May 26, 2026

Anthropic’s Mythos detects 23,000 vulnerabilities in OSS projects

Anthropic’s Claude Mythos model has detected over 23,000 potential vulnerabilities across more than 1,000 open source software (OSS) projects, with 1,726 of these confirmed, including over 1,000 rated as ‘high’ or ‘critical’ severity. The company, which initiated this scanning as part of its Project Glasswing, anticipates that nearly 3,900 critical and high-severity vulnerabilities will eventually be verified. The findings are still under review, and although only a limited number of patches have been released so far, Anthropic expects more to follow as the 90-day window for vendors to respond is still open. To assist developers in addressing these vulnerabilities, Anthropic has also launched Claude Security, a dedicated codebase scanner.

Curl: Curl is a widely used open source tool and library for data transfer over networks. Mythos Preview testing on Curl yielded minimal findings, consistent with its established maturity.
XBOW: XBOW is an autonomous offensive security firm specializing in vulnerability research. It evaluated Mythos Preview and confirmed the model’s effectiveness in identifying security issues.
Google: Google is a technology company with extensive open source and security initiatives. It received access to Mythos Preview for evaluation, with results potentially contributing to Chrome vulnerability detections.
Mozilla: Mozilla develops the Firefox web browser and related open source projects. It participated in Mythos Preview testing and used the model to identify vulnerabilities within Firefox.
Anthropic: Anthropic is an AI company focused on developing advanced large language models including the Claude series. Its Mythos model was deployed to scan open source software projects for security issues, resulting in the launch of the Claude Security codebase scanner to assist developers.
Palo Alto Networks: Palo Alto Networks provides cybersecurity solutions and services. The company tested Mythos Preview and leveraged it to discover multiple security flaws in its offerings.

AI Security Tools: Anthropic introduced Claude Security as a dedicated scanner to help developers address security issues uncovered by models like Mythos.
Collaborative Testing: Project Glasswing enables selected organizations to evaluate Mythos Preview while Anthropic works on safeguards ahead of broader availability.
Vulnerability Disclosure: Anthropic operates under a Coordinated Vulnerability Disclosure policy that includes a defined window for vendors to address reported issues.