Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: mythos (8 articles)Clear

Anthropic to give EU cybersecurity agency ENISA access to Mythos via Project Glasswing - first non-US/UK entity, terms still negotiating

Anthropic is set to give the EU's cybersecurity agency ENISA access to its restricted Mythos model through Project Glasswing - making ENISA the first EU institution and first entity outside the US and UK to join. The move, communicated to the European Commission over the weekend, ends a weeks-long standoff after euro-area finance ministers, the ECB, and member states demanded access on learning Mythos had found flaws in systems European banks, governments, and critical infrastructure rely on. Terms covering data sovereignty, sharing findings with member states, and the scope of systems ENISA may test are still being negotiated. BNP Paribas and Mistral continue building a European alternative.

Check
EU-based organizations: track ENISA's Mythos access as a future channel for coordinated vulnerability findings affecting European infrastructure. Factor frontier-AI vulnerability discovery into your patch-SLA planning.
Affected
European banks, governments, and critical-infrastructure operators whose systems Mythos has already flagged but whose findings were not previously visible to any EU institution until ENISA's access.
Fix
Compress patch cycles in anticipation of AI-surfaced vulnerability disclosures. Engage national CERTs and ENISA channels as they mature. Assume similarly capable models will broaden access over coming months.

Anthropic confirms public Mythos rollout in 'coming weeks' - claimed more powerful than Opus 4.8, guardrails developed during preview

Anthropic has confirmed it will roll out Claude Mythos-class models to the general public in the coming weeks. Mythos was originally announced in April as a restricted preview available only to select security researchers and partners; Anthropic cited significant security risks if released too broadly. The company now says it has developed sufficient guardrails. Anthropic frames the trade-off as compressing the attacker advantage: 'in the short term, this could be attackers, if frontier labs aren't careful... in the long term, defenders will more efficiently direct resources and use these models to fix bugs.' Pricing and tier availability are not yet disclosed.

Check
Update internal AI-tool governance policies to cover Mythos-class capability tier. Identify which teams (security research, code audit, IR) would benefit from access once it ships.
Affected
Organizations with patch SLAs measured in weeks. Mythos-class models may surface unpatched flaws at attacker-tool speed; defenders need to compress SLAs to keep pace.
Fix
Tighten patch cycles on internet-facing services. Enroll qualifying security researchers in Anthropic's Cyber Verification Program. Draft internal disclosure policy before broad enablement.

Anthropic preparing to roll Claude Mythos into Claude Code and Claude Security - 'claude-mythos-1-preview' toggle briefly appeared publicly

Anthropic appears to be preparing the public rollout of Claude Mythos - the restricted security-focused frontier model that uncovered 10,000 high or critical vulnerabilities in its first month under Project Glasswing. References to 'claude-mythos-1-preview' have briefly appeared in the public Claude Code and Claude Security products, with at least one user reportedly seeing a toggle to enable Mythos before it was pulled. Anthropic originally announced Mythos in early preview on April 7 and held back the public release pending guardrails, warning the model 'can automatically develop functional cyberattacks at a highly professional level.' Pricing and tier availability are not yet disclosed.

Check
If you use Claude Code or Claude Security, watch for the Mythos toggle to appear. Review your Claude Max/Pro/Team subscription tier and any organizational data-handling policies for AI-coding tools.
Affected
Any organization using Claude Code or Claude Security where users may surface critical-severity flaws in supplier or open-source code that have not yet been responsibly disclosed.
Fix
Define an internal disclosure policy for Mythos findings before enabling broadly. Coordinate with the Anthropic Cyber Verification Program. Pair Mythos usage with patch-cycle compression on internet-facing services.

Anthropic Project Glasswing reveals 1,094 confirmed high/critical flaws and WolfSSL CVE-2026-5194 (CVSS 9.1) in first month with Apple, AWS, Microsoft, Google partners

Anthropic has named the program behind its Claude Mythos Preview model 'Project Glasswing' and disclosed the first-month results. Working with AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, the program flagged 6,202 high or critical vulnerability candidates across 1,000+ open-source projects; 1,726 were validated by human reviewers and 1,094 confirmed as genuine high or critical severity. A WolfSSL certificate-forgery flaw (CVE-2026-5194, CVSS 9.1) is the named-and-shamed example. 97 upstream patches and 88 security advisories have landed. Anthropic itself warns that finding flaws is far easier than fixing them.

Check
Audit your dependency manifest for WolfSSL across all projects and check the version (CVE-2026-5194 fix). Map your overall SBOM coverage of the 1,000+ open-source projects on Glasswing's scope.
Affected
Software relying on WolfSSL for certificate validation (IoT, network equipment, industrial systems). Broader: any defender whose patch SLAs are slower than AI-assisted vulnerability discovery rates.
Fix
Patch WolfSSL to the version fixing CVE-2026-5194. Compress patch SLAs on internet-facing services. Monitor Glasswing's public advisories for additional CVEs landing across the next 30-60 days.

Anthropic Mythos Preview AI finds 10,000+ high-severity flaws in widely used software; Cyber Verification Program launched

Anthropic has unveiled Claude Mythos Preview, a research-only AI model purpose-built for security tasks, and disclosed that it has used the model to find more than 10,000 high-severity vulnerabilities in widely used open-source and commercial software. Mythos has also been adapted to build end-to-end exploit chains and, in one Glasswing partner-bank case, helped block a $1.5 million fraudulent wire transfer. Anthropic is urging defenders to shorten patch windows because models with similar capability will soon be broadly available. It has launched a Cyber Verification Program that lets vetted researchers use the model without guardrails for legitimate vulnerability research, red teaming, and penetration testing.

Check
Audit your patch SLAs: how fast does a critical CVE move from vendor advisory to production? Aim for under 72 hours on internet-facing services.
Affected
Any organization that relies on adversaries lacking time to develop exploits. Mythos and similar models (OpenAI's GPT-5.5-Cyber) compress the exploit-development timeline dramatically.
Fix
Shorten patch testing and deployment cycles. Harden default configurations. Enforce phishing-resistant MFA. Apply for the Anthropic Cyber Verification Program if you do legitimate vulnerability research.

Google is paying $1.5 million for a Pixel hack and cutting Chrome rewards because AI is finding bugs faster than humans can submit reports

Google overhauled its Vulnerability Reward Program for Android and Chrome on May 1 in response to AI tools reshaping bug hunting. The maximum Pixel Titan M reward jumped to $1.5 million for a zero-click exploit with persistence. Chrome payouts dropped across categories. Google is rewarding 'actionable reports' with concrete exploits and suggested fixes rather than raw bug volume - a response to AI tools like Anthropic's Mythos and OpenAI's GPT-5.4-Cyber generating more vulnerability reports than security teams can triage. Google paid a record $17.1 million in 2025 (up 40% from 2024) and expects 2026 aggregate rewards to increase further despite per-bug cuts.

Check
If your organization runs a bug bounty program, decide this quarter whether you reward per-finding or per-impact - the AI-generated bug volume is making the per-finding model financially unsustainable.
Affected
Any organization running a vulnerability reward program is facing the same volume problem Google is responding to. Independent security researchers face per-bug payment cuts industry-wide as programs adjust. The Internet Bug Bounty pause is a signal that mid-tier programs without Google's scale will struggle most.
Fix
Restructure bounty programs to reward proof of exploitation (working PoC, demonstrated impact) rather than report volume. Add quality gates: detailed reproduction steps, proposed fixes, impact analysis. Use AI tools defensively to triage incoming reports. For independent researchers: focus on high-value targets where AI struggles (complex multi-step exploits, business logic flaws) rather than competing on volume.

Anthropic launches 'Claude Security' for enterprises - the first major defensive product designed to keep up with AI-powered exploits that compress the time-to-attack to minutes

Anthropic launched Claude Security in public beta yesterday, an enterprise tool that scans code repositories for vulnerabilities, rates each finding's severity and confidence, and generates patch instructions that engineers can apply through Claude Code. The launch is direct response to Mythos and similar AI-driven offensive tools that have been compressing the time between vulnerability disclosure and active exploitation - LiteLLM was exploited 36 hours after disclosure last week, LMDeploy in 13 hours the week before. CrowdStrike, Microsoft Security, Palo Alto Networks, SentinelOne, Trend, and Wiz are integrating Claude Opus 4.7 into their platforms.

Check
If your organization holds a Claude Enterprise subscription, evaluate Claude Security against your existing static analysis tools this week.
Affected
Claude Enterprise customers can access Claude Security in public beta now via claude.ai/security or the Claude.ai sidebar. No API integration required. Team and Max access is coming soon. The deeper relevance is for any security team facing the new exploitation cadence: AI-driven offense has shrunk the patch window for several recent disclosures.
Fix
Pilot Claude Security on a non-critical repository first - point it at a side project before pointing it at production code. Scheduled scans give ongoing coverage rather than one-off audits. Pair the output with Claude Code on the Web to work through patches in a single session. For organizations not on Claude Enterprise: evaluate Aisle, Wiz Code, or GitHub Copilot Autofix on confidence rating and false positive rate.

A small Discord group quietly accessed Anthropic's most powerful AI hacking tool 'Mythos' for two weeks via a contractor account (backfill from April 21)

Backfill from April 21: Anthropic confirmed an unauthorized Discord group quietly accessed Mythos - the company's most powerful AI cybersecurity tool, restricted to about 40 vetted partners including Apple, Microsoft, and Google. The group got in on the same day Mythos was announced (April 7) by piggybacking on a member who works at one of Anthropic's third-party contractors, then guessed the model's URL based on naming patterns from previously leaked information. Anthropic says the group used Mythos to build websites, not for attacks - but they had quiet access for two weeks. Mozilla used Mythos to find and patch 271 Firefox bugs.

Check
If you're a Project Glasswing partner, audit which contractor environments have access to Mythos and rotate any credentials they used since April 7.
Affected
Anthropic Project Glasswing partners (about 40 organizations including Apple, Microsoft, Google, Mozilla, Cisco) and their downstream contractors. Any organization granting AI tool access to third-party contractors without isolation - the same naming-pattern guess works if your past internal models have been leaked, making new models' URLs predictable.
Fix
For partners: rotate all credentials any contractor environment used to reach Mythos, audit Mythos query logs for unfamiliar patterns, segment contractor access from production AI tooling. For everyone: assume new AI tool URLs that follow your existing naming convention are guessable, randomize URL paths for restricted models, and treat third-party contractor accounts as a primary attack surface.