much of the raw finding count is genuinely critical vs. duplicate-of-known. Third, when Anthropic decides to broaden Mythos Preview access. The current ~50-partner list is heavy on hyperscalers and OS vendors; the moment a Fortune 500 CISO who isn't on it can buy time on the model, the dual-use calculus changes.
Sources
- Anthropic: Project Glasswing — An initial update
- Anthropic: Project Glasswing launch (overview + partners)
- Anthropic Red: Claude Mythos Preview
- Cloudflare: Project Glasswing — what Mythos showed us
- Engadget: Anthropic says Mythos has already found more than 10,000 vulnerabilities
- Schneier on Security: On Anthropic's Mythos Preview and Project Glasswing