Mythos' First Report: Billions of Global Devices Running Without Security, 10,000 Critical Vulnerabilities Found in 30 Days

Human programmers have crashed.

The first battle of Factory A's Project Glasswing was a resounding success. Mythos discovered 10,000 critical vulnerabilities within 30 days and even intercepted a $1.5 million cyber - fraud! Faced with a flurry of reports, human programmers pleaded in despair: "Please stop finding vulnerabilities. We can't fix them all!"

Just now, Anthropic released another piece of news that shocked the global technology and security circles.

The first - month battle report of "Project Glasswing" has been officially announced!

In this secret operation, Anthropic for the first time deployed the next - generation top - tier large - language model, Claude Mythos Preview.

Within just 30 days, it collaborated with about 50 global internet giants and developers of critical infrastructure software, and uncovered over 10,000 high - risk or severe - level software vulnerabilities at once!

Even more terrifying is that it can not only find vulnerabilities but also automatically construct end - to - end attack chains.

Even in the real - world business of a partner bank, it successfully intercepted a $1.5 million cyber - fraud!

For a moment, the entire security circle was completely shaken.

Some security experts even exclaimed in despair on X: "The foundation of the Internet has been turned upside down by AI... We might really be in big trouble!"

30 Crazy Days

Global Tech Giants' First - hand Experience: How Terrifying is Mythos?

In April 2026, Anthropic secretly launched Project Glasswing. The name implies the hope that the world's most important closed - source and open - source software will become transparent and secure.

Approximately 50 developers of critical infrastructure software were the first to join the project.

After they obtained the testing permissions for Claude Mythos Preview, the entire industry's perception was shattered within just one month.

Let's take a look at this eye - popping battle report:

Cloudflare reported that in its extremely critical core - path system, Mythos discovered 2,000 vulnerabilities at once! Among them, 400 were high - risk or severe - level vulnerabilities.

Even more incredibly, Cloudflare's security team exclaimed that the false - alarm rate of this AI is even lower than that of the world's top human security testers.

In the latest test of Mozilla's Firefox 150 browser, Mythos fixed 271 high - risk vulnerabilities at once.

This number is more than 10 times the number of vulnerabilities found using Opus 4.6 in the Firefox 148 version!

OpenBSD's reported results are simply spine - chilling: Mythos uncovered an old bug that had been hidden in OpenBSD's codebase for a full 27 years!

Moreover, the model constructed a complete vulnerability exploitation chain on its own without human intervention.

The UK AI Security Research Institute provided an official endorsement. They confirmed that Mythos Preview is the world's first AI model that can completely overcome the dual - network shooting range they set up end - to - end.

Mythos also showed its prowess in actual combat defense.

In a partner bank, a hacker group had successfully invaded a customer's email and used AI voice - cloning technology to make a fraudulent call.

Just as a $1.5 million wire transfer was about to be sent, the Mythos model instantly recognized the scam and forcibly blocked the transaction by analyzing the abnormal behavior chain in real - time!

"We human security experts look like primitive people holding spears, watching an F - 22 fighter jet fly overhead." A security researcher who participated in the internal test sighed on X.

Billions of Vulnerable Devices Worldwide Saved by Mythos!

However, Mythos has also triggered a productivity crisis.

In the past, the core bottleneck in the cybersecurity field was finding vulnerabilities. It might take top white - hat hackers weeks or even months to find a high - risk zero - day vulnerability.

Now, Claude Mythos has reduced the cost and time of finding vulnerabilities to "almost zero."

Anthropic used it to scan more than 1,000 core open - source projects that support the operation of the Internet. The results were hair - raising:

A total of 23,019 vulnerabilities were found, including 6,202 high - risk or severe vulnerabilities evaluated by Mythos!

To ensure that the AI was not "talking nonsense," Anthropic collaborated with six world - class independent security research companies for manual cross - verification.

The results showed that the true - positive (i.e., the vulnerability actually exists) accuracy rate of the AI was as high as 90.6%! Finally, 1,094 high - risk or severe vulnerabilities were confirmed.

Open - source vulnerability dashboard showing vulnerabilities of all severity levels

Here, we must mention a very typical case - wolfSSL.

wolfSSL is a very well - known open - source cryptography library, and billions of devices worldwide (including IoT devices, routers, smart cars, etc.) use it.

However, in front of Mythos, wolfSSL's defenses were useless. Mythos not only discovered an extremely hidden logical vulnerability but also wrote an attack code on its own!

Using this code, hackers can forge digital certificates at will, creating extremely realistic bank websites or email login pages without any flaws.

If this vulnerability had not been discovered and reported for repair by Mythos in advance, the consequences would have been unimaginable if it had been exploited by cybercriminals.

Billions of devices worldwide have actually been operating in a vulnerable state. This time, Mythos saved the day.

Epic Reversal: Finding Bugs is No Longer the Bottleneck; Fixing Them Is!

As Project Glasswing progresses, a strange phenomenon that has never occurred in the history of cybersecurity has emerged.

"The bottleneck in cybersecurity is no longer finding vulnerabilities. Now, the bottleneck is that the speed at which humans can fix vulnerabilities far lags behind the speed at which AI discovers them."

For open - source community maintainers, this is a nightmare.

Anthropic's vulnerability reports are flying like snowflakes to various open - source communities. The maintainers can't handle them.

"Stop finding vulnerabilities! Please slow down! We really can't keep up with the repairs!"

According to Anthropic, recently, several open - source maintainers have sent "pleading" emails, asking them to slow down the pace of vulnerability disclosure because of a serious shortage of manpower.

Even with detailed reports, it still takes human programmers an average of two weeks to fix a high - risk vulnerability.

Currently, out of the 1,129 vulnerabilities submitted by Anthropic to open - source authors, only 75 high - risk vulnerabilities have been successfully patched. The current security ecosystem is severely overloaded!

Fighting Fire with Fire: Anthropic's Defense

Since humans can't keep up with the repairs, it's time to fight fire with fire.

Anthropic resolutely proposed the "Defender Toolkit" solution.

First, there is the newly launched Claude Security.

This is an automated tool specifically designed for Claude enterprise - edition customers. The logic is: not only does it find vulnerabilities in your codebase, but it also writes the repair patches for you.

Just three weeks after its launch, enterprise customers have used Opus 4.7 to fix over 2,100 vulnerabilities at lightning speed!

Second, there is the "Network Verification Program."

Anthropic has started allowing professional white - hat hackers, penetration testers, and red - blue confrontation teams to lift some of the "security constraints" on the Claude model for legal vulnerability research and shooting - range testing under legal and compliant conditions.

More interestingly, Anthropic has directly open - sourced a "Bug - Hunting Pipeline."

1 Customized Instructions (Skills): Teach you how to make AI focus and conduct in - depth code reviews.

2 Automated Framework (Harness): A command system that enables Claude to automatically traverse large codebases, clone sub - agents for parallel scanning, automatically sort vulnerabilities, and generate reports.

3 Threat Model Builder: Simply input the code, and the AI will automatically identify the "weak spots" in the system that are most vulnerable to attacks and prioritize defense.

The internet giant Cisco has also stepped forward and announced the open - sourcing of the "Foundry Security Spec" system to build a security assessment defense line similar to Mythos.

From now on, AI will find vulnerabilities, AI will generate patches, and humans will only be responsible for the final review.

This is the ultimate form of future cybersecurity.

The Sword of Damocles: When Will Mythos Be Officially Released?

So, when will Claude Mythos be officially released?

Anthropic's current attitude remains very cautious.

They said that once they build "more powerful and higher - level security guards," the Mythos - level model will be fully released to the public!

It can't be released now because it's too dangerous.

As the XBOW test report stated: Mythos Preview has achieved a "generational leap over all existing models" in the Web vulnerability exploitation benchmark test and has shown "unprecedented accuracy" in generating each token.

Anthropic is well aware that currently, no company in the world has a strong enough security mechanism to ensure that this model will not be misused 100%.

If the API of Mythos is made public today, tomorrow, global hacker organizations and even some extreme groups could produce thousands of zero - day exploitation tools at extremely low cost.

Ordinary people's computers, hospital systems, and the control centers of power grids will face a disaster!