Anthropic's newest AI tool, Claude Mythos Preview, has identified more than 23,000 potential security vulnerabilities across over 1,000 open-source projects. Of these, 1,726 have been externally confirmed, with more than 1,000 rated as high or critical severity.
Among the most notable discoveries: a 27-year-old security flaw in OpenBSD and a 16-year-old vulnerability in FFmpeg. Both are foundational pieces of open-source infrastructure.
More than 99% of the zero-day vulnerabilities uncovered by Mythos were unpatched at the time of disclosure, according to Anthropic.
The company's Project Glasswing, a controlled consortium, gives select partners access to Mythos Preview for vulnerability remediation. Partners include AWS, Apple, Google, Microsoft, NVIDIA, and JPMorgan Chase. Anthropic has pledged up to $100 million in model usage credits, with over $4 million specifically earmarked for open-source security.