CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Claude Mythos uncovers thousands of zero-days across major systems via Project Glasswing

First reported
Last updated
4 unique sources, 5 articles

Summary

Hide ▲

Anthropic’s Project Glasswing, powered by the Claude Mythos Preview model, has now identified over 10,000 high- or critical-severity vulnerabilities across widely used software since its launch a month prior, including 6,202 high/critical flaws affecting more than 1,000 open-source projects. Anthropic reports that 1,726 of these candidates have been confirmed as true positives, with 1,094 assessed as high or critical severity. Critical fixes include a WolfSSL certificate forgery flaw (CVE-2026-5194, CVSS 9.1), and 97 vulnerabilities have already been patched upstream with 88 advisories issued. While Mythos Preview demonstrates unprecedented offensive security capabilities—such as autonomously crafting attack chains and detecting real-time fraud like a $1.5 million wire transfer attempt—99% of its discovered vulnerabilities remain unpatched as of May 2026. The model’s rapid vulnerability discovery is reshaping patch cycles, with vendors like Microsoft anticipating sustained increases in monthly patches, and Anthropic urging organizations to accelerate hardening, MFA enforcement, and log retention to mitigate escalating dual-use risks.

Timeline

  1. 08.04.2026 12:16 5 articles · 1mo ago

    Claude Mythos autonomously uncovers thousands of zero-days across major software platforms

    Anthropic discloses that Project Glasswing has helped uncover over 10,000 high- or critical-severity vulnerabilities since its launch a month prior, including 6,202 high/critical flaws impacting over 1,000 open-source projects. Subsequent analysis confirmed 1,726 true positives, with 1,094 assessed as high or critical severity. The initiative led to 97 upstream patches and 88 advisories, including a critical WolfSSL certificate forgery flaw (CVE-2026-5194, CVSS 9.1). Mythos Preview demonstrated real-world defensive utility by detecting and preventing a fraudulent $1.5 million wire transfer attempt. The model’s rapid vulnerability discovery is influencing patch cycles, with vendors like Microsoft anticipating sustained increases in monthly patches. Anthropic urges organizations to shorten patch testing timelines, harden default configurations, enforce multi-factor authentication, and maintain comprehensive logs to mitigate escalating dual-use risks.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Autonomous validation loop becomes critical as AI-driven attacks reach machine-speed execution

In April 2026, an AI system codenamed Mythos, operating within a restricted sandbox, autonomously generated 181 working Firefox exploits within 14 days, including previously unknown zero-days affecting major operating systems and browsers; over 99% of these vulnerabilities remain unpatched in production environments. A separate campaign in February 2026 demonstrated that a single low-skill operator using AI-driven tools compromised 2,516 FortiGate devices across 106 countries within minutes, exploiting only known CVEs and misconfigurations. These incidents underscore that offensive operations now execute at machine speed, rendering traditional vulnerability response cycles obsolete. Defensive strategies must shift from compliance-driven assessments to continuous, evidence-based validation to identify what adversaries can actually exploit and how far they can move laterally before any human-driven remediation can occur.

Open in new tab

Commercial AI models achieve autonomous vulnerability discovery and exploit generation in 2026

Commercial AI models have reached a milestone in 2026 where all tested systems can autonomously complete vulnerability research tasks and 50% can generate working exploits without manual intervention. In contrast, 55% of models failed basic vulnerability research and 93% failed exploit development in 2025. Leading models such as Claude Opus 4.6 and Kimi K2.5 demonstrate the ability to discover and exploit vulnerabilities using simple prompts, significantly lowering the barrier for inexperienced attackers. Testing by Forescout’s Verde Labs identified four previously unknown zero-day vulnerabilities in OpenNDS, including one missed during prior manual analysis, using a combination of single prompts, the RAPTOR agentic framework, and proprietary extensions. The results underscore the rapid advancement of AI-driven vulnerability discovery and its implications for both offensive and defensive cybersecurity operations.

Open in new tab

CISA Advocates for AI Company Integration into CVE Program Amid Record Vulnerability Growth

CISA’s Chief of the Vulnerability Response & Coordination (VRC) Branch, Lindsey Cerkovnik, emphasized the need for AI companies such as OpenAI and Anthropic to play a more formal role in the Common Vulnerabilities and Exposures (CVE) program during VulnCon26. The call follows rapid growth in vulnerability disclosures, with 2026 projections ranging from 50,000 to 70,135 CVEs—a 45.6% increase from 2025—driven in part by AI-driven discovery tools. New AI models like Anthropic’s Claude Mythos Preview and OpenAI’s GPT-5.4-Cyber have demonstrated capabilities to autonomously identify critical zero-day vulnerabilities, including a 27-year-old flaw in OpenBSD and a 16-year-old flaw in FFmpeg, as well as chains of vulnerabilities in the Linux kernel enabling privilege escalation. CISA’s push aligns with a broader diversification strategy for the CVE program, including the establishment of new working groups and a goal to expand the roster of CVE Numbering Authorities (CNAs).

Open in new tab

Frontier AI dependency recommendations found to generate flawed upgrade and patch guidance

A study by Sonatype analyzing 258,000 AI-generated dependency upgrade recommendations across Maven Central, npm, PyPI, and NuGet from June to August 2025 revealed that frontier AI models—including GPT-5.2, Claude Sonnet 3.7/4.5, Claude Opus 4.6, and Gemini 2.5 Pro/3 Pro—frequently produce hallucinated or incorrect upgrade paths, security fixes, and version recommendations. Nearly 28% of recommendations from earlier models were hallucinations, while even improved frontier models introduced faulty advice, leaving critical and high-severity vulnerabilities unresolved in production environments. The issue stems from the models’ lack of real-time dependency, vulnerability, compatibility, and enterprise policy context, leading to wasted developer time, unresolved exposures, and increased technical debt. Notably, some recommendations introduced known vulnerabilities into AI tooling stacks themselves, exacerbating risk within the models’ own infrastructure.

Open in new tab

Emergence of AI-powered attack and defense techniques reshaping cyber threat landscape in 2026

At RSAC 2026, SANS Institute researchers unveiled five AI-driven attack techniques becoming mainstream in 2026, fundamentally altering the cyber threat landscape. Independent researchers demonstrated AI-generated zero-day exploits at minimal cost ($116 in AI token expenses), breaking historical barriers to zero-day development. Supply chain attacks continued to surge, with malicious packages like the Shai-Hulud worm exposing 14,000 credentials across 487 organizations and a China-affiliated group compromising Notepad++ update infrastructure for six months. Operational Technology (OT) environments face increasing accountability crises due to lack of visibility, where evidence evaporates post-compromise and critical infrastructure incidents result in catastrophic outcomes with unclear attribution. Irresponsible AI deployment in Digital Forensics & Incident Response (DFIR) is generating false confidence and undermining response outcomes. Meanwhile, defenders are adopting autonomous defense frameworks like Protocol SIFT to counter AI-driven attacks, achieving up to 47x faster response times in simulated incidents.

Open in new tab