After a month of releasing a preview of Claude Mythos, Anthropic’s new cybersecurity model under the Project Glasswing initiative, the company has officially released its first results. The company claims that the AI model has already discovered more than 10,000 high- and critical-severity flaws in widely deployed software systems. 

The model was rolled out in preview to about 50 selected partners, and results revealed “how quickly we (partner companies) can verify, disclose, and patch the large numbers of vulnerabilities found by AI.”

Must read: Anthropic’s Mythos AI raises banking cyber risk concerns, FSB briefing planned

Anthropic’s Project Glasswing findings

Anthropic’s blog post highlighted that partners found “hundreds of critical or high-severity vulnerabilities in their software,” and all of them combined, Claude Mythos was capable of identifying more than 10,000 flaws.

The Mythos Preview has identified about 6,202 critical software vulnerabilities so far, out of a total of 23,019 issues it flagged overall. In addition, the model also found 1,752 vulnerabilities independently, which were reviewed by security firms. 

Must read: BT explainer: Inside Claude Mythos, the AI is forcing a rethink of global cybersecurity

From that reviewed sample, 90.6% were confirmed as real security issues and 62.4% were revealed to be of high severity. Mythos Preview could account for nearly 3,900 confirmed high- or critical-severity vulnerabilities in open-source software alone, in addition to those found for Project Glasswing partners.

The blog also revealed that Cloudflare found about 2,000 bugs in its internal software, which included 400 severe vulnerabilities. While testing Mythos, Mozilla found and fixed over 271 vulnerabilities in Firefox 150. The company said it is “over ten times more than they found in Firefox 148 with Claude Opus 4.6."

Anthropic highlighted that while AI-powered models are identifying critical flaws and are reshaping cybersecurity capabilities, it remained cautious about releasing Mythos Preview publicly. The company warns that such powerful capabilities, which are used to find bugs, could also be exploited if widely available.

Must read: Anthropic’s Claude Mythos triggers call for sovereign AI infrastructure in India: All details

Therefore, the company highlighted that it is planning to release similar cybersecurity models and capabilities to Mythos Preview. “There is a clear need for a larger effort across the software industry to manage the volume of findings that these models will generate,” Anthropic said in a statement.