Anthropic’s Claude Mythos Flags 23K Potential Open-Source Security Flaws

Anthropic’s latest Project Glasswing update carries a warning for the software world.

Claude Mythos Preview flagged 23,019 potential vulnerabilities in open-source projects, with 6,202 estimated as high- or critical-severity. Anthropic said the volume of AI-found flaws is turning verification, disclosure, and patching into the new bottleneck.

AI-powered vulnerability hunting could soon test whether defenders can move as quickly as the models scanning their code.

Many of the AI-found bugs held up

The AI model’s open-source scan covered more than 1,000 projects. A subset went through additional checks by independent security firms or Anthropic itself, and the early validation numbers were substantial:

• 1,752: High- or critical-rated findings reviewed by outside security firms or internal researchers.
• 90.6%: Reviewed findings judged to be valid true positives.
• 62.4%: Reviewed findings confirmed as high- or critical-severity.
• Nearly 3,900: Projected high- or critical-severity open-source vulnerabilities if current post-triage rates hold.

One example came from wolfSSL, an open-source cryptography library used in billions of devices. Mythos Preview found a now-patched flaw that could have allowed an attacker to forge certificates, potentially making a fake banking or email site appear legitimate to an end user.

Discovery itself is becoming the easier part. “Finding them in the first place has become vastly more straightforward with Mythos Preview,” the AI company said.

Patching could not keep up

Coordinated disclosure is intended to give software teams time to verify flaws, prepare fixes, and allow users to update before details become public. Mythos Preview is testing how well that process works when findings arrive in bulk.

Each report still needs human review. Researchers have to reproduce the issue, rate its severity, check whether a fix already exists, and give maintainers enough detail to repair the code safely. Some maintainers asked Anthropic to slow the pace of disclosures because they needed more time to respond.

Anthropic said it has disclosed 530 high- or critical-severity bugs to maintainers so far, but only 75 have been patched. On average, a bug at that severity level takes about two weeks to fix.

The low patch count partly reflects the early stage of the standard 90-day disclosure window, and some fixes may not yet be visible because not every patch gets a public advisory.

Public release is still off the table

Anthropic has kept Mythos-class models out of general release while using the technology with Project Glasswing partners. Models as capable as Mythos Preview will soon be developed by many AI companies, the Claude-maker warned, making access controls and safeguards more urgent.

Access remains limited because safeguards have not kept pace with capabilities. “No company — including Anthropic — has developed safeguards strong enough to prevent such models from being misused,” the company said.

Near-term access is moving through Project Glasswing instead. The program will expand to more critical partners, including the US and allied governments, while qualifying security teams get defensive tools such as Claude Security, scanning workflows, a codebase-mapping harness, and a threat model builder.

Google’s latest Search headache shows how generative AI can make old spam tactics feel newly dangerous.