Claude found 10,000 critical bugs in a month — humans are now the bottleneck

An unreleased Anthropic model has found more than ten thousand high- and critical-severity software vulnerabilities in a single month, across the codebases of about fifty partner organizations. The model, known internally as Claude Mythos Preview, was pointed at open-source libraries, browsers, and infrastructure that run a large share of the modern internet. The result inverts the long-standing math of software security. Finding the bugs is no longer the hardest part of the job. Patching them is.

The program is called Project Glasswing, and Anthropic launched it about a month before publishing this first batch of numbers. Roughly fifty partner organizations agreed to scan their own production code with the model. Cloudflare turned it loose on its critical systems and reported back around two thousand findings, four hundred of them rated high or critical. Mozilla ran it against Firefox and surfaced 271 distinct flaws in the next major browser release, more than ten times what the same team produced for the previous version with the publicly available Claude Opus 4.6.

What those numbers mean depends on which software you actually use. The model uncovered a certificate-forgery flaw in wolfSSL, a cryptography library that sits inside billions of consumer routers, smart-home hubs, and industrial controllers. The vulnerability now carries a CVE identifier, CVE-2026-5194, and a patch is in distribution. The same scanning effort across more than a thousand open-source projects produced an estimated 6,202 high- or critical-severity issues. These are not academic findings on toy benchmarks. They are bugs in the actual code that handles your encrypted connections, your browser tabs, and the machines on the other end of the wires.

Mythos Preview is not a Claude version anyone can buy. Anthropic has chosen not to release it publicly. The company argues that the same model that finds vulnerabilities at this scale would, in the wrong hands, become a weapons-grade exploit generator. “No company,” the announcement notes, “has developed safeguards strong enough to prevent such models from being misused.” For now Mythos Preview lives inside a controlled program with vetted partners and a coordinated disclosure pipeline.

What kinds of bugs is the model finding? Memory-safety errors in C and C++ libraries, certificate-handling flaws like the wolfSSL one, logic errors in network-protocol implementations, and authentication holes in widely deployed services. These are the categories that have driven decades of real-world breaches. The UK AI Security Institute reports that Mythos Preview is the first model it has tested that solves both of its end-to-end cyber range simulations, controlled environments built to mimic full attacker workflows. The independent security firm XBOW called the model a “significant step up” from earlier work, with what it described as “absolutely unprecedented precision.”

The next question, for anyone who has worked with automated scanners, is how many of these findings are real. Independent security firms reviewed 1,752 of the high- and critical-rated reports. About 90.6 percent, 1,587 of them, checked out as legitimate vulnerabilities. That is a far cleaner signal than the typical noise rate of fuzzing or pattern-matching tools, and Cloudflare reported the model’s false-positive rate was, in its own tests, better than what its human red-team members produced. But it still means roughly one in ten claims is a false alarm. At this scale, that adds up to around a thousand non-bugs in the pile, each one a human still has to read and reject.

The harder problem is what happens once a real bug gets disclosed. By the time of this first update, only 75 of the 530 high- and critical-severity vulnerabilities reported to maintainers had been patched. The average fix is taking about two weeks. Some open-source maintainers, reportedly overwhelmed, have asked Anthropic to slow the pace of disclosures. “Progress on software security used to be limited by how quickly we could find new vulnerabilities,” the company writes. “Now it’s limited by how quickly we can verify, disclose, and patch the large numbers of vulnerabilities found by AI.”

For an ordinary user, the practical takeaway is unglamorous. Software you use today, possibly the browser this page loaded in, almost certainly has critical bugs that an AI knows about and humans have not yet fixed. Coordinated disclosure assumes a patch arrives before the public announcement, and that ordering only holds when patches actually arrive on schedule. Project Glasswing is, for now, anchored in the United States and the United Kingdom. Cloudflare, Mozilla, the UK AI Security Institute, and XBOW are the named participants. No equivalent disclosure-coordination program exists in most other countries. Whether bugs the model finds in Brazilian, Indian, Japanese, or Korean software stacks get treated with the same urgency is an open question.

Anthropic says Project Glasswing is expanding to additional partners. The Mythos Preview model itself remains off the market, and the company has not given a public-release timeline; any wider deployment, by its own current view, would require safeguards that do not yet exist. A second update is expected later in 2026. The metric to watch will not be how many bugs an AI can find. It will be how many of them the humans on the other end have had time to fix.