Claude Mythos Preview identifies more than 10,000 critical vulnerabilities and will expand tools to select customers

Anthropic claims to have identified more than 10,000 critical vulnerabilities thanks to its artificial intelligence (AI) model for cybersecurity Claude Mythos Previewwhich has already helped companies like Claudflare, Mozilla or Microsoft, and which will begin to offer some of its security tools to clients that meet their requirements.

The company presented Claude Mythos at the beginning of April as part of its cybersecurity initiative Project Glasswingwhich brings together technology companies such as Amazon Web Serivces, Apple, Google, Microsoft and Nvidia, to protect “the world’s most critical software”, with the aim of identifying high severity vulnerabilities in all major operating systems and web browsers.

Since then, Anthropic and its partners have been using the Claude Mythos Preview model to detect high or critical severity vulnerabilities in various software. As a result, the technology company has stated that They have found more than 10,000 vulnerabilities of these characteristics in different services.

This was detailed in a statement on his blog, where he clarified that, after a month of using this model, the majority of members have detected hundreds of critical or high severity vulnerabilities and several have detected that their Error detection rate has increased more than tenfold.

In the case of Cloudflarehas detailed what he has found 2,000 errors in your critical systems using Claude Mythos, 400 of them of high or critical severityand with a false positive rate that the company considers “better than that of human evaluators.”

Following this line, Mozilla has indicated that he has discovered and fixed 271 vulnerabilities in Firefox 150 during his tests with Mythos Preview. That is, ten times more bugs than those found in Firefox 148 with Claude Opus 4.6.

Another example of the model’s capabilities has been offered by UK AI Safety Institute, which has reported that Mythos Preview is “the first model capable of solving its two cybernetic scenarios from start to finish“, which are based on multi-stage cyberattack situations.

Mythos Preview has also highlighted in other types of cybersecurity tasks. As the company has highlighted, it was able to detect and prevent a fraudulent bank transfer of 1.5 million dollars at one of the banks associated with the Glasswing project, after a cybercriminal compromised a customer’s email account and made fraudulent phone calls.

DRIVING VULNERABILITY FIXES

Thus, the ability to identify more vulnerabilities more quickly and accurately allows the companies that support said software to verify, disclose and correct also in a more agile way. As a result, it makes it easier for end users to update their software before attackers can exploit a vulnerability.

This can be seen in companies like Microsoftwhich recently detailed in its May security update that its Future updates “will continue to increase in size for a while,” because automation tools have “matured” and “increasingly use AI to examine ‘software’ more closely and frequently.” Anthropic has referred to these advances as being due to Mythos Preview. In the same way, Oracle has also assured what is detecting and correcting vulnerabilities in their products and in the cloud at a speed “much greater than before.”

MYTHOS PREVIEW TO ANALYZE OPEN SOURCE PROJECTS

Furthermore, Anthropic has also shared that they have been using the AI ​​model to analyze 1,000 open source projects in recent months. In this case, Mythos Preview has found a total of 23,019 vulnerabilitiesof which 6,202 were high and critical severity.

Specifically, of the critical vulnerabilities found, 1,752 have been “thoroughly” evaluated and, as a result, they have clarified that the 90.6 percent (1,587) were found to be true positives and 62.4 percent were confirmed as high severity.

The company has shared examples of these vulnerabilities in open source services, such as the wolfSSL cryptography library, where Mythos Preview managed to create an exploit that allowed certificates to be forged to host a fake website for a bank or email provider.

To show all these findings, Anthropic has created a dashboard with all the open source vulnerabilities they have analyzed, where shows outreach steps and allows you to track your progress.

So far, the company has informed those responsible for maintaining these open source projects about 530 high or critical severity errors. Of them, 75 have already been patched, and 65 of them have received public notices.

However, Anthropic has pointed to a gap between the “relative ease of finding vulnerabilities”, compared to the difficulty for service providers to correct themsince on average, a high or critical severity bug detected by Mythos Preview takes two weeks to fix. “Successfully overcoming this challenge will make our software much more secure,” he said.

ADOPT CLAUDE MYTHOS IN THE FUTURE

With all this, Anthropic has announced that they will soon be more widely available models with cybersecurity capabilities similar to those of Mythos Preview.

Likewise, it has launched Claude Security in public beta for users subscribed to Claude Enterprise, a tool that helps Analyze companies’ code bases for vulnerabilities and, in addition, generate solution proposals.

In addition, he has also indicated that they are putting some Mythos Preview tools available to the customer security equipment that meets requirements necessary, with prior request. This includes skills, a system for mapping source code, and a threat model generator.

For the rest, the technology company has reiterated that Mythos Preview remains unavailable to the general public because no companyincluding Anthropic, has developed security measures “strong enough to avoid the misuse of said models and the serious damage they could cause.

“In the near future, once we have developed the much stronger security measures we need, we hope to release the Mythos class models to the public,” Anthropic said.