Anthropic, the American artificial intelligence company, has revealed that its restricted AI model “Claude Mythos Preview” has identified more than 10,000 high- or critical-severity software vulnerabilities in just one month — a pace of discovery that the global software industry is struggling to match with patches.

The findings were disclosed as part of an update to Project Glasswing, a controlled cybersecurity initiative Anthropic launched in April 2026 alongside the announcement of Claude Mythos Preview. About 50 partner organizations — predominantly major technology and critical infrastructure companies — have been granted exclusive, monitored access to the model. The general public cannot use it.

◆ A Model Built for Cybersecurity, Kept Off the Market

Claude Mythos Preview sits above the existing Claude model lineup, which consists of three publicly available tiers: the lightweight “Haiku,” the versatile mid-range “Sonnet,” and the high-performance “Opus.” Mythos represents a new class beyond Opus, designed with exceptional capabilities in code reasoning, software engineering, and — most strikingly — autonomous vulnerability discovery.

Anthropic chose not to release Mythos commercially. In its announcement, the company described frontier AI as having reached a point where models could “surpass all but the most skilled humans at finding and exploiting software vulnerabilities,” and warned that unrestricted access could threaten “economies, public safety, and national security.” Instead, access is strictly controlled through Project Glasswing, named after the glasswing butterfly (Greta oto), whose transparent wings serve as a metaphor for making hidden weaknesses visible.

“Engineers with no formal security training were able to instruct Mythos to find weaknesses and complete a fully functional attack method by the next morning.”

— Anthropic technical blog

◆ Vulnerabilities Unaddressed for Decades

Among the most striking discoveries was a critical flaw in OpenBSD — widely regarded as one of the world’s most security-hardened operating systems, used in firewalls and critical infrastructure — that had gone undetected for 27 years. Mythos also reportedly identified a long-standing vulnerability in FFmpeg, the video processing library embedded in countless applications, that had persisted undetected for 16 years despite extensive prior testing.

A particularly alarming discovery was CVE-2026-5194, a critical flaw in the WolfSSL cryptographic library (CVSS score: 9.1), which is widely deployed in IoT devices, automotive systems, and industrial control environments. The vulnerability would allow an attacker to forge security certificates, enabling them to impersonate a legitimate bank or email service invisibly to end users.

Cloudflare alone reported finding 2,000 bugs through Mythos — including 400 of high or critical severity — with a false-positive rate that reportedly outperforms human security testers. Anthropic’s initial scan across 1,000+ open-source projects yielded 23,019 candidate findings; external security firms independently reviewed a sample of 1,900 and confirmed 90.8% as valid true positives.

◆ Attack Generation Capabilities Raise the Stakes

What makes Mythos particularly consequential is its ability to autonomously construct working exploits, not merely flag vulnerabilities. According to Anthropic’s technical team, earlier top-tier Claude models succeeded only twice in developing complete attack methods after hundreds of attempts. Mythos succeeded far more often — and without requiring specialized security knowledge from the operator. Anthropic noted that this offensive capability was “not through explicit training” but emerged as a natural result of general improvements in coding ability, reasoning, and autonomous operation.

Anthropic has pointed to state-sponsored threat actors from countries including China, Iran, North Korea, and Russia as particularly concerning in this context, warning that advanced AI capabilities “dramatically reduce the cost of discovering and exploiting vulnerabilities” and could “empower forces opposed to the United States and its allies” if defenses are not strengthened urgently.

The core problem, however, is a mismatch in speed. Of the more than 10,000 vulnerabilities found, fewer than 1% have been patched. Finding flaws at machine speed while patching them at human speed creates a widening window of exposure.

◆ Project Glasswing: Defense First

Project Glasswing’s named launch partners include Microsoft, Apple, Google, Amazon Web Services, Cisco, Nvidia, JPMorgan Chase, CrowdStrike, Palo Alto Networks, and several others involved in foundational operating systems and network infrastructure. Anthropic has committed up to $100 million in usage credits to support the initiative, and access is being expanded on a case-by-case basis to over 40 organizations involved in critical infrastructure.

In a demonstration of Mythos’s defensive versatility beyond vulnerability scanning, a Glasswing partner bank used the model to detect and prevent a fraudulent $1.5 million wire transfer — catching it after an attacker compromised a customer’s email account and made spoofed phone calls to support the fraud.

◆ The Race Between Discovery and Exploitation

The fundamental challenge underscored by Project Glasswing’s first month is structural: AI can now find vulnerabilities far faster than the industry can fix them. With models of comparable capability to Mythos expected to become more broadly available in the near future, the urgency of closing that gap has never been greater.

Anthropic has stated its intention to expand Glasswing access further. But for the finance, telecommunications, transportation, and energy sectors — systems that underpin daily life around the world — the window for getting ahead of these vulnerabilities is narrowing rapidly.