Only 97 out of more than 10,000 critical vulnerabilities discovered by Anthropic’s unreleased Claude Mythos Preview model have been patched. The rest are sitting in disclosed-but-unfixed limbo, sitting in code you probably run in production right now.
Let that number land.
Mythos Preview, distributed to roughly 50 partners through Anthropic’s Project Glasswing initiative, found 10,000+ high- and critical-severity vulnerabilities in system-critical software in a single month.
That’s more than most security teams would surface in a decade. The bottleneck isn’t finding bugs anymore. It’s fixing them.
The numbers are absurd, and the false-positive rate is better than human reviewers
Cloudflare ran Mythos Preview across their infrastructure and found 2,000 bugs, 400 of them high or critical severity.
Their false-positive rate was lower than their human reviewers. Mozilla patched 271 vulnerabilities in Firefox 150, roughly 10x their previous AI-assisted testing rate. Palo Alto Networks shipped 5x their normal patch volume. Every partner saw the same thing: bug discovery rates jumping 10x or more.
But here’s where the story turns.
The average fix time for a critical vulnerability is two weeks per bug. Anthropic found 10,000 in 30 days. You do the math.
It gets worse. Some of the bugs Mythos found had been sitting in production code for decades. OpenBSD had a flaw lurking for 27 years. FreeBSD carried an unpatched root-access vulnerability — CVE-2026-4747. For 17 years. A wolfSSL bug (CVE-2026-5194, CVSS 9.1) could let attackers forge certificates to impersonate banks and email providers. These aren’t edge-case issues in abandoned repositories. They’re foundational problems in software that underpins the internet.
Anthropic scanned 1,000+ open-source projects independently and found 6,202 high/critical vulnerabilities out of 23,019 total findings. When independent reviewers checked the model’s work, the true-positive rate came in at 90.6%. That’s not a research prototype.
That’s a production-grade security instrument.
The Trump administration tried to get ahead of this. Silicon Valley killed it.
Here’s the part that should concern you if you run any kind of business that touches the internet.
Anthropic is keeping Mythos locked. They won’t release it publicly, citing weaponization risk. The same model that finds critical bugs can theoretically be turned toward finding critical zero-days to exploit before they’re patched.
That’s a defensible position, even if you don’t like it.
The US government disagreed.
A drafted executive order would have required frontier AI companies to give the federal government 90-day pre-release access to models like Mythos. The stated goal: let agencies like CISA get ahead of critical disclosures before patches exist.
That executive order never happened. It collapsed Thursday after pushback from David Sacks, Elon Musk, and Mark Zuckerberg. No replacement. No framework.
The US now has zero formal plan for managing the most powerful security-discovery AI ever built.
Meanwhile, open-source maintainers.
Many of them working solo, unpaid, in their spare time. Are already asking Anthropic to slow down disclosures. They can’t keep up. 827 confirmed vulnerabilities are still sitting in the pipeline, waiting for the disclosure clock to run out before the findings go public.
What this means for your stack
The 97 patched figure is the number that should keep you up tonight.
Here’s why: those 97 are the ones that got fixed. The rest are disclosed — Anthropic told vendors. But not patched. Which means the researchers know about them, the security teams know about them. And if you’re running the affected software, so do you. Except you don’t know what you don’t know.
This is the uncomfortable reality for anyone running open-source infrastructure at scale.
You’re trusting a global supply chain of under-resourced maintainers to patch critical bugs against a clock that just got 10x shorter.
The practical advice nobody wants to hear: audit your dependency tree this week. Not eventually, not next sprint. This week. Map what talks to the internet, what processes external input, what runs as root or in a privileged context. That’s your blast radius. When the next big vulnerability drops, you won’t have time to figure this out while you’re also trying to patch.
The other uncomfortable truth: not everything will get patched before disclosure.
Open-source maintainers are drowning. The economics of sustainable open-source don’t account for AI-accelerated bug discovery. That’s a structural problem that Anthropic’s responsible disclosure policy can’t solve.
The 97-patched number isn’t a win. It’s a warning. Your move.
