Anthropic AI Uncovers 23,000 Flaws in Open Source Code, Including a 27-Year-Old Bug

An AI model just accomplished what decades of human auditors could not. Anthropic's Claude Mythos Preview flagged over 23,000 potential vulnerabilities across more than 1,000 open-source software projects, and external reviewers confirmed a significant number as genuine.

Of those flags, independent security firms validated 1,726 as real vulnerabilities. More than 1,000 of those confirmed flaws were rated high or critical severity.

Key Discoveries

The scan, part of Anthropic's broader Project Glasswing initiative, targeted critical software using semi-autonomous AI scanning. One of the most striking discoveries was a flaw in OpenBSD that had remained undetected for 27 years. OpenBSD is an operating system that markets itself on security.

The Mythos model uncovered issues across every major OS and web browser in its scan.

Implications for Crypto

None of the 23,000 flagged vulnerabilities directly reference cryptocurrency tokens or blockchain protocols. However, the vast majority of crypto infrastructure runs on open-source software. Node clients, wallets, bridges, DeFi protocols, and exchanges all depend on libraries and systems covered by Mythos.

The confirmation rate is notable. Out of 23,000 flags, 1,726 were verified-roughly a 7.5% true positive rate, considered high for automated scanning at this scale.