Home
News
Details

Anthropic's Mythos AI Detects 23,000 Open-Source Vulnerabilities, Including 27-Year-Old OpenBSD Flaw

iconCryptoBriefing
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
AI summary iconSummary

expand icon
Anthropic's Mythos AI, part of AI + crypto news, uncovered 23,000 open-source vulnerabilities, including a 27-year-old flaw in OpenBSD and a 16-year-old issue in FFmpeg. Of these, 1,726 were high or critical severity, with over 99% still unpatched. The firm launched Project Glasswing, offering up to $100 million in model credits to partners like AWS, Apple, and Google. Security breach risks remain high as many flaws remain unresolved.

Anthropic’s newest AI model just went hunting for bugs in open-source software. It found a lot of them.

Claude Mythos Preview, the company’s autonomous vulnerability detection model, identified more than 23,000 potential security vulnerabilities across over 1,000 open-source projects drawn from the OSS-Fuzz corpus. Of those, 1,726 have been confirmed through external review. More than 1,000 of the confirmed bugs were rated high or critical severity.

Decades-old bugs, freshly surfaced

Among the vulnerabilities Mythos flagged: a 27-year-old security flaw in OpenBSD and a 16-year-old vulnerability in FFmpeg. Both are widely used, foundational pieces of open-source infrastructure.

Advertisement

More than 99% of the zero-day vulnerabilities discovered by Mythos remained unpatched at the time of disclosure, according to the model’s evaluations.

Project Glasswing and the $100 million commitment

Anthropic launched Project Glasswing, a controlled consortium giving select partners access to Mythos Preview so they can identify and remediate critical vulnerabilities in their own software.

The partner list includes AWS, Apple, Google, Microsoft, NVIDIA, and JPMorgan Chase. Anthropic has pledged up to $100 million in model usage credits to support this effort. On top of that, over $4 million has been earmarked specifically for enhancing the security of open-source projects.

By placing Mythos behind a controlled access program rather than releasing it broadly, Anthropic maintains a proprietary advantage. Discussions are already circulating about whether similar vulnerability detection could be accomplished with publicly available models.

What this means for the cybersecurity landscape

Finding over 23,000 potential vulnerabilities in a single sweep, with more than 1,000 confirmed as high or critical severity, moves the conversation from theoretical to operational.

The 1,726 confirmed vulnerabilities still needed external review to validate. Given that more than 99% of the zero-days Mythos discovered were unpatched at disclosure, patching and remediation has not kept pace with what the AI is finding.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.