Anthropic Plans Public Release of Mythos‑Class Security Models, but Says Safeguards Still Missing

Anthropic says it wants to make AI systems as capable as its powerful Mythos vulnerability-finding model broadly available, but only after it develops what it calls “far stronger safeguards” to prevent abuse.

In an update on its restricted-access Project Glasswing program, the company outlined early results from Mythos, which has been scanning widely used open-source software for flaws. At the same time, Anthropic acknowledged that no one in the industry including itself, yet knows how to safely release such tools to the general public.

Anthropic first disclosed Mythos in April as a model tuned to discover security vulnerabilities in code. Its performance was strong enough that the company decided against open access, citing the risk that cybercriminals could rapidly uncover and weaponise bugs at scale. Instead, Mythos is available only to selected partners under Project Glasswing.

Participants in Glasswing, according to Anthropic’s update, report that Mythos surfaces a large number of software bugs quickly. Many of those issues are ones human experts could eventually uncover “given enough time and resources,” but the volume is so high that some teams struggle to keep up with patching. Several maintainers have even asked Anthropic to slow the rate of its disclosures so they have time to design fixes.

The existence of Mythos has already rippled through government and industry. The model helped prompt Japan’s government to order a broad security review, while authorities in India demanded accelerated patching at financial institutions. The broader lesson, Anthropic notes, is that even less capable AI systems are proving to be effective bug-finders. That raises expectations that attackers will discover and exploit more vulnerabilities, more often.

In its new update, Anthropic says it will now work “with critical partners – including US and allied governments to expand Project Glasswing to additional partners.” Beyond that, the company sets out a longer-term goal: “in the near future,” once stronger protections are in place, it wants to offer “Mythos-class models” through a general release.

Anthropic does not define what “near future” means. It also concedes that, at present, “no company including Anthropic has developed safeguards strong enough to prevent such models from being misused and potentially causing severe harm.”

To illustrate Mythos’s capabilities, Anthropic says it has used the model to scan more than 1,000 open-source projects that, in its view, “collectively underpin much of the internet and much of our own infrastructure.” From that corpus, Mythos has identified an estimated 23,019 vulnerabilities in total, including 6,202 rated as high or critical severity.

Those raw findings are not taken at face value. When Mythos flags a potential issue, Anthropic and security community partners attempt to reproduce it and reassess its impact. After confirming a bug is real, they check whether a fix already exists and then send a detailed report to the project’s maintainers.

So far, 1,752 of the high- or critical-severity findings have gone through that validation pipeline. Of these, 90.6 percent – 1,587 issues – were confirmed as genuine vulnerabilities. Within that subset, 62.4 percent (1,094 flaws) remained classified as high or critical after review.

One of the most serious bugs Mythos helped uncover affected the wolfSSL cryptography library, which is deployed across billions of devices. Anthropic says a version of the model, referred to as Mythos Preview, was able to construct an exploit that would allow an attacker to forge certificates. In practice, that could let a malicious actor host a convincing fake website for a bank or email provider that appears legitimate to end users while being fully controlled by the attacker.

The wolfSSL developers have already issued a patch for that issue, and Anthropic plans to publish a full technical analysis of the flaw. The vulnerability is expected to be documented as CVE-2026-5194.

Anthropic’s coordinated disclosure work is still in early stages. Out of 530 high- or critical-severity bugs it has reported to maintainers so far, 75 have been patched, and 65 of those have been accompanied by public advisories. The company attributes the relatively low patch count partly to timing, saying it remains “early in the 90-day window” defined in its Coordinated Vulnerability Disclosure policy. It also believes some fixes may not yet be visible in public databases because not all patches are issued with advisories.

Even so, Anthropic warns that the surge in AI-discovered vulnerabilities is “adding to an already overloaded security ecosystem.” Open-source maintainers are already grappling with a wave of low-quality, AI-generated bug reports, and the genuine issues Mythos uncovers can further strain limited capacity.

Anthropic’s proposed remedy for organisations struggling to triage and remediate this growing backlog is, unsurprisingly, more AI. The company suggests using capabilities in its Claude model to help developers understand and fix vulnerabilities, framing AI as both the source of new pressure on security teams and a potential tool to cope with it.

For now, Mythos itself remains tightly controlled. Anthropic’s latest update signals a future in which similarly capable models could be released to the wider public – but only if the industry can first answer a difficult question: how to stop such systems from becoming powerful weapons in the wrong hands.