An AI model just did what decades of human auditors couldn’t. Anthropic’s Claude Mythos Preview flagged over 23,000 potential vulnerabilities across more than 1,000 open source software projects, and external reviewers confirmed that a meaningful chunk of them are the real deal.
Of those 23,000 flags, independent security firms validated 1,726 as genuine vulnerabilities. More than 1,000 of those confirmed flaws were rated high or critical severity.
What Mythos actually found
The scan, conducted as part of Anthropic’s broader Project Glasswing initiative, targeted a wide swath of critical software. The goal: use semi-autonomous AI scanning to find vulnerabilities that traditional methods have missed for years.
One of the most striking discoveries was a flaw in OpenBSD that had been lurking undetected for 27 years. OpenBSD is an operating system that specifically markets itself on security.
The Mythos model uncovered issues across every major OS and web browser in its scan. Anthropic released these findings in late May 2026, building on an April blog post that first detailed the Mythos model’s capabilities.
Why crypto should be paying attention
None of the 23,000 flagged vulnerabilities directly reference cryptocurrency tokens or specific blockchain protocols. The vast majority of crypto infrastructure runs on open source software. Node clients, wallets, bridges, DeFi protocols, and exchanges all depend on libraries, operating systems, and networking stacks that fall squarely within the scope of what Mythos scanned.
The confirmation rate is also worth noting. Out of 23,000 flags, 1,726 were verified, roughly a 7.5% true positive rate. That’s quite high for automated scanning at this scale.