After Claude Mythos was announced, Anthropic did not allow their latest model to be publicly accessible due to concerns that it could be misused by irresponsible parties. So Project Glasswing was announced by giving around 50 partners closed access to detect vulnerabilities on their systems.
Anthropic has just announced the first update to Project Glasswing and revealed that so far more than 10,000 high-level and critical security vulnerabilities have been successfully detected using Claude Mythos Preview. Most partners found hundreds of critical or high-level vulnerabilities in their code, with a discovery rate increase of more than 10 times compared to before.
Cloudflare, for example, found 2,000 bugs, including 400 in the critical/and high category. Mozilla found 271 vulnerabilities in Firefox 150 using Mythos Preview, more than 10 times compared to Firefox 148 with Claude Opus 4.6. Meanwhile, major vendors like Palo Alto Networks, Microsoft, and Oracle are now releasing security patches at a much faster rate.
Over 1,000 open source projects were scanned, yielding 6,202 critical/high vulnerabilities out of 23,019 total. Mythos Preview found a major flaw in the wolfSSL cryptographic library that allowed certificate forgery that has now been patched (CVE‑2026‑5194). The main security challenge now is the ability of humans to assess, report, and develop patches, not to find vulnerabilities that exist in the system.
Anthropic says that models in the Mythos class cannot yet be made public because no company, including Anthropic, has strong enough protections to prevent abuse of high-powered models. Project Glasswing will be expanded to more critical partners including the U.S. government and its allies. Anthropic plans to make the Mythos models publicly available once much stronger security protections are developed.
