A month of real-world testing by leading companies is giving us a better idea of Anthropic’s Mythos frontier LLM’s capabilities in security. The company’s update, which comes a month after the initial release of Project Glasswing, suggests the model is surfacing real vulnerabilities at scale while also highlighting ongoing challenges around noise and trust in its output.
In total, Anthropic says Mythos has scanned more than 1,000 open source software projects and identified 6,202 bugs it classifies as high or critical severity. That makes the model one of the most prominent examples yet of AI being used to hunt for flaws in live codebases, especially in security-sensitive open source software.
But the headline is not just about volume. It is also about reliability. The latest findings point to a system that can clearly find issues but still produces hallucinations and false positives. Although the false positive rate remains within normal industry levels, Mythos’ ability to uncover multi-step attacks means the time required for investigation can quickly compound.
What the Update Says
According to Anthropic, Mythos passed 28% of the high or critical severity findings, or 1,752 bugs, to six independent security research firms for review. Those firms found a 9.4% false positive rate and confirmed 62.4% of the bugs as genuinely high or critical severity.
Anthropic also said it has so far disclosed 530 of the bugs to open source maintainers and hopes to disclose another 827 as quickly as possible. Of the 530 already reported, 75 have been patched and 65 have received public advisories. Anthropic said the patch rate reflects a broader problem in the security ecosystem, noting that even with a relatively slow disclosure pace, Mythos Preview is adding pressure to an already overloaded system.
One example Anthropic highlighted was a critical WolfSSL vulnerability, CVE-2026-5194, which it rated CVSS 9.1. The company said the bug could allow certificate forgery, underscoring the kind of high-stakes issue the model can surface when it works as intended.
Why the Results Matter
Mythos has generated both excitement and concern because it appears capable of chaining together multiple steps in an attack in ways earlier AI systems could not. That raises the stakes. A model that can move from one weakness to another and assemble a proof of concept is not just a scanner. It is closer to an active security analyst and potentially a powerful offensive tool as well.
That is one reason Anthropic has not released the model publicly. Instead, it has limited access to a small group of companies through Project Glasswing, a controlled program designed to test the model in real security environments. The approach lets Anthropic gather feedback while reducing the risk of the system being misused at scale.
The early reception has been largely positive. Participating companies have reportedly found thousands of high-severity flaws, including bugs affecting major operating systems and popular web browsers. That suggests Mythos can deliver real value to defenders, especially when paired with strong triage and human review.
Still, the latest update complicates the picture. A 9.4% false positive rate is not high by industry standards, but because Mythos is finding thousands of bugs, the absolute number of false positives can still create significant operational friction.
What Comes Next
Cloudflare’s Chief Security Officer, Grant Bourzikas, said Mythos represents “a clear improvement” over earlier models, but he also warned that hallucinations and false positives remain an ongoing challenge:
“Ask a model to find bugs, and it will find them, whether the code has any or not. Findings come back hedged with ‘possibly,’ ‘potentially,’ and ‘could in theory,’ and the hedged findings vastly outnumber the solid ones. That’s a reasonable bias for an exploratory tool. It’s a ruinous one for a triage queue.”
His point was that the model may be better at producing useful output, but it is still probabilistic, meaning the same request can yield different results depending on how and when it is asked.
That inconsistency matters because security teams need reliable triage, not just interesting findings. If a model produces too many hedged or uncertain results, it can slow the very teams it is meant to help. As Bourzikas noted, faster scanning alone does not solve the deeper problem because patching still depends on testing, validation, and safe deployment.
Anthropic is also trying to strengthen the wider ecosystem around the model. It has partnered with the Open Source Security Foundation’s Alpha-Omega project to help OSS teams triage bug reports, while other partners such as Cisco are open-sourcing related security frameworks.
For now, Mythos looks like a strong signal that frontier models can materially change software security. But the update also shows the limits of that promise. The harder part may not be finding bugs, but proving which ones matter and fixing them without creating new problems in the process.
