Home
News
Details

Anthropic's Mythos Discovers Over 10,000 Critical Software Vulnerabilities in 30 Days

iconMetaEra
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
AI summary iconSummary

expand icon
Anthropic's Mythos, under Project Glasswing, uncovered over 10,000 high-severity software vulnerabilities in 30 days while collaborating with 50 major developers. The AI identified issues in Cloudflare, Firefox, and OpenBSD, and prevented a $1.5 million fraud attempt. As regulatory compliance measures face new challenges, the speed of AI-driven discovery now exceeds human patching capabilities, creating an expanding backlog. With MiCA nearing enforcement, pressure to secure infrastructure continues to rise.
Factory A's Glass Wing initiative scored a resounding first victory: Mythos uncovered 10,000 critical vulnerabilities within 30 days and even blocked $1.5 million in phishing scams. Overwhelmed by the flood of reports, human developers broke down and pleaded: "Please stop finding vulnerabilities—we can't keep up!"

Author and source: ASI Revelation, New Ze Yuan

Just now, Anthropic released another shocking message that has stunned the global tech and security communities.

The first-month battle report for the Glass Wing Project has been officially released!

In this covert operation, Anthropic deployed its next-generation flagship large model, Claude Mythos Preview, for the first time.

In just 30 days, it partnered with approximately 50 global tech giants and critical infrastructure software developers to uncover over 10,000 high-severity or critical software vulnerabilities!

Even more alarming, it can not only find vulnerabilities but also automatically construct end-to-end attack chains.

Even in a real business transaction with a partner bank, we successfully intercepted a $1.5 million wire fraud attempt!

For a moment, the entire security community was shaken.

Some security experts have even desperately cried out on X: “The foundation of the internet has been turned upside down by AI… we might really be in trouble!”

A Wild 30 Days: Global Tech Giants Experience Firsthand—Just How Terrifying Is Mythos?

In April 2026, Anthropic quietly launched Project Glasswing. The name reflects the aspiration to make the world’s most important proprietary and open-source software transparent and secure.

The first participants in the program are approximately 50 key infrastructure software developers.

Within just one month of gaining access to the Claude Mythos Preview, the entire industry’s worldview was shattered.

Take a look at this dazzling report—

Cloudflare reported that Mythos uncovered 2,000 vulnerabilities in critically essential core system pathways, 400 of which are classified as high or critical severity.

Even more astonishing, Cloudflare’s security team exclaimed: the AI’s false positive rate is even lower than that of top human security testers.

In the latest Firefox 150 browser test by Mozilla, Mythos patched 271 critical vulnerabilities at once.

This number is more than ten times the number of vulnerabilities discovered in Firefox 148 using Opus 4.6!

The achievements reported by OpenBSD are downright chilling: Mythos uncovered a 27-year-old hidden bug within OpenBSD’s codebase!

Moreover, the model constructed a complete exploit chain without any human intervention.

The UK AI Safety Institute has provided official endorsement, confirming that Mythos Preview is the world’s first AI model capable of fully defeating their dual-network challenge end-to-end.

In practical defense, Mythos also shines brilliantly.

At a partner bank, a group of hackers successfully compromised customers' email accounts and used AI voice cloning technology to make fraudulent phone calls.

Just moments before the $1.5 million wire transfer was about to be withdrawn, the Mythos model detected the scam in real time by analyzing anomalous behavior patterns and immediately blocked the transaction!

“We这群 human security experts look like cavemen with spears, watching an F-22 fighter jet fly overhead,” remarked a security researcher who participated in the beta test on X.

Billions of exposed devices worldwide were saved by Mythos!

However, Mythos has also triggered a production crisis.

In the past, the core bottleneck in the cybersecurity field was discovering vulnerabilities. Finding a high-risk zero-day vulnerability could take top white-hat hackers weeks or even months.

Now, Claude Mythos has reduced the cost and time of finding vulnerabilities to nearly zero.

Anthropic scanned over 1,000 core open-source projects that underpin the internet. The results were alarming—

A total of 23,019 vulnerabilities were identified, including 6,202 high or critical vulnerabilities assessed by Mythos!

To ensure the content is not AI-generated nonsense, Anthropic partnered with six leading independent security research firms worldwide for manual cross-verification.

The results show that AI’s true positive rate (i.e., vulnerabilities that actually exist) reaches an impressive 90.6%! Upon final verification, 1,094 of these were confirmed as high-severity or critical vulnerabilities with conclusive evidence.

Open-source vulnerability dashboard displaying vulnerabilities of all severity levels

Here, we must mention an extremely typical case—wolfSSL.

wolfSSL is a highly renowned open-source cryptography library used in billions of devices worldwide, including IoT devices, routers, and smart cars.

However, before Mythos, wolfSSL’s defenses were meaningless. Mythos not only discovered an extremely subtle logical vulnerability but also wrote its own attack code!

With this code, hackers can freely forge digital certificates to create extremely realistic bank websites or email login pages with no flaws.

If this vulnerability had not been discovered and reported for repair by Mythos in advance, the consequences could have been catastrophic if exploited by malicious actors.

Billions of devices worldwide have been running dangerously exposed—and now, Mythos has pulled them back from the edge.

Epic twist: Finding bugs is no longer the bottleneck—fixing them is!

As Project Glasswing progresses, an unprecedented phenomenon has emerged in the history of cybersecurity.

The bottleneck in cybersecurity is no longer finding vulnerabilities. The current bottleneck is that humans patch vulnerabilities far slower than AI can discover them.

For open-source community maintainers, this is a nightmare.

Anthropic’s vulnerability reports are flooding open source communities like snowflakes. Authors are overwhelmed.

Stop mining! Please slow down! We really can’t keep up!

According to Anthropic, several open-source maintainers recently sent pleading emails, asking them to slow down the pace of vulnerability disclosures due to severe staffing shortages.

Even with detailed reports, human programmers still take an entire two weeks on average to fix a high-severity vulnerability.

Of the 1,129 vulnerabilities submitted by Anthropic to open-source authors, only 75 critical vulnerabilities have been successfully patched. The current security ecosystem is severely overloaded!

Magic beats magic: Anthropic's defense

Since humans can't fix it anymore, let's use magic to defeat magic.

Anthropic has decisively launched the "Defender Toolkit" solution.

First up is the highly anticipated launch of Claude Security.

This is an automation tool designed exclusively for Claude Enterprise customers. Its logic is simple: I don’t just identify vulnerabilities in your codebase—I also generate the fix patches for you.

In just three weeks since launch, enterprise clients have used Opus to rapidly fix over 2,100 vulnerabilities!

Second is the "Network Verification Program."

Anthropic now allows professional white-hat hackers, penetration testers, and red-blue team operators to temporarily disable certain "safety restrictions" of the Claude model under legal and compliant conditions for legitimate vulnerability research and target testing.

More interestingly, Anthropic has directly open-sourced a "bug-finding pipeline."

1. Customized Instructions (Skills): Learn how to keep AI focused for in-depth code reviews.

2. Automation Framework (Harness): A command system that enables Claude to automatically navigate large codebases, clone sub-agents for parallel scanning, automatically categorize vulnerabilities, and generate reports.

3 Threat Model Builder: Paste in your code directly, and the AI will automatically identify the system’s most vulnerable points, prioritizing targeted defenses.

Network giant Cisco has also stepped forward, announcing the open-sourcing of the "Foundry Security Spec" system to build a security evaluation framework similar to Mythos.

From now on, AI will detect vulnerabilities and generate patches, with humans only responsible for the final review.

This is the ultimate form of future cybersecurity.

The Sword of Damocles: When will Mythos be officially released?

So, when will Claude Mythos officially open?

Anthropic's current stance remains very cautious.

They stated that once "stronger, higher-level security safeguards" are implemented, the Mythos-level model will be fully released to the public!

It can't be released yet because it's too dangerous.

As stated in XBOW’s test report: Mythos Preview achieved a generational leap ahead of all existing models on the Web exploit benchmark, demonstrating unprecedented precision even at the level of individual token generation.

Anthropic is well aware that no company in the world currently has security measures strong enough to guarantee 100% that this model will not be misused.

If the Mythos API were made public today, global hacker groups—and even certain extremist organizations—could effortlessly produce thousands of zero-day exploitation tools at minimal cost tomorrow.

The computers of ordinary people, hospital systems, and power grid control centers will face a catastrophe!

Anthropic's recommendation is:

Shorten the patch cycle! Shorten the patch cycle! Shorten the patch cycle! Don’t wait to release updates once a month—use existing AI tools (such as Opus 4.7) to deploy security fixes to users as soon as possible.

2. Mandatory upgrade policy. Developers must make it as effortless as possible for users to install updates, and for those who refuse to upgrade, enforce a network disconnect. Return to the fundamentals of security.

Strengthen multi-factor authentication (MFA), harden default configurations, and maintain detailed logs. The calm before the storm.

Calm before the storm

In one month, over 50 industry giants joined forces, blocked 10,000+ critical vulnerabilities, and prevented $1.5 million in cryptocurrency fraud—this was just a glimpse of Claude Mythos Preview’s early achievements.

Human programmers are currently enduring a difficult period—overwhelmed by AI-generated reports and fixing bugs that have lurked for two or three decades.

But as Anthropic has envisioned—

Beyond these risks lies an exciting world: one in which humanity’s most critical code will be forged to be a hundred times more secure than today, and cyberattacks will become an exceedingly rare historical footnote.

Let’s quietly thank the AI that tirelessly reviewed hundreds of millions of lines of code.

It likely just prevented a deadly nuclear explosion for you.

Reference materials:

https://x.com/AnthropicAI/status/20579091025425495

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.