Overview
- Anthropic says about 50 vetted partners used the Claude Mythos Preview under Project Glasswing and uncovered more than 10,000 high- and critical‑severity vulnerabilities in a single month.
- The company reports scans of more than 1,000 open‑source projects produced an estimated 23,019 findings with 6,202 rated high or critical, and independent firms confirmed about 90.6 percent of a 1,752-sample as valid.
- Several partners and vendors reported steep rises in detections and fixes: Cloudflare flagged roughly 2,000 bugs including 400 high/critical, Mozilla fixed 271 issues in Firefox 150 during testing, and wolfSSL patched a certificate-forgery flaw now tracked as CVE-2026-5194.
- Security teams and open‑source maintainers say the surge has created a bottleneck for verifying reports, coordinating disclosure, and producing safe patches, with some maintainers asking Anthropic to slow disclosures to allow fixes.
- Regulators and governments have been briefed and the company is debating wider access to Mythos-class tools, a move that could shift how quickly defenders patch software while raising new supply‑chain and dual‑use risks.