An AI model just did what decades of human auditors couldn’t. Anthropic’s Claude Mythos Preview flagged over 23,000 potential vulnerabilities across more than 1,000 open source software projects, and external reviewers confirmed that a meaningful chunk of them are the real deal.
Of those 23,000 flags, independent security firms validated 1,726 as genuine vulnerabilities. More than 1,000 of those confirmed flaws were rated high or critical severity.
What Mythos actually found
The scan, conducted as part of Anthropic’s broader Project Glasswing initiative, targeted a wide swath of critical software. The goal: use semi-autonomous AI scanning to find vulnerabilities that traditional methods have missed for years.
One of the most striking discoveries was a flaw in OpenBSD that had been lurking undetected for 27 years. OpenBSD is an operating system that specifically markets itself on security.
