Anthropic published the first report on its Project Glasswing program, under which the Claude Mythos AI model scanned more than 1,000 open-source projects and identified over 23,000 vulnerabilities, more than 6,200 of which were rated high or critical. At the same time, signs have appeared that the company is preparing the model for broader public access — mentions of claude-mythos-1-preview were spotted in the Claude Code and Claude Security interfaces. This situation raises a fundamental question for the industry: how to balance the enormous defensive potential of such tools against the risks of their misuse.
Project Glasswing results in numbers
Instead of an open release of the model announced in April 2026, Anthropic launched the closed Project Glasswing program. According to available information, around 50 partners gained access to Mythos, including Amazon Web Services, Apple, Cisco, CrowdStrike, Google, Microsoft and Nvidia. In addition, limited access was provided to a number of organizations and open-source projects via the Linux Foundation.
Key results from the first Glasswing report:
- More than 1,000 open-source projects that form the backbone of corporate infrastructure were scanned
- More than 23,000 vulnerabilities were discovered
- Over 6,200 vulnerabilities were classified as high or critical
- Of 1,752 critical and high-severity findings that underwent manual verification, 90.6% were confirmed as real vulnerabilities
An accuracy rate of 90.6% is a serious result for automated analysis. For comparison, traditional static application security testing (SAST) tools often generate from 30% to 70% false positives, depending on configuration and project type. According to the report, Mythos significantly reduces this problem.
The scale problem: patches can’t keep up with findings
A notable detail in the report is that some participants in the program admitted that the volume of identified issues exceeds their teams’ capacity to release fixes. This creates a paradoxical situation: a tool intended to strengthen defense is effectively generating information overload for security teams.
This aspect is at the core of Anthropic’s concerns. The company has warned that in the short term such tools may benefit attackers more than defenders. The logic is simple: an attacker needs only one exploitable vulnerability, whereas a defender has to close them all. If a model can automatically find thousands of unpatched vulnerabilities in popular software, the asymmetry between offense and defense grows.
Signs of an approaching public release
As BleepingComputer reports, users have discovered mentions of the claude-mythos-1-preview model in Claude Code and Claude Security. Some users, reportedly, even saw an option to switch to Mythos in the public version of Claude Code before this option was hidden.
In the Glasswing report itself, Anthropic stated plans to open public access to Mythos-class models in the “near future,” but only after creating more reliable safeguards. The appearance of the model identifier in user interfaces may indicate that technical preparations for launch are already underway.
It is worth noting that Anthropic has not yet issued direct official confirmation of specific timelines for a public release. The information about the model showing up in interfaces is based on user observations and a single news source.
Impact assessment and recommendations
The potential consequences of broad access to a model of this class affect several categories of organizations:
- Maintainers of open-source projects — are already under pressure from the stream of discovered vulnerabilities. A public release of the model will multiply the number of bug reports
- Companies that depend on open-source software — the more than 1,000 scanned projects “underpin corporate infrastructure and a significant part of the internet,” in Anthropic’s words
- Security teams — must be prepared for a sharp increase in the number of known vulnerabilities in the components they use
Organizations that use open-source software in critical infrastructure should already be conducting a dependency inventory (Software Bill of Materials), strengthening monitoring of vulnerability disclosures in key components, and assessing their ability to apply patches promptly. If participants in the closed Glasswing program admit they cannot keep up with the stream of findings, a public release of the model will make vulnerability prioritization a critically important skill for every security team.
Regardless of the timing of a public release of Claude Mythos, the very fact that a model exists with a confirmed vulnerability detection accuracy above 90% changes the landscape. Organizations should focus on three specific actions: creating and maintaining an up-to-date SBOM for all products, implementing an automated process for prioritizing and applying patches to open-source dependencies, and factoring into resource planning a scenario in which the number of known vulnerabilities in used components increases by an order of magnitude.
