Claude Mythos & Project Glasswing: How One AI Found 10,000 Zero-Day Vulnerabilities in 30 Days

TL;DR — Anthropic's unreleased frontier model, Claude Mythos Preview, autonomously discovered 10,000+ high- or critical-severity zero-day vulnerabilities in a single month under a defensive program called Project Glasswing. Mythos can write working exploits without human help. Anthropic is refusing to release it publicly. If you ship code in 2026, your dependency tree, your CI/CD pipeline, and your patching cadence are about to change — fast. Here's the full breakdown for developers.

What Is Project Glasswing?

Project Glasswing is Anthropic's defensive cybersecurity initiative, announced on May 22, 2026. It pairs the unreleased Claude Mythos Preview model with 50 vetted partners — including Apple, Microsoft, Google, AWS, Cloudflare, NVIDIA, JPMorgan Chase, and Palo Alto Networks — to surface zero-day vulnerabilities before attackers do.

The headline number: more than 10,000 high- or critical-severity vulnerabilities discovered in roughly 30 days, across both partner codebases and over 1,000 open-source projects.

Anthropic is backing the program with $100 million in usage credits and a $4 million donation to open-source security organizations.

What Is Claude Mythos Preview?

Claude Mythos Preview is an unreleased frontier model from Anthropic — capable of:

• ›Autonomous zero-day discovery in production codebases at scale
• ›Working exploit construction without human guidance (it built a real exploit for CVE-2026-5194 in wolfSSL that can forge security certificates)
• ›Code reasoning that surfaces flaws human reviewers and traditional static analysis missed for decades

Crucially, Anthropic states these capabilities were not explicitly trained. From their own announcement: *"We did not explicitly train Mythos Preview to have these capabilities. Rather, they emerged as a downstream consequence of general improvements in code, reasoning, and autonomy."*

That single sentence is the most important part of this entire story — and it's why Mythos isn't shipping to the public. For context on the lineage, see my earlier breakdown of Claude Opus 4.7, the first publicly shipped model with built-in Glasswing-grade cyber safeguards.

The Numbers: What Mythos Found in One Month

To put 90.6% accuracy in context: traditional static application security testing (SAST) tools typically run 30–70% false positives. Human auditors are more accurate but orders of magnitude slower. Mythos is faster than automation and more accurate than humans. That is not an incremental improvement — that is a regime change.

Why Anthropic Won't Release Mythos Publicly

Mythos can autonomously find and exploit critical vulnerabilities. Releasing it openly would put a state-grade offensive capability into anyone's hands. Anthropic's mitigation: keep the weights internal, distribute access through Glasswing partners on the defensive side, and buy time before similar capabilities emerge from other labs.

Make no mistake: they will. Mythos-class capability is an emergent property of scale and reasoning improvements — not a custom security model. The next generation of frontier models from any serious AI lab will likely have similar offensive reach. The window where defenders have asymmetric access is short.

This is the central insight for every CTO, security lead, and senior engineer reading this: AI-powered vulnerability discovery is no longer hypothetical, and the offense/defense race is now the defining axis of software security.

What Claude Mythos Means for Developers in 2026

Most coverage of Mythos targets the cybersecurity industry. Here is what actually changes for application developers, platform teams, and engineering managers shipping code today.

1. Your Dependency Tree Is Being Scanned Right Now

Mythos scanned 1,000+ widely used open-source projects. If you use popular libraries — and you do — a meaningful subset of your transitive dependencies has critical vulnerabilities currently being patched, with CVEs entering disclosure pipelines over the coming weeks.

Microsoft has already publicly acknowledged that "patch releases will continue trending larger for some time" — partially because of Mythos findings. Expect an unusually heavy update cycle across npm, PyPI, crates.io, Maven Central, RubyGems, and NuGet through the second half of 2026.

Action items:

• ›Enable Dependabot, Renovate, or your ecosystem's equivalent — today, not next quarter
• ›Pin a weekly slot for security patch review
• ›Subscribe to GitHub Security Advisories and the NVD CVE feed for your top 20 dependencies

2. The Bar for "Good Enough Security" Just Reset

If Mythos can find a 27-year-old bug in OpenBSD — an operating system whose entire reputation is built on security — it can find vulnerabilities in your production codebase. That is not hyperbole; it is a probability.

The minimum-viable security posture for serious engineering teams is shifting toward AI-augmented SAST in CI/CD (Snyk, Semgrep, CodeQL all adding LLM capabilities), dependency scanning with auto-PR remediation, SBOM generation, and pre-merge agent-based security review on diffs. The same playbook I described in agentic AI error recovery and observability — strong runbooks, deterministic gates, observable failure modes — now applies to security tooling as well.

3. The CVE Disclosure Flood Is Coming

Fewer than 100 of the 10,000+ Mythos-discovered vulnerabilities have been publicly disclosed. The rest will land in CVE databases over the next 6–9 months. Some will be in libraries you ship. Some will require same-day patching.

This is the operational reality for the second half of 2026: a disclosure cadence unlike anything the industry has shipped before. Your incident response runbook needs to assume multiple critical patches per month in your top dependencies, not per quarter.

4. Open Source Faces an Asymmetric Threat

Open source is uniquely exposed: source visibility is the property that makes it valuable, and the property that makes it scannable by AI. Mythos found thousands of flaws human maintainers missed for years.

Defensive AI tools like Mythos can find these bugs. Offensive AI tools — which adversaries are unquestionably developing — can find the same bugs. The defenders have a temporary head start. The maintainers, many of whom are unpaid volunteers, are about to receive an avalanche of vulnerability reports they cannot triage.

If you depend on critical OSS infrastructure (OpenSSL, libcurl, FFmpeg, Linux kernel, glibc), contribute financially. The $4M from Anthropic is a rounding error against the scale of this problem.

The 90.6% Accuracy That Changes Everything

The single most important number in the Glasswing report is not 10,000. It is 90.6% — the share of Mythos findings in open source that were confirmed as real after human review.

A tool that is both more accurate than human auditors and faster than automation is not optional. It will become a compliance baseline. Regulators will eventually ask: "Did you scan with AI-powered security tooling before shipping?" If the answer is no and a breach occurs, the liability story writes itself.

What Happens When Mythos-Class Models Go Public

Anthropic has said Mythos-class models will eventually ship once safeguards mature. When that happens, several structural shifts are likely:

• ›Every company becomes a security research firm. A two-person startup with API access will scan its entire codebase at the depth previously requiring a dedicated security team.
• ›Bug bounty programs get overwhelmed. Submissions will spike when anyone can point an AI at a target. Triage and reward structures will need redesign.
• ›The security job market shifts from discovery to remediation. Finding bugs becomes cheap. Prioritizing, patching, and shipping fixes at scale becomes the scarce skill.
• ›Supply-chain compliance gets teeth. SOC 2, ISO 27001, and FedRAMP-style frameworks will absorb "AI-assisted vulnerability scanning" into baseline controls.
• ›Insurance underwriting changes. Cyber insurance premiums will price in whether the insured uses AI-augmented security tooling.

The closest analogue is what happened on the Shopify side — see Shopify's AI Self-Review Tool, where the same shift (AI takes the mechanical compliance pass; humans get the judgment calls) is already shipping in production developer tooling.

Practical Checklist: What To Do This Week

A concrete action plan for engineering teams reacting to Mythos and Glasswing:

• ›Audit your dependency tree. Run npm audit, pip-audit, cargo audit, or bundler-audit. Note every high/critical finding.
• ›Turn on automated dependency updates. Dependabot or Renovate, project-wide, today.
• ›Subscribe to security advisories for your top 20 dependencies via GitHub Security Advisories and the NVD CVE feed.
• ›Add an AI-aware scanner to CI/CD. Snyk, Semgrep, or CodeQL. Free tiers exist. Wire failures to block merges on main.
• ›Generate an SBOM with Syft, CycloneDX, or SPDX tooling. You cannot patch what you cannot see.
• ›Brief your team. The Q3/Q4 2026 patch cadence will be unusually heavy — make sure your on-call and release process can absorb it.
• ›If you maintain OSS, prepare for inbound reports. Set up SECURITY.md, a private disclosure channel, and a triage rotation.
• ›If you consume OSS at scale, fund it. Sponsor the maintainers behind your hot dependencies.

The Bigger Picture

Project Glasswing previews a world where AI does not just assist developers — it changes the economics of software security. Vulnerability discovery is cheap and fast. The bottleneck has permanently shifted from finding bugs to fixing them.

The 10,000 vulnerabilities are not a headline. They are a signal. The rules of shipping software securely changed on May 22, 2026, and they are not changing back.

For more on the same shift on the model side, see Building Agentic Workflows with Anthropic's Claude and Claude Opus 4.7: What Developers Actually Need to Know.

Written by Harsh Rastogi — Full Stack Engineer building production Generative AI systems at Modelia. Connect with me on LinkedIn for more on Shopify, Generative AI, agentic systems, and production engineering.