Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: anthropic (9 articles)Clear

Anthropic to give EU cybersecurity agency ENISA access to Mythos via Project Glasswing - first non-US/UK entity, terms still negotiating

Anthropic is set to give the EU's cybersecurity agency ENISA access to its restricted Mythos model through Project Glasswing - making ENISA the first EU institution and first entity outside the US and UK to join. The move, communicated to the European Commission over the weekend, ends a weeks-long standoff after euro-area finance ministers, the ECB, and member states demanded access on learning Mythos had found flaws in systems European banks, governments, and critical infrastructure rely on. Terms covering data sovereignty, sharing findings with member states, and the scope of systems ENISA may test are still being negotiated. BNP Paribas and Mistral continue building a European alternative.

Check
EU-based organizations: track ENISA's Mythos access as a future channel for coordinated vulnerability findings affecting European infrastructure. Factor frontier-AI vulnerability discovery into your patch-SLA planning.
Affected
European banks, governments, and critical-infrastructure operators whose systems Mythos has already flagged but whose findings were not previously visible to any EU institution until ENISA's access.
Fix
Compress patch cycles in anticipation of AI-surfaced vulnerability disclosures. Engage national CERTs and ENISA channels as they mature. Assume similarly capable models will broaden access over coming months.

Anthropic confirms public Mythos rollout in 'coming weeks' - claimed more powerful than Opus 4.8, guardrails developed during preview

Anthropic has confirmed it will roll out Claude Mythos-class models to the general public in the coming weeks. Mythos was originally announced in April as a restricted preview available only to select security researchers and partners; Anthropic cited significant security risks if released too broadly. The company now says it has developed sufficient guardrails. Anthropic frames the trade-off as compressing the attacker advantage: 'in the short term, this could be attackers, if frontier labs aren't careful... in the long term, defenders will more efficiently direct resources and use these models to fix bugs.' Pricing and tier availability are not yet disclosed.

Check
Update internal AI-tool governance policies to cover Mythos-class capability tier. Identify which teams (security research, code audit, IR) would benefit from access once it ships.
Affected
Organizations with patch SLAs measured in weeks. Mythos-class models may surface unpatched flaws at attacker-tool speed; defenders need to compress SLAs to keep pace.
Fix
Tighten patch cycles on internet-facing services. Enroll qualifying security researchers in Anthropic's Cyber Verification Program. Draft internal disclosure policy before broad enablement.

Anthropic preparing to roll Claude Mythos into Claude Code and Claude Security - 'claude-mythos-1-preview' toggle briefly appeared publicly

Anthropic appears to be preparing the public rollout of Claude Mythos - the restricted security-focused frontier model that uncovered 10,000 high or critical vulnerabilities in its first month under Project Glasswing. References to 'claude-mythos-1-preview' have briefly appeared in the public Claude Code and Claude Security products, with at least one user reportedly seeing a toggle to enable Mythos before it was pulled. Anthropic originally announced Mythos in early preview on April 7 and held back the public release pending guardrails, warning the model 'can automatically develop functional cyberattacks at a highly professional level.' Pricing and tier availability are not yet disclosed.

Check
If you use Claude Code or Claude Security, watch for the Mythos toggle to appear. Review your Claude Max/Pro/Team subscription tier and any organizational data-handling policies for AI-coding tools.
Affected
Any organization using Claude Code or Claude Security where users may surface critical-severity flaws in supplier or open-source code that have not yet been responsibly disclosed.
Fix
Define an internal disclosure policy for Mythos findings before enabling broadly. Coordinate with the Anthropic Cyber Verification Program. Pair Mythos usage with patch-cycle compression on internet-facing services.

Anthropic Project Glasswing reveals 1,094 confirmed high/critical flaws and WolfSSL CVE-2026-5194 (CVSS 9.1) in first month with Apple, AWS, Microsoft, Google partners

Anthropic has named the program behind its Claude Mythos Preview model 'Project Glasswing' and disclosed the first-month results. Working with AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, the program flagged 6,202 high or critical vulnerability candidates across 1,000+ open-source projects; 1,726 were validated by human reviewers and 1,094 confirmed as genuine high or critical severity. A WolfSSL certificate-forgery flaw (CVE-2026-5194, CVSS 9.1) is the named-and-shamed example. 97 upstream patches and 88 security advisories have landed. Anthropic itself warns that finding flaws is far easier than fixing them.

Check
Audit your dependency manifest for WolfSSL across all projects and check the version (CVE-2026-5194 fix). Map your overall SBOM coverage of the 1,000+ open-source projects on Glasswing's scope.
Affected
Software relying on WolfSSL for certificate validation (IoT, network equipment, industrial systems). Broader: any defender whose patch SLAs are slower than AI-assisted vulnerability discovery rates.
Fix
Patch WolfSSL to the version fixing CVE-2026-5194. Compress patch SLAs on internet-facing services. Monitor Glasswing's public advisories for additional CVEs landing across the next 30-60 days.

Anthropic Mythos Preview AI finds 10,000+ high-severity flaws in widely used software; Cyber Verification Program launched

Anthropic has unveiled Claude Mythos Preview, a research-only AI model purpose-built for security tasks, and disclosed that it has used the model to find more than 10,000 high-severity vulnerabilities in widely used open-source and commercial software. Mythos has also been adapted to build end-to-end exploit chains and, in one Glasswing partner-bank case, helped block a $1.5 million fraudulent wire transfer. Anthropic is urging defenders to shorten patch windows because models with similar capability will soon be broadly available. It has launched a Cyber Verification Program that lets vetted researchers use the model without guardrails for legitimate vulnerability research, red teaming, and penetration testing.

Check
Audit your patch SLAs: how fast does a critical CVE move from vendor advisory to production? Aim for under 72 hours on internet-facing services.
Affected
Any organization that relies on adversaries lacking time to develop exploits. Mythos and similar models (OpenAI's GPT-5.5-Cyber) compress the exploit-development timeline dramatically.
Fix
Shorten patch testing and deployment cycles. Harden default configurations. Enforce phishing-resistant MFA. Apply for the Anthropic Cyber Verification Program if you do legitimate vulnerability research.

Anthropic launches 'Claude Security' for enterprises - the first major defensive product designed to keep up with AI-powered exploits that compress the time-to-attack to minutes

Anthropic launched Claude Security in public beta yesterday, an enterprise tool that scans code repositories for vulnerabilities, rates each finding's severity and confidence, and generates patch instructions that engineers can apply through Claude Code. The launch is direct response to Mythos and similar AI-driven offensive tools that have been compressing the time between vulnerability disclosure and active exploitation - LiteLLM was exploited 36 hours after disclosure last week, LMDeploy in 13 hours the week before. CrowdStrike, Microsoft Security, Palo Alto Networks, SentinelOne, Trend, and Wiz are integrating Claude Opus 4.7 into their platforms.

Check
If your organization holds a Claude Enterprise subscription, evaluate Claude Security against your existing static analysis tools this week.
Affected
Claude Enterprise customers can access Claude Security in public beta now via claude.ai/security or the Claude.ai sidebar. No API integration required. Team and Max access is coming soon. The deeper relevance is for any security team facing the new exploitation cadence: AI-driven offense has shrunk the patch window for several recent disclosures.
Fix
Pilot Claude Security on a non-critical repository first - point it at a side project before pointing it at production code. Scheduled scans give ongoing coverage rather than one-off audits. Pair the output with Claude Code on the Web to work through patches in a single session. For organizations not on Claude Enterprise: evaluate Aisle, Wiz Code, or GitHub Copilot Autofix on confidence rating and false positive rate.

Hackers raced to exploit a critical LiteLLM flaw 36 hours after disclosure - any attacker who could reach the proxy could read all stored AI API keys (CVE-2026-42208)

LiteLLM, the popular open-source gateway used to centralize API access for OpenAI, Anthropic, and other AI providers, has a critical pre-authentication SQL injection bug that attackers started exploiting just 36 hours after the security advisory went public. The flaw lets anyone who can reach the proxy port read all the API keys stored inside - including master keys, virtual keys, and provider credentials. The bug was in the bearer-token check: the token was concatenated into a SQL query instead of passed as a parameter. Sysdig saw the first attack at 04:24 UTC on April 26, hitting three tables that hold the most valuable secrets.

Check
If you run any internet-facing LiteLLM proxy, patch to v1.83.7-stable today and treat every API key, virtual key, and stored provider credential as compromised.
Affected
LiteLLM versions 1.81.16 through 1.83.6, internet-reachable on the default proxy port. CVE-2026-42208, CVSS 9.3, pre-auth SQL injection. Blast radius is closer to a full cloud account compromise than a typical web app bug because LiteLLM holds OpenAI, Anthropic, and AWS Bedrock credentials.
Fix
Patch to LiteLLM v1.83.7-stable. If you can't upgrade, set 'disable_error_logs: true' under 'general_settings' as a workaround. Rotate every virtual key, master key, and upstream provider credential. Audit upstream provider billing for unexpected API calls since April 24. Block traffic from 65.111.27.132 and 65.111.25.67 (AS200373).

Anthropic MCP STDIO design flaw exposes 200,000+ AI servers to RCE - 14 CVEs assigned, Anthropic calls it 'expected behavior' (backfill from April 15)

Backfill from April 15: OX Security disclosed an architectural flaw in the official Model Context Protocol SDKs (Python, TypeScript, Java, Rust) that lets attacker-controlled JSON config trigger arbitrary OS commands via the STDIO transport. Roughly 200,000 publicly reachable MCP servers and 150 million SDK downloads inherit the issue. OX has tied 14 CVEs to the same root cause across LiteLLM (patched), Bisheng (patched), Windsurf (zero-click RCE in Cursor-style IDEs, still reported), Flowise, LangFlow, GPT Researcher, Agent Zero, and DocsGPT. Anthropic declined to patch the protocol, calling the behavior 'expected.'

Check
Audit every MCP server installed in Claude Code, Cursor, and other AI dev tools, remove any whose origin you don't recognize, and treat MCP configs as executable code.
Affected
Any tool or service running an Anthropic-SDK MCP server with STDIO transport, especially when add/configure flow is exposed to user input or marketplaces. Confirmed-affected: LiteLLM, LangChain, LangFlow, Flowise, LettaAI, LangBot, DocsGPT, Bisheng, Windsurf, Cursor IDE workflows, GPT Researcher, plus any private MCP server built on the official SDK without input sanitization.
Fix
Patch downstream tools to fixed versions (LiteLLM, Bisheng, Cursor). Block public internet access to services that host MCP add/configure UIs. Treat all external MCP configuration input as untrusted; never let raw user input reach StdioServerParameters. Run MCP services in sandboxes with no production-secret access. Install MCP servers only from verified sources and pin to specific commits.

A small Discord group quietly accessed Anthropic's most powerful AI hacking tool 'Mythos' for two weeks via a contractor account (backfill from April 21)

Backfill from April 21: Anthropic confirmed an unauthorized Discord group quietly accessed Mythos - the company's most powerful AI cybersecurity tool, restricted to about 40 vetted partners including Apple, Microsoft, and Google. The group got in on the same day Mythos was announced (April 7) by piggybacking on a member who works at one of Anthropic's third-party contractors, then guessed the model's URL based on naming patterns from previously leaked information. Anthropic says the group used Mythos to build websites, not for attacks - but they had quiet access for two weeks. Mozilla used Mythos to find and patch 271 Firefox bugs.

Check
If you're a Project Glasswing partner, audit which contractor environments have access to Mythos and rotate any credentials they used since April 7.
Affected
Anthropic Project Glasswing partners (about 40 organizations including Apple, Microsoft, Google, Mozilla, Cisco) and their downstream contractors. Any organization granting AI tool access to third-party contractors without isolation - the same naming-pattern guess works if your past internal models have been leaked, making new models' URLs predictable.
Fix
For partners: rotate all credentials any contractor environment used to reach Mythos, audit Mythos query logs for unfamiliar patterns, segment contractor access from production AI tooling. For everyone: assume new AI tool URLs that follow your existing naming convention are guessable, randomize URL paths for restricted models, and treat third-party contractor accounts as a primary attack surface.