Models

Severe Security Vulnerabilities Spiked 3.5x After Claude Mythos Preview Release

A massive surge in high- and critical-severity cyber vulnerability disclosures followed the internal deployment of Anthropic’s autonomous security model.

ATAI Tools Worth News Desk · News DeskJuly 4, 20262 min read✓ Independently fact-checked
The quick version
  • In June 2026, major tech organizations published roughly 1,500 high- and critical-severity CVEs, representing a 3.5-fold increase over the previous monthly record.
  • The spike occurred after Anthropic’s April 2026 announcement that its Claude Mythos Preview model could autonomously find and exploit software bugs.
  • Anthropic’s Project Glasswing partners, including Microsoft, Google, AWS, and Apple, have reportedly identified more than 10,000 severe vulnerabilities.
  • OpenAI has deployed a similar autonomous cyber-hardening product named Daybreak to identify and patch system flaws before malicious actors can exploit them.

A massive surge in severe cybersecurity vulnerability disclosures occurred in mid-2026, closely trailing the deployment of autonomous AI bug-hunting models. According to a report by Epoch AI, notable technology organizations published approximately 1,500 high- and critical-severity Common Vulnerabilities and Exposures (CVEs) in June 2026. This volume represents a 3.5-fold increase over the highest monthly record observed prior to the release of Anthropic’s Claude Mythos Preview.

How did Claude Mythos trigger the CVE spike?

The spike in public security disclosures follows Anthropic’s April 2026 announcement that its Claude Mythos Preview model was capable of autonomous vulnerability discovery and exploitation. To prevent malicious actors from utilizing the model’s capabilities, Anthropic initiated Project Glasswing. This coalition allowed key partners—including Microsoft, Google, Apple, and AWS—to deploy the model to locate and patch critical security flaws before the AI system’s public release.

Epoch AI analyzed data from the public cve.org repository, focusing specifically on reports submitted by 21 major organizations, such as Adobe, Cisco, Intel, Red Hat, and Qualcomm, to filter out low-quality submissions. The data suggests that the deployment of frontier models for defensive cyber-hardening has radically accelerated the speed at which software giants can identify and document infrastructure flaws. Developers looking to secure their own codebases can explore the best AI coding tools currently available for automated assistance.

What are the security implications of Project Glasswing?

While the June disclosures represent a historic peak in public CVEs, they only scratch the surface of what these models have uncovered. Anthropic claims that Project Glasswing has discovered more than 10,000 high- or critical-severity vulnerabilities since its inception, many of which remain unreleased to the public while vendors work on patches. Simultaneously, OpenAI has been running a parallel defensive effort using its own security-focused product, Daybreak.

This shift toward automated, AI-driven vulnerability discovery presents a double-edged sword. While it allows major software providers to rapidly harden their systems, it also highlights the raw capability of frontier models to map out software exploits. Security researchers warn that if these autonomous capabilities fall into the hands of bad actors, the window of time between vulnerability discovery and active exploitation will shrink dramatically.

3.5xIncrease in monthly high-severity CVE disclosures following the Claude Mythos announcement

Frequently asked questions

What is Anthropic’s Project Glasswing?

Project Glasswing is a collaborative cybersecurity initiative by Anthropic and major partners, including Google, Microsoft, Apple, and AWS, that uses the Claude Mythos Preview model to autonomously find and patch high-severity software vulnerabilities.

How many vulnerabilities did Claude Mythos find?

According to Anthropic, Project Glasswing has identified more than 10,000 high- and critical-severity vulnerabilities, though many have not yet been publicly disclosed.

What is OpenAI’s equivalent to Claude Mythos for security?

OpenAI utilizes a product called Daybreak, which is designed to use frontier AI models to secure and harden critical software infrastructure against potential exploits.

Our tested pick

If you want to integrate automated testing and assistance into your development workflow, check out our tested guide to the best AI coding tools.

Best AI Coding Tools (2026): 7 Tested & Ranked →

Source: Hacker News. Published July 4, 2026.

AT
AI Tools Worth News Desk
News Desk · AI Tools Worth

The AITW News Desk tracks model releases and AI product launches daily. Every story is fact-checked against its primary source before publishing and edited by Ali Zayed — and always links back to the original source.

AI Tools Worth is independent and unsponsored. Some linked guides contain affiliate links — they never change our verdicts.

THE 5-MINUTE AI BRIEF
Know which AI tools are actually worth it — in one weekly email

Hands-on verdicts, real price changes and the launches that matter. No hype, no spam — unsubscribe anytime.

Free forever. We never share your email. By the AI Tools Worth editorial team.
THE 5-MINUTE AI BRIEF
Weekly verdicts on AI tools worth paying for — free, no hype