Anthropic's Claude Mythos found 10,000 critical vulnerabilities in one month. The patches can't keep up.

Anthropic's Claude Mythos found 10,000 critical vulnerabilities in one month. The patches can't keep up.

Briefly

"Anthropic disclosed that Project Glasswing has uncovered more than 10,000 high- or critical-severity vulnerability candidates across some of the most systemically important software in the world since the programme went live one month ago. Of those, 1,726 have been validated as true positives. 1,094 are confirmed high- or critical-severity flaws. Only 97 have been patched."

"The gap between those numbers is the story. Anthropic's Claude Mythos Preview, a frontier model with specialised capabilities for finding vulnerabilities in source code, can identify flaws at a pace that the open-source ecosystem cannot absorb. The 6,202 high- or critical-severity candidates affect more than 1,000 open-source projects. Eighty-eight advisories have been issued. The rate of discovery is orders of magnitude faster than the rate of remediation."

""The relative ease of finding vulnerabilities compared with the difficulty of fixing them amounts to a major challenge for cybersecurity," Anthropic acknowledged. The company is urging software developers to shorten patch cycles and make security fixes available as quickly as possible. Oracle has already shifted from quarterly to monthly patch releases to address the acceleration. Microsoft has warned that the number of monthly patches it expects to release will " continue trending larger for some time.""

"The most notable finding so far is a critical flaw in WolfSSL (CVE-2026-5194, CVSS score 9.1), a widely used embedded TLS library, that could allow an attacker to forge certificates and impersonate a legitimate service. WolfSSL is deployed across IoT devices, automotive systems, and industrial control environments where a certificate forgery vulnerability carries consequences well beyond conventional web security."