Anthropic's Claude Mythos Has Already Found 10,000+ Critical Bugs — And It's Not Even Public Yet

Anthropic dropped its first Project Glasswing progress report today — and the numbers are staggering.

Claude Mythos Preview, the company's unreleased AI model deemed too dangerous for public release, has already found more than 10,000 software vulnerabilities across its partner network in just one month since Glasswing launched.

Anthropic used Mythos Preview to scan 1,000 open-source projects and discovered 6,202 high- and critical-severity vulnerabilities out of 23,019 total findings. That's a 27% critical-bug rate in widely used open-source software that runs the internet.

What the Partners Found

Most partners have "each found hundreds of critical- or high-severity vulnerabilities in their software" using the model, Anthropic reported. The bug-finding rate has increased by more than a factor of ten across the board.

Cloudflare (NET) found 2,000 bugs — 400 of them high or critical severity.

Mozilla previously disclosed it found and fixed 271 vulnerabilities in Firefox, a 10x improvement over what it caught using an older Claude model.

Microsoft (MSFT) confirmed that its recent announcement about patch releases "continuing to trend larger for some time" is directly attributable to bugs uncovered through Mythos Preview.

A security research firm recently claimed it breached macOS — an OS known for tight security — using Mythos' bug-finding capabilities.

The AI That's Too Dangerous to Release

Anthropic explicitly stated it hasn't released Mythos Preview publicly because no company — including Anthropic itself — has developed safeguards strong enough to prevent the model from being misused. The company plans to release "Mythos-class models" when those safeguards exist.

Project Glasswing partners include $CRWD, $AMZN, $AAPL, $GOOGL, $MSFT, $NVDA, $JPM, and $PANW. The initiative also expanded to include Verizon and the US government.

OpenAI Fires Back With 'Daybreak'

The same day Anthropic published its report, Gizmodo reported that OpenAI launched Daybreak — its own initiative to compete with Project Glasswing. The move confirms that AI-powered vulnerability discovery is now a strategic battleground for frontier AI companies.

Anthropic Nears Profitability

The Wall Street Journal reports Anthropic is on track to post $10.9 billion in revenue with a $559 million operating profit for the quarter ending June — its first profitable quarter since founding in 2021. The company doesn't expect profitability to persist as it reinvests in compute infrastructure.

What It Means for Cybersecurity Stocks

The initial market reaction — a selloff in cybersecurity stocks on fears AI would make defense tools obsolete — has reversed. Far from being replaced, CrowdStrike, Cloudflare, and Palo Alto Networks are core Glasswing partners. AI is proving to be a massive tailwind for security spending, not a headwind.

Mythos isn't replacing cybersecurity companies. It's giving them a superpower. And the 10,000-bug count in month one is just the beginning.

Disclosure: The Signal does not hold positions in any stocks mentioned. This article is for informational purposes only and does not constitute investment advice.