Anthropic’s Mythos Flags 23,000+ Vulnerabilities

Anthropic says a restricted frontier model in its Mythos family—used under Project Glasswing—has flagged more than 23,000 potential vulnerabilities across roughly 1,000 open-source projects, but the company is holding back a broad public release until containment and access controls are stronger.

Project Glasswing is Anthropic’s controlled program that pairs the Mythos Preview model with roughly 50 partner organizations to test defensive uses and coordinate fixes before capabilities spread more widely.

The headline numbers are not a single, tidy metric: Anthropic and reporting outlets have described about 23,000 potential findings in total, and the company’s initial update said Mythos surfaced more than ten thousand high- or critical-severity issues in early runs. Some independent summaries have broken parts of that down into different counts and severity buckets.

Anthropic’s published examples and internal benchmarks show Mythos rediscovered long‑standing bugs in widely used projects—a 27‑year‑old OpenBSD flaw, legacy problems in FFmpeg, and kernel-level exploit chains in Linux among the cases the company highlights. Those write‑ups are meant to show both the model’s capability and why unchecked release would be dangerous.

The company says the risk is not just discovery but the collapsing window between discovery and weaponization: a powerful model can expose an exploit faster than human teams can triage, notify maintainers, and ship patches, so Anthropic argues stronger technical and policy containment is required before broad distribution.

That containment argument underpins Project Glasswing’s design: Mythos is available only to vetted partners, and Anthropic plans to share patching guidance and aggregated lessons rather than the raw model or an unrestricted scanner. The stated aim is defensive preparation across systemically important software.

The disclosure has already stirred interest from governments and large enterprises seeking controlled access for defensive work, and it has prompted debate inside the security community about who should get early access to such tools and under what conditions. Anthropic says it will expand vetted participation over time while adding safeguards.

Security researchers and policy groups warn that flagging thousands of potential flaws could overwhelm open‑source maintainers and security teams, creating a backlog of triage and patching tasks that operate on human timescales. Those concerns are central to discussions of responsible disclosure in the AI era.

Operational risk also includes the possibility of unauthorized access to model outputs. Reports have surfaced of Mythos being accessed via third parties outside the intended partner program, and Anthropic says it is investigating such incidents as a reminder of the practical containment challenges.

Industry responses have been mixed: some vendors and cloud providers are exploring controlled defensive products that use similar detection capabilities, while other firms call for stricter guardrails, coordinated disclosure timelines, and standards for how AI‑generated findings should be validated. Security trade press has noted competing efforts to widen or limit access.

For open‑source maintainers, the sudden influx of AI‑flagged issues amplifies an existing supply‑chain strain: many projects depend on volunteer time, and automated flags need human triage to confirm exploitability and produce safe patches. Analysts say funding, vendor support, and new tooling will be necessary to convert raw findings into real-world fixes.

Anthropic’s short-term path is procedural: increase containment, broaden vetted defensive partnerships, publish aggregated findings and lessons, and work with the community on disclosure norms before any general release. The company frames Project Glasswing as a testbed to learn how powerful vulnerability‑finding models can be used defensively without enabling widespread misuse.