Claude Mythos Preview, used by Anthropic and about 50 partners, surfaced more than 10,000 high- or critical-severity vulnerabilities in systemically important software within one month. Cloudflare reported 2,000 bugs, including 400 rated high or critical, with a false positive rate described as better than human testers. The UK’s AI Security Institute reported the model completed both cyber range simulations end to end. Mozilla found and fixed 271 vulnerabilities in Firefox 150, far more than in Firefox 148 with an earlier model. Microsoft said its new patches will continue trending larger. Anthropic also scanned 1,000+ open-source projects, estimating 6,202 high or critical findings out of 23,019 total, with independent verification of 1,752 true positives at a 90.6% rate. A wolfSSL certificate-forgery issue enabled indistinguishable fake bank or email provider sites via a constructed exploit.
"“the bottleneck in fixing bugs like these is the human capacity to triage, report, and design and deploy patches for them.” One month into , the numbers are striking. Anthropic and its approximately 50 partners, including Cloudflare, Palo Alto Networks, and major financial institutions, have used Claude Mythos Preview to surface more than 10,000 high- or critical-severity vulnerabilities across systemically important software."
"Cloudflare alone found 2,000 bugs, 400 of which were rated high- or critical-severity, with a false positive rate that Cloudflare's team describes as better than human testers. The UK's AI Security Institute reports that Mythos Preview is the first model to complete both of its cyber range simulations end to end. Mozilla found and fixed 271 vulnerabilities in Firefox 150 during testing, more than ten times the number found in Firefox 148 using Claude Opus 4.6."
"Parallel to its partner program, Anthropic has spent several months scanning more than 1,000 open-source projects with Mythos Preview. Out of 23,019 total findings, the model estimates 6,202 as high- or critical-severity. Independent security firms have verified 1,752, confirming 90.6 percent of the reported vulnerabilities as valid true positives."
"A notable example is a certificate-forgery vulnerability in wolfSSL (CVE-2026-5194), a cryptography library used by billions of devices. Mythos constructed an exploit that would allow an attacker to host a fake bank or email provider website. It was indistinguishable to the end user."
#ai-vulnerability-discovery #cybersecurity-testing #open-source-security #software-patching #vulnerability-severity-assessment
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]