Anthropic's Project Glasswing published its first quantified results on May 22, one month after the initiative launched with twelve named partner organizations. The headline figure: more than 10,000 high- or critical-severity vulnerabilities identified across the most widely used software on the internet, accumulated by roughly 50 partner organizations deploying Claude Mythos Preview in controlled, defensive security workflows.

That number matters differently than it did a month ago. When Glasswing launched on April 7, Anthropic's language was careful and restrictive — Mythos Preview would not be made generally available, and the emphasis was on what would not happen. The May 22 update retains that restriction but reorients the framing around what will eventually happen: "In the near future, once we've developed the far stronger safeguards we need, we look forward to making Mythos-class models available through a general release." That is a conditional statement of intent, not a release date. No timeline exists. But it is a meaningful change in public posture from a frontier lab whose public statements tend to telegraph internal direction six to twelve months in advance.

What the Open Source Software Security Vulnerabilities Numbers Actually Show

The 10,000-plus figure is aggregated. Breaking it into components is more informative.

Cloudflare found 2,000 bugs in its own critical-path systems, 400 of which were rated high or critical severity. The company's security team reported that Mythos Preview produced a lower false-positive rate than conventional human-led testing — a claim that cuts against the assumption that scale and precision trade off. Mozilla found and fixed 271 vulnerabilities in Firefox 150, more than ten times the number it found in Firefox 148 using Claude Opus 4.6.

Separately, Anthropic has directed Mythos Preview to scan more than 1,000 open-source projects over the past several months. The model identified an estimated 6,202 high- or critical-severity vulnerabilities in that corpus. Six independent security research firms vetted 1,752 of the high- or critical-rated findings; 90.6% confirmed as valid true positives, and 62.4% confirmed as high or critical severity. At current true-positive rates, Anthropic projects nearly 3,900 high- or critical-severity vulnerabilities will surface from those open-source scans alone. The UK's AI Security Institute confirmed Mythos Preview as the first model to solve both of its cyber range simulations — multistep cyberattack scenarios — end to end.

One documented example: Mythos Preview identified CVE-2026-5194 in wolfSSL, an open-source cryptography library used by billions of devices. The model constructed a working exploit that would have let an attacker forge certificates — enabling fake banking or email websites indistinguishable to end users from the legitimate ones. The vulnerability has since been patched.

Open Source Maintainers Ask Anthropic to Slow Down

The scale of discovery has created a problem the program did not anticipate at launch: the bottleneck has shifted. Vulnerability discovery, which used to be the limiting constraint in software security, is no longer the hard part. Patching is.

Several open-source maintainers have asked Anthropic to reduce its disclosure pace because they lack the staffing capacity to triage, reproduce, and patch the incoming volume. Of the 530 high- or critical-severity bugs Anthropic has disclosed to maintainers from its open-source scanning work, 75 have been patched as of the May 22 update. A high- or critical-severity bug found by Mythos Preview takes roughly two weeks to patch on average. The gap between confirmed findings and deployed fixes represents the real risk window — and it grows wider every week the model continues scanning.

Forrester Research described this dynamic as a structural break: Glasswing will break the vulnerability management playbook because the entire system downstream — 90-day disclosure windows, coordinated vulnerability programs, patch release cycles, manual triage processes — was calibrated around the assumption that finding vulnerabilities is hard. Daniel Stenberg, founder and lead developer of cURL, told The Register that even improved AI reporting adds significant load: "This risk adds more load on countless open source maintainers already struggling."

To address this directly, Anthropic has partnered with the Open Source Security Foundation's Alpha-Omega project, committing $4 million to help maintainers process and triage reports at scale.

Claude Security Public Beta: What Enterprise Buyers Can Access Now

While Claude Mythos Preview itself remains gated, Anthropic launched Claude Security in public beta for Claude Enterprise customers on May 22. The product scans code repositories for vulnerabilities and generates proposed fixes, using Claude Opus 4.7. In the three weeks since launch, Claude Opus 4.7 has been used to patch more than 2,100 vulnerabilities through the tool — a significantly faster pace than the open-source patching described above, because enterprises fix their own code directly rather than routing through coordinated disclosure and volunteer maintainers.

Alongside Claude Security, Anthropic launched a Cyber Verification Program, which allows vetted security professionals — vulnerability researchers, penetration testers, red team operators — to use Anthropic's publicly available models for legitimate security work without certain safeguards ordinarily in place to prevent cyber misuse.

How Does AI Find Zero-Day Vulnerabilities at This Scale?

The capability that underlies Mythos Preview's performance is not a specialized security module — it is a byproduct of general capability improvement. Anthropic has described Mythos's security capabilities as having emerged as a downstream consequence of advances in code understanding, reasoning, and autonomous execution. The model can launch debuggers, spin up scanning subagents, form and test hypotheses, and execute code, transforming it from a reasoning tool into an active agent operating on live systems.

XBOW, an independent AI security platform, described Mythos Preview as providing "absolutely unprecedented precision" on a token-for-token basis and "a significant step up over all existing models" on its web exploit benchmark — while also noting the model is "too literal and conservative" in some exploit validation scenarios, sometimes overstating severity. Palo Alto Networks, one of the original Glasswing partners, included over five times as many patches as usual in its latest software release.

Not every expert accepts the most optimistic framing. Heidy Khlaaf, chief AI scientist at the AI Now Institute and a former lead evaluator at OpenAI, has flagged missing comparison benchmarks and ambiguous human involvement in Anthropic's initial disclosures, cautioning against treating the company's self-reported figures as independently verified.

Glasswing Partners May Now Share Findings Outside the Program

On May 19 — three days before the quantified results update — Anthropic also revised the confidentiality terms governing Glasswing. Partners may now share vulnerabilities, best practices, tools, and code developed through the program with security teams at other companies, industry bodies, regulators, government agencies, open-source maintainers, the media, and the public, subject to responsible-disclosure norms. Previously, findings were expected to stay within the participating organizations.

An Anthropic spokesperson confirmed to multiple outlets that the original confidentiality terms were partner-driven rather than Anthropic-mandated: "While there was never a specific Glasswing NDA, confidentiality protections were something partners asked for at the outset and were built into agreements partners signed." As the program matured, those terms were loosened to enable broader defensive coordination.

The practical effect: a vulnerability Mythos identified at AWS that affects the same library at a company outside Glasswing can now be shared through standard security channels. The pool of organizations that can act on Mythos-derived findings is now significantly wider than the fifty-plus vetted participants.

Regulators Now Watching: Financial Stability Board Requests Briefing

The May 22 results update arrived against a backdrop of escalating regulatory attention. Bank of England Governor Andrew Bailey, who chairs the Financial Stability Board — the body coordinating financial regulation across G20 economies — requested that Anthropic brief the FSB directly on cybersecurity vulnerabilities in the global financial system that Mythos has identified. A draft FSB report on AI in financial services is expected for public consultation. US and Indian officials have separately called emergency meetings with bank leaders to pressure them to test systems against Mythos-class threats.

What's Confirmed and What Remains Speculative

Confirmed: More than 10,000 high/critical vulnerabilities found in one month across roughly 50 partner organizations; Mythos Preview remains restricted with no release date; CVE-2026-5194 in wolfSSL identified and patched; Cloudflare and Mozilla results independently corroborated; open-source scanning projecting nearly 3,900 confirmed high/critical findings; Claude Security in public beta for Enterprise customers; Cyber Verification Program open to vetted security professionals; partners may now share findings outside the program; Anthropic has stated intent to make Mythos-class models generally available once stronger safeguards are developed.

Not confirmed: Any specific release timeline; Mythos 1 as a discrete named product; Opus 4.8 specifications; any rumored summer launch window. A model identifier labeled "Mythos 1" briefly appeared in the Claude interface, per TestingCatalog on May 23 — treat that as a UI signal, not a product announcement. References to Sonnet 4.8 in the March 31 Claude Code source-map leak remain roadmap speculation.

The shift from "we will not release this" to "we look forward to releasing this" is real. The safeguards that would make a general release possible do not yet exist. Those two facts are both true at the same time, and the coverage that treats one as canceling the other is the one most likely to mislead a reader.

Frequently Asked Questions

What vulnerabilities did Claude Mythos find in Project Glasswing's first month?

More than 10,000 high- or critical-severity vulnerabilities across roughly 50 partner organizations in one month of deployment. Cloudflare alone reported 2,000 bugs, 400 rated high or critical severity. Mozilla found and fixed 271 vulnerabilities in Firefox 150. Anthropic's scans of 1,000-plus open-source projects are on track to confirm nearly 3,900 high/critical-severity findings at current true-positive rates.

When will Claude Mythos be publicly available?

Anthropic has not announced a release date. On May 22, 2026, the company stated it looks forward to making Mythos-class models available through a general release once it has developed stronger safeguards — but explicitly conditioned that on work that has not yet been completed. Independent analysts estimate limited enterprise access no earlier than late 2026, with broader availability in 2027 or later.

Is Claude Security available to the public?

Claude Security launched in public beta on May 22, 2026 for Claude Enterprise customers. It uses Claude Opus 4.7 to scan code repositories for vulnerabilities and generate proposed fixes. In its first three weeks of availability, it has been used to patch more than 2,100 vulnerabilities.

What is an AI vulnerability scanner and how does Mythos use one?

An AI vulnerability scanner uses a large language model to autonomously analyze code for security flaws, construct working exploits to confirm they are real, and generate reports for remediation. Mythos Preview does this by combining code reasoning with the ability to launch debuggers, run subagents, and execute code directly on target systems — capabilities that allow it to find and confirm vulnerabilities at a speed and scale that exceeds human security researchers.