Anthropic’s “Claude Mythos” reportedly found 10,000 critical software flaws, so why can’t anyone use it?

An AI model tied to Anthropic is being credited with uncovering more than 10,000 critical security vulnerabilities in just one month, bugs buried in the kinds of software that run the modern internet, from the Linux kernel to major web browsers.

The model, known as “Claude Mythos,” is also described as capable of taking the next step: turning a vulnerability into a working exploit after a simple prompt, with little to no human hand-holding. That combination, mass discovery plus automated exploitation, is exactly why Anthropic has kept it locked down, offering access only in tightly controlled partnerships.

A vulnerability-finding machine that could also supercharge attackers

Security researchers spend weeks or months validating a single serious bug: reproducing it, assessing impact, coordinating disclosure, and working with vendors on a fix. So when an AI system is said to have surfaced 10,000 “critical” issues in 30 days, it doesn’t just raise eyebrows, it rewrites the scale of what’s possible.

Even if not every finding is truly exploitable or earns the highest severity score, the implication is blunt: traditional audits, bug bounties, and automated scanners may still be missing a lot, even in software that’s constantly scrutinized.

One researcher frequently referenced in discussions around the model, Nicolas Carlini, has said he found more bugs in a few weeks using Mythos than across his entire career. Taken literally, that’s not just productivity, it’s leverage: a skilled human paired with a tool that can search faster and wider than any team.

But speed cuts both ways. If discovery accelerates faster than patching, the industry gets a backlog, and attackers get a window. Corporate patch cycles don’t magically become 100 times faster because an AI can file 100 times more reports.

Old bugs in “secure” projects, and blind spots in automated tools

Some of the most unsettling claims aren’t about brand-new zero-days, but about ancient vulnerabilities that allegedly slipped through for years.

One example cited: a 27-year-old bug in OpenBSD, a security-focused operating system with a reputation in tech circles somewhat akin to a “belt-and-suspenders” approach to code quality. The reported impact wasn’t necessarily the Hollywood version of a full remote takeover, but even a remote crash bug in a system famous for being hardened is a gut punch.

Another case: a 16-year-old vulnerability in FFmpeg, the open-source video processing workhorse embedded across the web, used in media pipelines, players, streaming services, and countless apps. The reporting around Mythos suggests the issue evaded automated tooling millions of times, underscoring a painful reality: scanners are good at what they’re designed to catch, and bad at what they’re not.

And when the target is the Linux kernel, the stakes balloon. Linux underpins huge swaths of cloud infrastructure, enterprise servers, networking gear, containers, and embedded devices. Kernel bugs, especially those that enable privilege escalation, often become key links in real-world attack chains.

The big claim: from finding flaws to generating working exploits

Finding a vulnerability is hard. Building a reliable exploit is often a separate specialty entirely. What makes Mythos different, according to descriptions of internal testing, is the alleged ability of a “Mythos Preview” system to both discover and exploit zero-day vulnerabilities across major operating systems and browsers on demand.

If that’s even partially true, it lowers the barrier to entry. In cybersecurity, lowering the cost of capability tends to increase the number of actors who can wield it, because you no longer need a top-tier exploit developer, just someone who can ask the right questions and operationalize the output.

Supporters argue the model isn’t just pattern-matching for common memory corruption mistakes. It’s described as reasoning about what software is supposed to do versus what it actually does, surfacing “logic” vulnerabilities that can sail through conventional reviews because nothing looks obviously forbidden.

Skeptics, point out the gap between a controlled demo and messy reality: different versions, partial patches, mitigations, build flags, and real-world configurations can turn exploitation into a reliability nightmare. But attackers don’t need a 100% success rate if they can try thousands of paths in parallel.

Why Anthropic is keeping Mythos behind a wall

Anthropic has opted against public release. Instead, access reportedly runs through a controlled program called Project Glasswing, described as a coalition that includes major industry players such as Amazon Web Services, Microsoft, Google, Apple, Cisco, Nvidia, and CrowdStrike.

The logic is straightforward: if a tool can systematically map and potentially weaponize zero-days, you don’t ship it like a consumer chatbot. You gate it, monitor usage, and try to ensure vulnerabilities are disclosed responsibly to vendors before details leak.

In France, a government-backed cybersecurity hub known as Campus Cyber has circulated warnings about the risks of mass vulnerability discovery, specifically the danger that flaws could be “weaponized” faster than organizations can patch. For American readers, think of it as a national cyber center convening industry and government stakeholders, sounding an alarm about a new capability that could tilt the balance toward attackers if mishandled.

Controlled access also creates traceability: who asked for what, against which targets, under what rules, and with what disclosure commitments. On paper, it’s a clean-room approach. In practice, it’s hard, because vulnerability information spreads through tickets, reports, email threads, and vendor systems. One leak can turn “responsible disclosure” into an instant shopping list.

The real bottleneck: patching, not finding

The debate around Mythos splits into two competing narratives. One casts it as a cyber superweapon that could crack hardened systems at will. The other frames it as a desperately needed force multiplier for defenders in an industry drowning in technical debt and understaffed security teams.

Both can be true. A tool that helps vendors and researchers find flaws faster can also help criminals move faster, especially if exploit generation is part of the package.

The most immediate risk may be operational, not cinematic: patch paralysis. Even with responsive vendors, fixes require testing and coordination. Inside companies, patch management collides with uptime demands, legacy systems, undocumented dependencies, and the reality that many critical servers aren’t rebooted lightly. If AI-driven discovery floods the pipeline, organizations will triage, and accept that some holes stay open longer.

Whether Mythos lives up to the hype, its mere existence is already pressuring organizations to reduce attack surface, tighten segmentation, and shorten patch timelines. If it forces the industry to stop pretending its current methods are “good enough,” that may be the most consequential impact of all.