Anthropic revealed that its advanced AI cybersecurity model, Claude Mythos Preview, has identified more than 10,000 high- and critical-severity software vulnerabilities within just one month through its Project Glasswing initiative.
According to the report, the AI system scanned over 1,000 widely used open-source software projects that support major internet and enterprise infrastructure. Anthropic stated that the findings included 6,202 high- or critical-severity vulnerability candidates, of which 1,726 were confirmed as valid security flaws. Among these, 1,094 vulnerabilities were categorized as high or critical severity.
The company said the discoveries have already resulted in 97 software patches and 88 security advisories being issued to affected projects and vendors. One notable flaw identified by Mythos involved WolfSSL, tracked as CVE-2026-5194, a critical vulnerability that could reportedly enable certificate forgery attacks.
Anthropic launched Project Glasswing earlier this year as a restricted cybersecurity initiative that gives select organizations access to the unreleased Claude Mythos model to proactively discover software vulnerabilities before attackers can exploit them. The company has intentionally withheld public release of the model due to concerns about potential misuse.
Several partner organizations reported dramatic increases in bug discovery rates while using Mythos Preview. Cloudflare reportedly uncovered around 2,000 software bugs, including 400 high- or critical-severity issues. Mozilla stated that it found and fixed 271 vulnerabilities in Firefox while testing the AI system — more than ten times the number previously identified using older AI models.
The report highlighted growing concerns within the cybersecurity industry about how rapidly advancing AI systems may reshape both offensive and defensive cyber operations. Researchers warned that AI models capable of discovering vulnerabilities at massive scale could pressure organizations to accelerate patching and security response timelines.
Anthropic also stated that the UK AI Security Institute found Mythos to be the first AI model capable of successfully completing certain advanced cyberattack simulation tests end-to-end.
Despite concerns, cybersecurity professionals noted that AI-assisted vulnerability hunting is also becoming a powerful defensive tool. Industry experts believe systems like Mythos could significantly improve software security by identifying flaws faster than traditional manual testing methods.
The findings come as governments, financial institutions, and technology companies increasingly debate how to regulate highly capable AI systems with advanced cybersecurity abilities. Anthropic has reportedly been briefing regulators and international watchdogs on the broader implications of AI-driven vulnerability discovery.
