Loading...
Loading...
Anthropic’s Claude Mythos Preview, used in Project Glasswing with about 50 partners, has dramatically accelerated vulnerability discovery—flagging over 23,000 issues including more than 10,000 high- or critical-severity findings across core open-source and infrastructure projects. Major testers like Cloudflare and Mozilla confirmed large numbers of actionable bugs, while independent evaluators praised Mythos’s ability to chain primitives into full exploits and autonomously validate proofs. The rapid surge in findings has shifted the bottleneck from discovery to responsible disclosure and patching, prompting regulators and firms to demand faster defenses. Anthropic says Mythos won’t be publicly released and is withholding full technical details until patches are deployed, highlighting tensions between powerful defensive tools and their offensive misuse risks.
Powerful code-audit LLMs like Mythos can scale vulnerability discovery and produce actionable exploit proofs, changing how security teams prioritize fixes. Tech professionals must weigh efficiency gains against elevated false positives, safety risks, and governance demands when deploying automated auditors.
Dossier last updated: 2026-05-22 19:58:14
Anthropic appears to be preparing a limited public rollout of its most capable model, Claude Mythos. TestingCatalog reported that a “claude-mythos-1-preview” option briefly appeared in Claude Code and Claude Security before being removed, suggesting pre-launch testing. Mythos, positioned since April as an advanced model for computer security tasks, reportedly surpasses flagship Opus 4.7 in code reasoning and autonomous execution — capabilities Anthropic has warned could be misused to create professional-grade cyberattacks. Anthropic is also advancing a Glasswing initiative that uses the Mythos preview with partners to protect critical software systems and share an open vulnerability dashboard; no official public release date for Mythos has been announced.
The European Central Bank convened an emergency meeting after Anthropic’s new AI, Claude Mythos Preview, reportedly identified thousands of high-risk vulnerabilities across major operating systems and browsers. ECB deputy chair Frank Elderson warned that Mythos and similar models accelerate cyber risk and urged US banks with access—many part of Anthropic’s Project Glasswing—to share findings with European counterparts and speed up patch deployment. Regulators fear European banks, which lack access to Mythos, could be disadvantaged as attackers quickly exploit disclosed flaws. Anthropic has agreed to brief some international bodies, including the Financial Stability Board and the EU, while multiple institutions seek access or technical disclosures. The ECB called for dramatically faster patching processes.
Anthropic公司发布的Claude Mythos预览版在“Project Glasswing”项目中发现了10,000多个零日漏洞 - CyberSecurityNews
Anthropic says Project Glasswing, live one month, and its Claude Mythos Preview model helped about 50 partners find over 10,000 high- and critical-severity vulnerabilities across key software, shifting the bottleneck from discovery to verification and patching. Partners report big speedups—some teams find bugs over 10x faster—and Cloudflare, Mozilla and others disclosed large numbers of confirmed issues (Cloudflare found 2,000 with 400 high/severe; Mozilla fixed 271 in Firefox 150). Independent tests (UK AI Security Institute, XBOW) praise Mythos’ attack and web-exploit performance. Anthropic scanned 1,000+ open-source projects, flagged 23,019 bugs (6,202 high/severe); human review confirmed a ~90.6% true positive rate for reviewed high/severe reports. The hardest part is remediation: fixes average two weeks and many maintainers are overwhelmed.
Anthropic announced it will not publicly release its Mythos-class models and published Project Glasswing data showing Claude Mythos Preview identified large-scale security issues. Working with about 50 partners and scanning 1,000+ open-source projects, Mythos Preview flagged 23,019 vulnerabilities, including an estimated 6,202 high/critical ones. Of 1,752 high/critical findings reviewed by Anthropic or independent firms, 90.6% were true positives and 62.4% confirmed high/critical. Anthropic estimates these results could correspond to roughly 3,900 real high/critical open-source vulnerabilities. Partners reported concrete impacts: Mozilla patched 271 Firefox issues after Mythos testing, and Cloudflare praised the model’s ability to chain low-severity bugs into exploitable chains. This influences vulnerability discovery, disclosure, and responsible AI deployment.
Anthropic : Anthropic says Claude Mythos Preview has been used to find more than 10,000 high- or critical-severity vulnerabilities since the launch of Project Glasswing — Last month, we launched Project Glasswing, our collaborative effort to secure the world's most critical software before increasingly capable AI models can be turned against it.
Anthropic reports that Project Glasswing partners using its new Mythos Preview model have discovered over ten thousand high- or critical-severity vulnerabilities in essential open-source and infrastructure software within a month, dramatically accelerating bug-finding rates. Major partners such as Cloudflare found thousands of bugs (including hundreds of high/critical) and external testers — the UK’s AI Security Institute, Mozilla, XBOW, and academic benchmarks ExploitBench/ExploitGym — all reported Mythos Preview outperformed prior models and conventional tooling. Anthropic says verification, coordinated disclosure, and patching are now the bottlenecks, and it will withhold full technical details until patches are widely deployed. The update signals a step-change in AI-assisted offensive and defensive cybersecurity capabilities and raises operational and disclosure challenges for the industry.
Anthropic’s Project Glasswing reports that, after one month using its new Mythos Preview model, roughly 50 partners have found more than ten thousand high- or critical-severity vulnerabilities in widely used open-source and critical-infrastructure software. Partners including Cloudflare reported dramatic increases in bug-finding rates (Cloudflare: ~2,000 bugs, 400 high/critical), and external testers — the UK’s AI Security Institute, Mozilla, XBOW, and academic benchmarks ExploitBench/ExploitGym — rated Mythos Preview as significantly stronger than prior models at end-to-end exploit development and precision. Anthropic says disclosure and patching speed, not discovery, is now the bottleneck, and promises more detailed findings after coordinated disclosures and patches are broadly deployed.
Cloudflare ran Anthropic's Mythos Preview (part of Project Glasswing access) against over 50 internal repositories and published a detailed post on findings, workflow, and risks. Using the security-focused model, their team identified numerous potential vulnerabilities and produced prioritized reports, but stressed high false-positive rates and the need for human review. Cloudflare highlighted integration paths into developer workflows, caution around model hallucinations and dangerous exploit generation, and the importance of safeguards, logging, and least-privilege access. The report matters because it offers one of the first real-world evaluations from a major internet infrastructure provider, showing practical benefits and clear operational, safety, and governance trade-offs for adopting powerful automated code-audit models.
Anthropic’s Mythos Preview markedly advances security-focused LLM capabilities, according to TechScan AI’s Project Glasswing tests. The model excels at exploit chain construction—linking multiple low-level bugs into full exploits—and at automatic proof generation, iterating by compiling and running exploit attempts to validate hypotheses. Compared to prior frontier models, Mythos closes the gap between finding issues and demonstrating exploitability. However, it sometimes refuses legitimate vulnerability-research requests due to emergent guardrails, and its integration at scale requires new architecture and processes. The piece highlights both defensive uses (automated discovery and proof) and offensive risks (automation of complex exploits), underscoring implications for security tooling, responsible disclosure, and model safety design.
Anthropic’s Mythos Preview impressed testers in Project Glasswing by advancing automated vulnerability discovery: it can construct multi-step exploit chains from small primitives and generate working proof-of-concept code by iterating compile-and-run cycles. Testers pointed Mythos at over 50 repositories and found Mythos went beyond earlier frontier models by stitching separate findings into full exploits and autonomously validating them. The model still exhibits emergent refusals—pushing back on some legitimate security-research queries—even though the Project Glasswing instance lacked the broader commercial safeguards. The piece argues this capability changes how security teams should architect model integrations, workflows, and guardrails if these tools are to be used safely and at scale.