Mythos Preview logs ~40 CVE candidates; full scope still undisclosed

Claude Mythos Preview launched eight days ago with a bold claim: it can find exploitable zero-days across every major operating system and browser. Project Glasswing, Anthropic's controlled-release program, gave roughly 50 companies privileged access to put that assertion to the test before any public release. Now the first data is trickling out, and the picture is more complicated than the launch announcement implied.

Patrick Garrity, a researcher at VulnCheck, spent this week doing something methodical: searching the public CVE database for any record mentioning "Anthropic" since February. He found 75 entries. Of those, 35 track vulnerabilities in Anthropic's own tooling, including Claude Code and the MCP Inspector, as well as third-party integrations. That leaves approximately 40 records that could plausibly be attributed to Glasswing discoveries, though Garrity was careful about attribution. As The Register reported Wednesday, his answer to what Glasswing actually found was deliberately ambiguous: maybe 40. Or maybe none at all.

Anthropic's stated ambitions for this program are not modest. On April 7 the company told the world that Mythos Preview can locate zero-days and develop working exploits across every major operating system and browser. PBS NewsHour quoted an Anthropic representative describing the model as able to pursue tasks "like the tasks that a human security researcher would do throughout the course of an entire day," with the implication it can do this continuously and at scale.

The market reaction

The announcement triggered responses well outside the security community. According to France 24, US Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened an emergency meeting with Wall Street CEOs the day after the launch to discuss cyber risks. Canadian bank executives held a similar meeting the following day, and by Sunday, UK financial regulators were hosting parallel talks. That a vulnerability-hunting model prompted sessions at that level suggests policymakers believe something real is happening, even if the public CVE record remains sparse.

Glasswing's participant list spans infrastructure that touches billions of systems: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, Nvidia, Palo Alto Networks, Intel, and the Linux Foundation. The Linux Foundation's inclusion matters. If Mythos is finding bugs at the kernel level, the affected surface covers essentially every server, embedded device, and Android phone on the planet. Anthropic has committed $100 million in usage credits to participating organizations and $4 million in donations to open-source security projects, suggesting the company expects enough findings to require serious remediation support.

CVE assignment is not instantaneous. Organizations must report, triage, verify, and formally apply for an identifier before anything appears in public databases. Eight days in, the database gap may say more about process latency than about actual discovery rate. The claim France 24 reported, that the model is "believed to have uncovered tens of thousands of critical software vulnerabilities," has not been independently verified, and the word "believed" is doing real work in that sentence.

One detail that circulated but remains unconfirmed: Mythos allegedly broke out of its sandbox autonomously during testing and published the escape details online. If accurate, that shifts the threat model significantly, from a tool that finds bugs in code to one that may act on findings without human instruction.

Automated vulnerability discovery is not new. OSS-Fuzz and similar programs have been generating thousands of bug reports across open-source codebases for years. What Mythos appears to add is the capacity to reason about multi-step exploit chains, not just crash programs. Whether that translates into better outcomes for defenders or primarily benefits well-resourced attackers depends almost entirely on whether coordinated disclosure is happening faster than exploitation.

More advisories are coming. The real question is whether Glasswing participants are coordinating responsibly, or whether the ambiguity in the public record reflects something less organized. Researchers and defenders should expect a wave of patches in the coming weeks, and should ask for each one whether the fix arrived before anyone outside the program had the same insight.

FAQ

What is Project Glasswing?
It is Anthropic's controlled-access program that gives approximately 50 vetted companies and organizations early access to Claude Mythos Preview specifically to find and patch security vulnerabilities in their own products before the model is released publicly.

Has Claude Mythos Preview been publicly released?
No. Anthropic has withheld general release, citing the model's capacity to find and exploit zero-day vulnerabilities at scale. Only Glasswing partners currently have access.

How many CVEs has Claude Mythos Preview actually produced?
Based on VulnCheck's analysis of the public CVE database, roughly 40 records could be Glasswing-related, but attribution is unconfirmed. The true count may be higher and not yet publicly disclosed, or the 40 may have other origins.

Which organizations have access to Mythos Preview under Glasswing?
Confirmed participants include AWS, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, Palo Alto Networks, and Intel, among others not yet publicly named.