Mythos detects flaws faster than teams can verify, disclose, and patch, prompting the withholding of detailed technical specifics to avoid end-user risk.

Plans to expand Mythos access in a controlled fashion to the United States and allied governments, though specific countries or partners have not been disclosed.

The expansion also aims to broaden access for US and allied governments, reiterating that safeguards against misuse are still lacking.

Rapid AI-driven vulnerability detection is pressuring software teams, as current processes for verification, risk assessment, patching, and reporting remain lengthy and complex.

Public AI tooling to aid defense teams is emerging, including Claude Security in public beta and a triage/toolchain for codebase mapping and reporting, with Cisco open-sourcing its Foundry Security Spec.

Disclosures follow a Coordinated Vulnerability Disclosure policy to illustrate performance and aggregate statistics while avoiding end-user risk until patches are deployed.

Industry context shows AI-assisted vulnerability discovery driving patching activity, with observers noting the dual-use nature of Mythos and the importance of defensive adoption.

Anthropic remains cautious about public release, citing risks of widespread zero-day tool production and calling for accelerated patch cycles, stronger upgrades, MFA, hardened defaults, and detailed logging.

Anthropic says Claude Mythos Mythos Preview, part of Project Glasswing, has identified more than 10,000 high- or critical-severity vulnerabilities across about 50 partner systems.

External evaluations support the model’s capabilities, with the UK AI Security Institute noting end-to-end cyberattack simulations and Mozilla reporting a notable rise in fixed vulnerabilities in Firefox between versions.

Anthropic urges shorter patch cycles and stronger security measures, arguing fixes must be rolled out faster as AI-powered attackers grow more capable.

Open-source scans covered over 1,000 projects, finding 6,202 high- or critical-severity flaws, with 1,752 assessed by independent firms and a 90.6% true-positive rate indicating effective issue discovery.