Mythos Just Logged 10,000 Critical Bugs in 30 Days. Anthropic Says the Public Release Is Next.

Anthropic posted the first operational update on Project Glasswing late Monday and into Tuesday morning. Thirty days in, the program has flagged 23,019 potential vulnerabilities across more than 1,000 open source projects, validated 1,726 of them as real, and confirmed more than 10,000 high- or critical-severity bugs across roughly 50 partner organizations. Cloudflare alone found 2,000 of them. Mozilla found 271 in Firefox.

Buried at the bottom of the same update is the line that actually moves the policy floor: Anthropic intends to make Mythos-class models generally available, once safeguards are stronger. They will not define when. They committed $100M in Mythos usage credits and $4M in direct donations to open source security organizations on the way there.

For three weeks the cyber tier has been a research preview with one model and a small list of trusted partners. This update reframes it as an operational program with a budget, partner economics, and a stated road to public access. That is a different category of product.

What Actually Shipped

The numerical core of the announcement is straightforward. Anthropic and partners ran Claude Mythos Preview against more than a thousand open source codebases over roughly thirty days. The model flagged 23,019 potential vulnerabilities. Independent security firms ran a sampling validation and confirmed 1,726 of them as genuine. Of those, more than 1,000 were high or critical severity. Within the partner set, total confirmed high- or critical-severity findings crossed 10,000.

Per-partner color matters more than the aggregate. Cloudflare reported 2,000 bugs found across critical-path systems, 400 rated high or critical. Mozilla turned in 271 Firefox zero-days in one cycle (a number the security press has been quoting since early May). Palo Alto Networks found dozens. Several partners told Anthropic their bug-finding rate went up by more than 10x compared to their pre-Mythos baseline.

The partner roster has also widened. The launch group is Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Anthropic added more than forty additional organizations that maintain critical software infrastructure, bringing the total close to fifty.

The Validation Number Is the Honest Headline

A lot of the press coverage is leading with the 23,019 figure. The number worth pinning to the wall is 1,726. That is what was actually validated by independent security firms. The gap between flag and confirm is a 7.5% true-positive rate against sampled review, which is higher than most static analysis tools achieve at depth, but it is not 100%. Mythos still hallucinates plausible-looking bugs, especially at the long tail of severity.

The 10,000+ partner figure is a different measure. Those are the bugs partners themselves confirmed in their own systems, where the partner already had the engineering context to triage. That is a higher signal than open source scan output. It is also where Cloudflare's 2,000 number lives. Mythos is not finding 2,000 bugs in Cloudflare from cold. Mythos is accelerating a Cloudflare security team that already knew where to look by an order of magnitude.

The honest read: Mythos is real and the productivity uplift is real, but the headline aggregate number includes noise. Anyone running this internally should plan for triage cost, not just discovery cost.

The Public Release Line Changes the Calculus

Three weeks ago, the framing was: Mythos is too dangerous to release, so Anthropic is locking it behind Glasswing. That story carried the policy debate. Today the framing is: Mythos is heading toward a general release, once safeguards mature, and the timeline is deliberately undefined.

That is a different conversation. It means the question for every CISO, every nation-state policy team, and every other lab is no longer "what does the Mythos-restricted world look like." It is "what does the eighteen-to-thirty-six-month world look like when Mythos-class capability is API-callable by anyone with a credit card." That is a world the U.S. government's pre-launch evaluation regime (CAISI) was explicitly built for, and Anthropic naming "U.S. and allied governments" as the next Glasswing expansion target reads as a signal that the public-release path runs through state security review.

The competitive read is simpler. OpenAI Daybreak (shipped May 12 as the workflow-integrated counter to Mythos) was always a flanking move. Daybreak ships through twenty-plus security partners and a Codex Security harness. It is a product. Mythos is now also a product, with a budget, a partner list, and a public-release path. The cyber tier is a two-horse race where both horses have business models.

What This Does to Open Source

The $4M in OSS donations is small relative to the $100M in Mythos credits, but it is structurally important. Open source maintainers cannot triage a 10x increase in valid bug reports without funded headcount, and they certainly cannot do it on volunteer time. The gap between an AI-assisted lab firing well-formed CVEs at them and a single maintainer on a critical library is exactly where the next year of supply-chain pain shows up.

The Linux Foundation being in the launch partner list is the most consequential single choice on the partner roster. It puts the OSS coordination layer inside the room. Whether that pulls forward a real maintainer-funding model, or whether the donation budget is the ceiling rather than the floor, is the open question.

What to Watch Next

Three signposts over the next ninety days.

One: the validation rate. 7.5% on a sampling pass is fine for a research preview. If the full disclosure window pushes that meaningfully up or down, the practical economics of Mythos change. Independent reproductions from security firms outside the Glasswing roster (Trail of Bits, Bishop Fox, NCC Group, others) are the read we will trust here.

Two: government access. Anthropic naming U.S. and allied governments as the next expansion path is the most consequential commitment in the update. Whether that translates into NSA, CISA, NCSC, and BSI access in the next quarter, or whether it stalls in interagency review, is the real signal on how soon Mythos-class capability shows up in either offensive or defensive state use.

Three: the OpenAI response. Daybreak was the May 12 counter-move. The next OpenAI release on this beat needs either a partner expansion (currently twenty-plus, Anthropic is now fifty) or a verifiable findings count that competes with the Glasswing 10,000. Expect something inside thirty days. We will be tracking it on the /cve-watch hub alongside the rolling MITRE CVE, CISA KEV, and EPSS feeds.

Our Take

The Mythos numbers are real. The validation rate caveat is also real. The thing that changed today is not the capability story (we already knew the capability from the original Mythos preview disclosure on May 5). The thing that changed is that Anthropic gave the program a budget, a partner list, a policy partner (the U.S. government), and a stated path to public release.

Three weeks ago, the cyber tier was a debate. Today it is an operational program with numbers on the page. The next ninety days decide whether that program also produces a public model. If it does, every security data layer, every coordinated disclosure process, and every supply-chain bug bounty has to be sized for a world where the floor on vulnerability discovery is whatever Mythos-class capability becomes at API pricing. That is not the world the current data layer was built for.

We have been saying for two weeks that the AI-cyber data layer is load-bearing. This update confirms the load. The agents finding vulnerabilities still move faster than the schemas they have to call.