Anthropic’s Mythos Just Found 10,000 Security Flaws in the World’s Most Critical Software — And Maintainers Can’t Keep Up
Table of Contents
Anthropic just dropped a bomb on the cybersecurity world. Project Glasswing, the company’s initiative to use its most powerful AI model to hunt bugs in open-source software, has found more than 10,000 high- or critical-severity vulnerabilities in just one month. Some of these bugs have been hiding in plain sight for nearly three decades.
And here’s the part nobody wants to talk about: the people responsible for fixing these bugs literally cannot keep up.
What Is Project Glasswing?
Project Glasswing is Anthropic’s program to give maintainers of critical open-source codebases access to Claude Mythos Preview — the company’s frontier model that has demonstrated the ability to surpass most skilled humans at finding and exploiting software vulnerabilities. The initiative launched in April 2026 with approximately 50 trusted security partners.
The concept is straightforward: point the most capable AI in existence at the software that runs the internet, banking systems, medical devices, and government infrastructure. Let it do what human auditors have been doing for decades — but at a scale and speed that no human team can match.
The results? They’re terrifying in both directions. Terrifying because of what was found. And terrifying because of what it means for the people who have to fix it all.
The Numbers Are Staggering
As of May 22, 2026, Anthropic’s Glasswing update revealed the following:
- 10,000+ high- or critical-severity vulnerabilities identified across systemically important codebases
- 6,202 classified as high- or critical-severity flaws
- 1,596 vulnerabilities disclosed across 281 open-source projects
- 97 patched so far
- 88 assigned CVE or GHSA identifiers
- 1,000+ open-source projects impacted
Let those numbers sink in. Out of 1,596 disclosed vulnerabilities, only 97 have been patched. That’s a 6% patch rate. The rest? They’re sitting in the open, documented, waiting for someone — anyone — to write a fix.
The Vulnerabilities That Hid for Decades
The most jaw-dropping finding isn’t the volume — it’s the age of some of these bugs. Mythos Preview discovered vulnerabilities that survived decades of human code reviews, penetration testing, and automated scanning.
OpenBSD — 27 Years
Mythos found a vulnerability in OpenBSD — the operating system famous for its obsessive focus on security — that had been hiding for 27 years. The flaw allowed an attacker to remotely crash machines just by connecting to them. OpenBSD’s slogan is literally “Only two remote holes in the default install, in a heck of a long time!” This vulnerability makes that claim a lot harder to defend.
FFmpeg — 16 Years
The ubiquitous media processing library FFmpeg, which nearly every major service uses for encoding and decoding video, contained a 16-year-old vulnerability. If you’ve ever watched a video on YouTube, Netflix, or basically anywhere online, FFmpeg was probably involved. That’s 16 years of every human reviewer and every automated tool missing it.
wolfSSL — Billions of Devices at Risk
Perhaps the most alarming finding was in wolfSSL, an embedded cryptography library used by billions of devices worldwide. Mythos Preview didn’t just find the bug — it autonomously generated a working exploit that could let attackers forge certificates for fake websites. The vulnerability was assigned CVE-2026-5194.
Think about that for a second. An AI found a critical flaw in a cryptography library, then wrote its own exploit — without human guidance. We’ve officially entered the era where AI doesn’t just find the lock — it picks it too.
Other Notable Findings
The published CVE list also includes vulnerabilities in NGINX Plus (F5’s application delivery platform), FreeBSD, OpenSSL, and Mastodon. Nine CVEs were found in wolfSSL alone.
Maintainers Are Drowning
Here’s where the story gets uncomfortable. The open-source maintainers who are responsible for patching these vulnerabilities are overwhelmed. Some have literally asked Anthropic to slow down.
The average time to patch a high- or critical-severity bug discovered by Mythos Preview is two weeks. With over 1,500 disclosed and counting, the backlog is growing faster than anyone can clear it.
Anthropic acknowledged the problem in their own update: “Even at our relatively slow pace of disclosures, Mythos Preview is adding to an already-overloaded security ecosystem.”
This is the dirty secret of open-source security. Many of the most critical software projects on Earth are maintained by small teams or even individual developers. They’re unpaid, under-resourced, and now being asked to process a firehose of AI-generated vulnerability reports.
The bottleneck has shifted. We don’t have a bug-finding problem anymore. We have a bug-fixing problem.
The Glasswing Paradox
Project Glasswing creates a paradox that the security community is only beginning to grapple with. By finding vulnerabilities faster than they can be patched, AI-powered security research actually increases the window of exposure for critical software.
Every vulnerability that Mythos finds and discloses is now known to Anthropic, its 50 partners, and eventually the public. If bad actors get access to similar capabilities — and Mandiant’s M-Trends report suggests they already are — the race between finding and fixing becomes existential.
Consider the math: 10,000 vulnerabilities found in one month. 97 patched. That leaves 9,900+ known but unpatched flaws in software that runs hospitals, banks, governments, and nuclear power plants.
What the Critics Are Saying
Not everyone is buying Anthropic’s framing of this as a purely defensive initiative.
Security researchers at VulnCheck have been tracking the actual CVE count attributed to Glasswing and note that the confirmed numbers are much lower than Anthropic’s headline claims. CSO Online reported that behind the Mythos hype, the number of confirmed, independently verified CVEs is far smaller than 10,000.
Meanwhile, Vidoc Security Lab published research showing they could reproduce some of Mythos’s findings using publicly available models, raising questions about whether the capabilities Anthropic is showcasing are truly unique to their frontier model or more broadly available.
The cybersecurity community at Picus Security has described the situation as a “paradox” — Glasswing simultaneously demonstrates AI’s defensive potential while highlighting the offensive implications.
The Disclosure Dashboard
Anthropic has published a coordinated vulnerability disclosure dashboard that tracks every finding, its status, and whether it’s been patched. The transparency is commendable — and unprecedented for an AI company.
The dashboard shows real-time data on total vulnerabilities found and disclosed, patch status across affected projects, CVE and GHSA assignments, and time-to-patch metrics.
This level of openness stands in contrast to how many vulnerability disclosures are typically handled — behind closed doors, with little public accountability.
What This Means for the Industry
Project Glasswing isn’t just an Anthropic initiative. It’s a preview of what the entire cybersecurity landscape looks like when AI reaches a certain capability threshold.
If Anthropic can find 10,000 critical bugs in a month, so can state-sponsored hacking groups with access to similar models. China, Russia, and North Korea aren’t going to wait for coordinated disclosure dashboards. They’re going to use these capabilities — if they haven’t already — to stockpile zero-days.
The implications are clear. Open-source funding needs a massive overhaul. The current model of unpaid volunteers maintaining critical infrastructure is unsustainable. Automated patching will become essential — if AI can find bugs, it needs to also help fix them at scale. Regulatory frameworks will need to address AI-powered vulnerability discovery. And cyber insurance models are about to change dramatically.
The Bottom Line
Anthropic’s Project Glasswing has proven something the cybersecurity community has long suspected: human code review is fundamentally inadequate for the scale of modern software. AI can find what humans miss — faster, deeper, and more comprehensively than any team of researchers.
But finding the bugs was always the easy part. The hard part — the part that actually keeps people safe — is fixing them. And right now, we’re generating vulnerability reports orders of magnitude faster than we can write patches.
That’s not a security breakthrough. That’s a security crisis with better documentation.
The clock is ticking on 9,900+ unpatched critical vulnerabilities. The question isn’t whether someone will exploit them. It’s how many will be fixed before they do.
