10,000. That is how many high-severity or critical software vulnerabilities Anthropic's Mythos model found in 30 days, across roughly 50 companies that run the backbone of the internet. Cloudflare. Mozilla. OpenBSD. Infrastructure that billions of people rely on without thinking about it.
The project is called Glass Wing. And what it produced is not a research paper or a benchmark score. It is a pile of unfixed vulnerabilities that open-source maintainers are currently drowning in.
Table of Contents
1. What Project Glass Wing actually found
2. The WolfSSL case: when the AI writes its own attack code
3. The patching bottleneck nobody planned for
4. Claude Security: Anthropic's enterprise fix tool
5. The Friday statement, the Saturday source code
6. Anthropic's finances: the profit claim that doesn't add up
7. Two stories from the same company, one week apart
8. My Take
9. Frequently asked questions
What Project Glass Wing actually found
Anthropic scanned over 1,000 core open-source projects, the codebases that collectively hold up much of the modern internet. Total vulnerabilities identified: 23,019. Of those, Mythos assessed 6,202 as high or critical severity.
Six independent security research firms then manually verified everything. The AI's true positive rate came out to 90.6%. After final verification, 1,094 vulnerabilities were confirmed as high severity or critical with conclusive evidence.
The per-company numbers are more striking than the totals. Cloudflare reported that Mythos found 2,000 vulnerabilities in its core system pathways, 400 of which were classified as high or critical. The false positive rate from the AI was actually lower than what you would get from top human security testers. Mozilla's Firefox 150 browser got patched for 271 critical vulnerabilities in a single pass. That is more than 10 times what they found in Firefox 148 using the older Opus 4.6 model.
OpenBSD had a 27-year-old bug hiding in its codebase. Mythos found it and then constructed a complete exploit chain on its own, without any human assistance. The UK AI Safety Institute officially confirmed that Mythos preview is the first AI model capable of fully defeating their dual network challenge end to end.
One beta tester described it on X as watching an F-22 fighter jet fly overhead while holding a spear. That is a researcher's characterization, not an official designation, but the underlying point about the capability gap is hard to argue with given the numbers.
The WolfSSL case: when the AI writes its own attack code
WolfSSL is a cryptography library running on billions of devices, IoT hardware, routers, smart cars, embedded systems. Mythos did not just locate a vulnerability there. It wrote its own attack code that would allow a hacker to forge digital certificates and create convincing fake bank websites or email login pages.
The vulnerability was discovered and disclosed before malicious actors could exploit it. But the scenario illustrates what changes when the bottleneck shifts. Finding vulnerabilities used to require skilled human researchers spending days or weeks. Mythos has reduced that cost and timeline to something close to zero.
Anthropic also tested Mythos in a real business environment at a partner bank. It blocked a $1.5 million wire fraud attempt in real time. Hackers had already compromised customer email accounts and used AI voice cloning to make fraudulent calls. Mythos detected anomalous behavior patterns and blocked the transaction before it completed.
The patching bottleneck nobody planned for
Here is the uncomfortable part. Anthropic submitted 1,129 vulnerabilities to open-source maintainers. As of the time this video was recorded, only 75 critical vulnerabilities had been patched. On average, human programmers are taking about two weeks to fix a single high-severity vulnerability, even with detailed reports already written for them.
Several open-source maintainers sent emails to Anthropic asking them to slow down. They are overwhelmed. The AI can generate vulnerability reports faster than any human team can act on them.
This is the structural shift that tends to get lost in the capabilities conversation. The old bottleneck was finding vulnerabilities. That bottleneck is gone. The new bottleneck is human capacity to fix what the AI finds. Those two rates are not even close to matching, and there is no obvious path to closing that gap quickly.
Cisco announced it is open-sourcing something called the Foundry Security Spec System, a security evaluation framework modeled on what Mythos demonstrated. The direction the industry is moving toward is AI detecting vulnerabilities and generating patches, with humans only responsible for the final review. Whether human review capacity can keep pace with AI generation speed is a different question, and one that nobody has a satisfying answer to yet.
Claude Security: Anthropic's enterprise fix tool
Anthropic launched Claude Security as a direct response to the patching bottleneck. It is an automation tool for Claude enterprise customers that does not just identify vulnerabilities, it also generates the fix patches. In three weeks since launch, enterprise clients used it to fix over 2,100 vulnerabilities.
Anthropic also open-sourced a bug-finding pipeline that includes customized instructions, an automation framework for navigating large codebases with sub-agent cloning for parallel scanning, and a threat model builder that automatically identifies the most vulnerable points in a system.
Anthropic is building a Claude Security dashboard for enterprise customers, designed to surface discovered vulnerabilities with seven-day and thirty-day historical charts and deeper triage results. This positions Claude Security as a direct competitor to dedicated vulnerability management platforms like Snyk and Veracode, which is a meaningful move into a market those companies currently own.
The Friday statement, the Saturday source code
On a Friday, Anthropic stated that Mythos would remain restricted and that they were unlikely to release it to the general public anytime soon. They specifically mentioned needing to develop far stronger safeguards before making Mythos-class models available through a general release.
The next day, users spotted strings referencing "Mythos 1" and "Claude Mythos 1 preview" in the source code of Claude Code and Claude Security. The strings appeared briefly, people captured screenshots, and the evidence is documented. New code explicitly referenced access to the Claude Mythos model in both products.
Either Anthropic is preparing a rollout significantly faster than their public statement implied, or something changed dramatically in their internal safety assessment within a single day. There is also a separate report that Claude Opus 4.8 is in development, with select partners already doing internal evaluations. If accurate, that would fit the release cadence set by Opus 4.7 in April.
Anthropic's own XBOW test report showed that Mythos preview achieved what they described as a generational leap ahead of all existing models on the web exploit benchmark. Their stated concern is specific: if the Mythos API were made public today, hacker groups and extremist organizations could produce thousands of zero-day exploitation tools at minimal cost. Hospital systems, power grids, and critical infrastructure would be exposed in ways that are currently not possible.
The question the source code strings raise is whether those safety conditions have been quietly met, or whether they are being quietly set aside.
Anthropic's finances: the profit claim that doesn't add up
The Wall Street Journal reported that Anthropic is on track for its first profitable quarter, with an operating profit of $559 million and Q1 2026 revenue of $4.8 billion. Q2 revenue is projected at $10.9 billion, more than double in a single quarter.
Tech analyst Ed Zitron examined the numbers closely and found issues worth flagging. The Journal itself noted that it is unclear what accounting methods Anthropic used, since the company is not yet required to follow public company financial reporting requirements. The profitability figure appears to be non-GAAP EBITDA for potentially a single quarter, not standard operating profit.
The timing matters. Anthropic's deal with SpaceX to use the Colossus 1 infrastructure (and potentially parts of Colossus 2) involves payments of $1.25 billion per month starting in May and June, but with a reduced fee for those initial months as it ramps up. That means Anthropic's compute costs are artificially suppressed during exactly the quarters they are using to demonstrate profitability to investors. The Journal also noted the company might not remain profitable for the full year as spending increases.
The revenue figures also present a reconciliation problem. In February, Anthropic claimed $14 billion in annual recurring revenue, implying monthly revenue of around $1.17 billion. By March 3, that figure had risen to $19 billion in ARR, or $1.58 billion per month. Then on March 9, Anthropic's CFO Krishna Rao stated under oath that Anthropic had brought in revenues exceeding $5 billion to date. The Information had previously reported $4.5 billion in revenue for all of 2025.
If the $4.8 billion Q1 2026 figure is accurate, it would mean Anthropic generated over 90% of its lifetime revenues in a single quarter. That level of growth is possible in theory. It is also possible that large enterprise prepayments, where a company pays $50 million upfront for tokens intended to be used over 12 months, are being booked as revenue immediately. Discounted token commitments and front-loaded annual enterprise agreements would inflate revenue figures while actual compute delivery lags behind.
Worth verifying separately: Anthropic has not publicly clarified its revenue recognition methodology, and none of these figures have been audited under standard public company requirements.
Two stories from the same company, one week apart
On a Wednesday, Anthropic held its first developer-focused event in Europe, Code with Claude. Boris Cherny, who created Claude Code, talked about reconnecting with the feeling of magic that drew him to programming. Developers received free lunches and complimentary mini computers. When someone asked the crowd how many had shipped code written by Claude without reading it, a startling number of hands went up. The mood was unbridled enthusiasm.
The next day, Anthropic co-founder Jack Clark gave a lecture at Oxford University. He said AI poses a non-zero chance of killing everyone on the planet. He warned that the next few years would contain more disruption than any period in living memory. He predicted that by 2028, or possibly sooner, AI would reach recursive self-improvement and achieve the capability to improve itself without human intervention. He said most of the world is in denial about current AI capabilities, let alone what is coming in six months.
Clark also admitted that Anthropic itself underestimated the scale and speed of AI advancement. His words, as reported in the video: when Mythos finished training, the team's reaction was essentially that it had arrived faster than expected and that preparation had been insufficient.
Companies tailor messages to different audiences. That is standard practice, and nothing about these two events is necessarily contradictory in intent. But experiencing those two narratives within 24 hours of each other creates a cognitive dissonance that is difficult to ignore. The same organization is telling developers to ship faster and telling academics they may not fully understand what they are building.
Andrej Karpathy joined Anthropic's pre-training team this week as well, coming from OpenAI (which he co-founded) and Tesla, where he led the computer vision team for Autopilot. Ross Nordeen, a founding member of xAI, joined earlier this month. The talent acquisition pattern suggests Anthropic is preparing something significant, regardless of what the public messaging says. For more on Karpathy's specific work on automated pre-training research, see this earlier piece.
My Take
The Glass Wing numbers are the kind of thing that should produce a specific, uncomfortable reaction. Not because 10,000 vulnerabilities is a shocking number in the abstract, security researchers have always known that large codebases are riddled with bugs. The uncomfortable part is the ratio. Anthropic submitted over 1,100 vulnerabilities to open-source maintainers. 75 have been patched. That is a 6.6% patch rate on discoveries that already have detailed reports attached to them.
The cybersecurity industry has been discussing AI-assisted vulnerability discovery for years. What nobody adequately modeled was the human response capacity on the other end. Finding a bug is one step. Writing a report is another. Getting a maintainer, often a volunteer working in their spare time, to prioritize, understand, test, and ship a fix is an entirely different problem. Mythos accelerated step one to near-zero. Steps two through five are still running on human clock speed.
The Friday statement versus Saturday source code contradiction is the detail I keep coming back to. Either Anthropic's safety assessment process is moving faster than their communications team knows about, or someone decided the public statement was not binding. One of those scenarios is reassuring. The other one is not. Just is.
- Project Glass Wing: Mythos found 10,000+ high/critical vulnerabilities across 50 major companies in 30 days, including Cloudflare (2,000 vulns), Mozilla (271 critical in Firefox 150), and a 27-year-old OpenBSD bug.
- The AI's true positive rate was 90.6%, verified by 6 independent security firms. 1,094 vulnerabilities were confirmed as high or critical with conclusive evidence.
- Of 1,129 vulnerabilities submitted to open-source maintainers, only 75 have been patched, a patching bottleneck that Mythos's discovery speed has made structurally unworkable.
- Claude Security (enterprise fix tool) helped clients patch 2,100+ vulnerabilities in 3 weeks since launch.
- Anthropic publicly stated Mythos would not be released soon, then "Mythos 1" strings appeared in Claude Code and Claude Security source code the following day.
- Anthropic's $559M profit claim uses non-GAAP accounting with suppressed compute costs during exactly the quarters cited. Revenue figures from different time periods do not reconcile cleanly.
- Jack Clark (Oxford lecture): AI has a non-zero chance of causing mass casualties; recursive self-improvement likely by 2028; Anthropic itself underestimated Mythos's arrival speed.
Frequently asked questions
What is Project Glass Wing?
Project Glass Wing is Anthropic's initiative using Claude Mythos to identify software vulnerabilities in major tech infrastructure. In 30 days, it scanned over 1,000 core open-source projects and found 23,019 total vulnerabilities, with 6,202 assessed as high or critical and 1,094 subsequently confirmed by independent security firms.
Is Claude Mythos 1 publicly available?
As of the time this article was written, Mythos is not publicly available. Anthropic stated on a Friday that it would not be released to the general public anytime soon, citing the need for stronger safeguards. However, the following day, users reported spotting "Mythos 1" and "Claude Mythos 1 preview" referenced in the source code of Claude Code and Claude Security, suggesting a rollout may be further along than the public statement implied.
What is Claude Security and how does it differ from standard Claude?
Claude Security is an enterprise product that not only identifies vulnerabilities but also generates fix patches for them. It includes a bug-finding pipeline, an automation framework that can clone sub-agents for parallel scanning of large codebases, and a threat model builder. In three weeks since launch, enterprise customers used it to fix over 2,100 vulnerabilities. Anthropic is positioning it as a competitor to dedicated vulnerability management platforms like Snyk and Veracode.
Why aren't the open-source vulnerabilities being patched faster?
Human programmers are averaging about two weeks to fix a single high-severity vulnerability, even with detailed reports provided. Many open-source maintainers are volunteers, and the volume of disclosures from Mythos has overwhelmed their capacity. Of 1,129 vulnerabilities submitted to open-source authors, only 75 had been patched at the time of the source video. Several maintainers reportedly contacted Anthropic directly asking them to slow down the disclosure pace.
What did Jack Clark say at Oxford about AI risk?
Anthropic co-founder Jack Clark said AI poses a non-zero chance of killing everyone on the planet and warned that the next few years would be the most disruptive in living memory. He predicted AI would reach recursive self-improvement, the ability to improve itself without human intervention, by 2028 or possibly sooner. He also admitted that Anthropic underestimated how quickly Mythos would arrive and said the team felt underprepared when training completed.
What are the concerns about Anthropic's reported profitability?
The $559 million operating profit figure reported by the Wall Street Journal uses non-GAAP accounting methods that Anthropic has not clarified publicly. Compute costs are suppressed during the cited quarter due to discounted rates in Anthropic's deal with SpaceX for Colossus infrastructure. Revenue figures from different time periods, ARR claims in February and March versus the CFO's sworn statement and prior reporting, do not reconcile cleanly, raising questions about how revenue is being recognized and whether token prepayments are being booked as earned revenue before the compute is actually delivered.
Source: Analysis based on the YouTube video "It's Happening... Anthropic MYTHOS 1 Is Here!" published May 2026. Specific figures, timestamps, and claims are drawn from that transcript. Financial analysis attributed to Ed Zitron is based on the speaker's account of his reporting. The source code strings referencing Mythos 1 were reportedly captured by users and documented in screenshots, this claim has not been independently verified by this publication.
0 Comments