The Anthropic company has released the initial results from testing a preliminary version of the Mythos AI model, which has greatly enhanced the ability to uncover errors, identify vulnerabilities, and create exploit code. Through scanning over a thousand high-profile open source projects, Anthropic utilized the Mythos AI model and discovered a total of 23,019 vulnerabilities, with 6,202 of these vulnerabilities being classified as high or critical.
Out of the 6,202 high-risk vulnerabilities identified by Mythos, independent security companies reviewed 1,752 of them. Of these, 1,587 cases (90.6%) confirmed the presence of the vulnerability, with 1,094 (62.4%) still considered high or critical level threats. Anthropic plans to continue scanning open source projects, estimating that Mythos will uncover an additional 3,900 vulnerabilities that are considered dangerous when reviewed by 50 Glasswing project participants.
A total of 467 verified vulnerabilities were shared with companies that conducted reviews to support open source projects. Furthermore, the Anthropic team provided maintainers with information on 1,129 unverified issues upon request. Overall, maintainers of open source projects were made aware of 1,596 problems, with 1,451 vulnerabilities being confirmed. However, only 97 issues have been addressed in the codebases and 88 public reports on vulnerabilities have been released.
Moreover, the 50 participants involved in the Glasswing project, who were granted early access to the Mythos model, uncovered over 10,000 dangerous vulnerabilities within their own codebases. For instance, Cloudflare discovered more than 2,000 bugs using Mythos, with 400 being classified as high or critical vulnerabilities. Notably, Cloudflare’s false positive rate was lower compared to human testing. Similarly, Mozilla detected 271 vulnerabilities in the code of Firefox 150 using Mythos, a significant increase from the 27 vulnerabilities found in Firefox 148 when using Claude Opus 4.6 for testing.