Overview
- Anthropic disclosed Monday that its Claude Mythos Preview flagged over 23,000 potential vulnerabilities across more than 1,000 open-source and widely used projects during a restricted test program.
- From a reviewed sample, Anthropic reported a 90.6% true‑positive rate with 62.4% of sampled issues rated high severity and company estimates that 3,900 to as many as 6,200 high‑ or critical‑severity flaws may be confirmed as scans continue.
- Access to Mythos remains tightly limited to roughly 50 vetted organizations under Project Glasswing after the company said wider release could enable attackers, and partners such as Cloudflare and Mozilla have used the tool to find and fix hundreds of bugs.
- Despite the large number of findings, published fixes remain small in number because Anthropic follows a 90‑day coordinated disclosure process, some patches are applied without advisories, and maintainers are already overloaded by the sudden volume.
- Signals that Anthropic is preparing product integration for Mythos have appeared in public Claude UI traces, which combined with global regulator interest and cross‑industry briefings raises questions about how and when the company will balance defensive use, access controls, and broader rollout.