Anthropic Mythos vulnerability research AI safety cybersecurity

Anthropic Plans Public Release of Mythos Bug-Hunter, Admits Nobody Has the Safeguards to Do It Yet

25 May 2026

Anthropic has announced plans to eventually make its Mythos AI model — which excels at finding security vulnerabilities in code — publicly available, but only once sufficient safeguards are developed, which the company admits do not yet exist. In the meantime, access is being expanded through its "Project Glasswing" programme to additional partners, including allied governments. Mythos has already identified over 23,000 flaws across 1,000+ open-source projects, though the volume of discoveries is straining an already overloaded security ecosystem, with many maintainers struggling to keep pace with the volume of reported vulnerabilities.

Anthropic wants to eventually release Mythos-class models to the general public. The catch: the company openly admits that nobody, including itself, has figured out how to stop them being weaponised.

For those not already up to speed, Mythos is Anthropic's AI model purpose-built for hunting security vulnerabilities in code. It is, by all accounts, extremely good at this. Good enough that Anthropic decided back in April that releasing it freely would hand cybercriminals an absurdly powerful tool for finding exploitable flaws before defenders could patch them. So instead, access was restricted to a curated group of vetted partners under something called Project Glasswing.

The results so far are striking. Mythos has scanned over 1,000 open-source projects that collectively prop up large chunks of the internet, and has turned up an estimated 23,019 vulnerabilities in total. Of those, 6,202 were rated high or critical severity. Among the confirmed critical findings was a flaw in wolfSSL, a cryptography library embedded in billions of devices. Mythos built a working exploit demonstrating how an attacker could forge certificates and impersonate legitimate websites, banks, email providers, the works. wolfSSL has been patched. A full technical breakdown, along with CVE-2026-5194, is supposedly coming soon.

Project Glasswing participants have reported that Mythos finds bugs quickly, though rarely ones a sufficiently resourced human team couldn't eventually catch themselves. The more pressing problem is volume. The thing finds so many issues that security teams can't patch them fast enough. Some open-source maintainers have reportedly asked Anthropic to slow down its disclosure rate because they simply don't have the capacity to respond.

That dynamic is visible in the numbers. Of the 530 high-or-critical bugs Anthropic has formally reported, only 75 have been patched so far, with 65 receiving public advisories. Anthropic frames this as a timing issue, pointing to its 90-day coordinated disclosure window, and suggests the patch count will grow. But the underlying tension is real: an AI that generates vulnerability reports faster than humans can fix them is not straightforwardly a good thing.

The wider impact has already been felt. Japan launched a government-wide security audit after Mythos became public knowledge. Indian regulators pushed financial institutions to accelerate patching. Perhaps more consequentially, the existence of Mythos has forced a general reckoning with the fact that even mid-tier AI models are reasonably competent vulnerability finders. Attackers do not need Mythos specifically to benefit from this shift.

As for the public release, Anthropic's update buried the announcement in its penultimate paragraph. The plan is to first expand Project Glasswing to additional partners, including US and allied governments, then eventually make Mythos-class capability broadly available once "far stronger safeguards" exist. The company gave no timeline for this, and was candid that those safeguards don't yet exist anywhere in the industry.

Anthropics suggested remedy for security teams drowning in AI-generated bug reports is, predictably, more AI. Specifically, Claude with enhanced developer-assistance capabilities. Whether that helps close the gap between discovery and remediation, or simply adds another layer of complexity to an already strained ecosystem, remains to be seen.