Companies Using Anthropic's Mythos AI Uncover 10K+ Serious Software Bugs

Companies Using Anthropic's Mythos AI Uncover 10K+ Serious Software Bugs | PCMag

Skip to Main Content

PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

(Credit: Matteo Della Torre/NurPhoto via Getty Images)

Anthropic partners have used its bug-hunting Claude Mythos AI to uncover 10,000 "high- or critical-severity vulnerabilities across the most systemically important software in the world.”Claude Mythos, dubbed Project Glasswing, debuted in April. It was not publicly released, but instead shared with a select group of about 50 partners, as Anthropic claimed the tool was too powerful. One of those partners, cloud hosting firm Cloudflare has found 2,000 bugs, 400 of which were classified as high or critical severity, across its critical-path systems, and the false-positive rate was lower than that of human testers. Mythos examined 1,000 open-source projects, identifying 6,202 high- or critical-severity flaws. Anthropic pointed to a vulnerability in wolfSSL, a popular SSL/TLS library frequently used in IoT and smart home devices. You May Also Like

Anthropic claims Mythos Preview constructed an exploit that could allow attackers to forge certificates, enabling them to host fake websites impersonating banks or email providers that would instead be controlled by the attacker. The company says it will release a technical analysis of the vulnerability, CVE-2026-5194, in the coming weeks.

(Credit: Anthropic)

The news comes after several other reported incidents of Mythos finding bugs in popular software. Earlier this month, researchers utilizing the Mythos model claimed they bypassed Apple macOS security technology. In April, Mozilla claimed to have found 271 vulnerabilities within Firefox by using Mythos. Recommended by Our Editors Researchers Claim Anthropic's Mythos Helped Crack macOS Security Anthropic’s New Mythos Model Reportedly Accessed By Unauthorized Users Anthropic: We Figured Out How to Stop Claude From Blackmailing You

The AI firm's handling of the Mythos rollout has attracted plenty of criticism. Gary McGraw, a former VP at cybersecurity firm Synopsys, recently told The New York Times: “The technology is not too dangerous to release," adding, "If you don’t release a tool like this—or you hoard it—you are not solving the real problem.” Meanwhile, Michał Zalewski, a security researcher at Google, recently told The Wall Street Journal some of the hype around Mythos is “overblown.”Last month, Bloomberg reported allegations that some users accessed the Mythos model without Anthropic’s authorization. The company denied there was any evidence of this at the time, but said it was investigating the claims.

About Our Expert Will McCurdy Contributor Experience I’m a reporter covering weekend news. Before joining PCMag in 2024, I picked up bylines in BBC News, The Guardian, The Times of London, The Daily Beast, Vice, Slate, Fast Company, The Evening Standard, The i, TechRadar, and Decrypt Media.I’ve been a PC gamer since you had to install games from multiple CD-ROMs by hand. As a reporter, I’m passionate about the intersection of tech and human lives. I’ve covered everything from crypto scandals to the art world, as well as conspiracy theories, UK politics, and Russia and foreign affairs. Latest By Will McCurdy Still Using Your Chromecast? Google Says It Will Live On Amid Fears Apple May Be Preparing Mysterious New Over-Ear Headphones Meta Joins Snap, TikTok, YouTube in Settling Social Media Addiction Case Texas AG Sues What­sApp for 'Lying About Pri­va­cy' First VPN Seized by European Authorities Over Organized Crime Links More from Will McCurdy Read Full Bio

Google I/O

5 New Android 17 Features That Would Make My Phone Feel Better Instantly By Gabriel Zamora Google's Gemini Omni Tries to Fill the Void Left by OpenAI's Sora