Claude Mythos Preview found 10,000+ critical vulnerabilities in one month. Here's what that actually means.
Anthropic's Project Glasswing used Claude Mythos Preview to find over 10,000 high or critical vulnerabilities across critical software in just one month.
One month into Project Glasswing, Anthropic has published its first update, and the numbers are striking. Working with roughly 50 partner organisations, Claude Mythos Preview has identified more than 10,000 high- or critical-severity vulnerabilities across some of the most widely used software on the planet.
To be clear about what that means: these are not theoretical risks or low-priority warnings. High and critical vulnerabilities are the kind that attackers actively look for and exploit. Finding 10,000 of them, in a single month, across software that underpins a significant portion of the internet, is a meaningful result.
What is Project Glasswing, and who is involved?
Anthropic launched Project Glasswing in April 2026, initially releasing Claude Mythos Preview to 11 companies to help find and fix security vulnerabilities. The partner list has since grown to around 50 organisations, including Cloudflare, Mozilla, Palo Alto Networks, Oracle, and Microsoft.
The idea is straightforward: Mythos Preview is a frontier model capable of autonomously finding zero-day vulnerabilities and constructing working exploits for them. Rather than keep that capability locked away, Anthropic is using it defensively, giving it to the organisations whose software, if compromised, would affect billions of people.
The results so far
The partner-level numbers are worth reading slowly:
- Cloudflare found 2,000 bugs across its critical systems, 400 of which are high- or critical-severity. Its team rated the false positive rate as better than human testers.
- Mozilla found and fixed 271 vulnerabilities in Firefox 150, more than ten times the number found in Firefox 148 using Claude Opus 4.6.
- Palo Alto Networks shipped over five times its usual number of patches in its latest release.
- Oracle is fixing vulnerabilities multiple times faster than before.
- Microsoft has signalled that its patch releases will “continue trending larger for some time”, a statement that apparently reflects what Mythos Preview has been surfacing internally.
Separately, Anthropic has used Mythos Preview to scan more than 1,000 open-source projects over the past few months. Of the vulnerabilities found, 1,752 have been independently assessed by six security research firms. The result: 90.6% were confirmed as genuine vulnerabilities, and 62.4% were rated high or critical. At those accuracy rates, Anthropic estimates the open-source scan alone is on track to surface nearly 3,900 confirmed high- or critical-severity vulnerabilities.
One concrete example: Mythos Preview found a flaw in wolfSSL, a cryptography library used by billions of devices. The model constructed a working exploit that could allow an attacker to forge certificates, effectively enabling fake websites for banks or email providers to pass as legitimate.
How the model actually works on this
Anthropic’s approach is methodical rather than brute force. Instead of scanning every file in a codebase, Mythos Preview first ranks files by how likely they are to contain interesting bugs, on a scale of one to five. A file that handles raw input from the internet or manages authentication scores higher. The model starts at the top of that ranked list and works down.
In a typical run, it reads the code, forms hypotheses about where vulnerabilities might exist, runs the software to test those hypotheses, and then either reports no bug or produces a bug report with a proof-of-concept exploit and reproduction steps. That structured output is part of why the false positive rates are holding up well under independent review.
The new bottleneck: patching, not finding
Here is the part of this update that deserves the most attention. Of the 530 high- or critical-severity bugs disclosed from the open-source scanning work, only 75 have been patched so far.
The problem is no longer finding vulnerabilities. It is processing them. A high or critical bug takes an average of two weeks to patch, and some open-source maintainers have asked Anthropic to slow down disclosures because the volume is overwhelming their capacity to respond.
Anthropic’s advice to organisations is practical: shorten patch testing and deployment timelines, enforce multi-factor authentication, harden default configurations, and keep comprehensive logs. None of that is new guidance, but the urgency behind it is different when the vulnerability discovery rate has increased by a factor of ten.
What Anthropic is releasing more broadly
Alongside this update, Anthropic has launched two things worth knowing about:
Claude Security is now in public beta for Claude Enterprise customers. It lets teams scan their own codebases for vulnerabilities and generates proposed fixes. In three weeks since launch, it has been used to patch over 2,100 vulnerabilities using Claude Opus 4.7.
The Cyber Verification Program allows security professionals doing legitimate work, including penetration testing and red-teaming, to use Anthropic’s models with fewer restrictions. Anthropic is also making the full toolset used in Project Glasswing available to qualifying customers on request. That includes the custom skill sets built and shared by partners, an automated scanning harness, and a threat model builder that maps a codebase and prioritises where the model should focus.
Why Mythos Preview is not publicly available
The same capability that makes Mythos Preview useful for defenders makes it dangerous in the wrong hands. Anthropic has been direct about this: no company, including Anthropic itself, currently has safeguards strong enough to prevent a model at this capability level from being seriously misused. That is why it remains restricted to vetted partners rather than available via the standard API.
The model is being priced at $25 per million input tokens and $125 per million output tokens for participants, once the initial $100 million in usage credits runs out.
What this means for you
If you maintain software, the signal here is that the pace of vulnerability discovery has shifted permanently. Tools like Claude Security mean that organisations do not need to wait for Project Glasswing access to start scanning their own code. If your team is not already using AI-assisted vulnerability scanning in some form, that gap is worth closing.
If you are a security professional, the Cyber Verification Program is worth looking at. The tools being released, particularly the threat model builder and scanning harness, represent a meaningful step up from running a model manually against a codebase.
And if you are a user of software made by Cloudflare, Mozilla, or any of the other Glasswing partners, the immediate practical effect is that the software you rely on has fewer critical vulnerabilities in it than it did two months ago. That is a genuinely good outcome, even if the patching backlog is a reminder that the work is far from finished.