Anthropic Mythos: 10,000+ Bugs Found, Public Release Nears

Anthropic's Project Glasswing has identified over 10,000 high- or critical-severity vulnerabilities in widely used internet software. This figure comes from roughly 50 partner organizations using Claude Mythos Preview in security workflows. What's interesting is the change in Anthropic's public stance. While a general release was previously restricted, they now state intent to make "Mythos-class models available through a general release" once stronger safeguards are developed. This signals a future public release, though no timeline exists. Breaking down the numbers, Cloudflare found 2,000 bugs in its systems, with 400 rated high or critical. Mozilla discovered and fixed 271 vulnerabilities in Firefox 150 using Mythos Preview, a significant increase from previous testing. Additionally, Mythos Preview scanned over 1,000 open-source projects, identifying an estimated 6,202 high- or critical-severity vulnerabilities. Independent firms confirmed 90.6% of a vetted subset as valid true positives. The UK's AI Security Institute also confirmed Mythos Preview as the first model to solve both of its cyber range simulations. For example, Mythos Preview found a critical vulnerability in wolfSSL, an open-source cryptography library, which could have allowed attackers to forge certificates. This vulnerability has since been patched. The bottom line is that these findings highlight the significant potential of AI in identifying critical software vulnerabilities.