An AI model has achieved what human auditors struggled to accomplish for decades. Recently, Anthropic’s Claude Mythos Preview identified over 23,000 potential vulnerabilities in more than 1,000 open-source software projects. Independent reviewers have validated that a significant number of these flagged vulnerabilities are indeed serious security risks.
Out of the 23,000 vulnerabilities discovered, independent security firms confirmed 1,726 as authentic vulnerabilities, with over 1,000 assessed as high or critical severity.
#What Findings Did Mythos Reveal
The scan conducted under Anthropic’s Project Glasswing initiative targeted crucial software components. The aim was to leverage semi-autonomous AI technology to detect vulnerabilities that traditional auditing methods often overlook. One remarkable find was a flaw in OpenBSD that remained hidden for a staggering 27 years, despite OpenBSD's commitment to security.
The Mythos model's scan revealed vulnerabilities across all major operating systems and web browsers. These findings were released at the end of May 2026, expanding upon an earlier April blog post detailing the model's capabilities.
#Why Should Crypto Investors Take Note
It is important for investors in cryptocurrency to be aware that none of the 23,000 flagged vulnerabilities pointed specifically to cryptocurrency tokens or blockchain protocols. However, a large portion of crypto infrastructure operates on open-source software, including node clients, wallets, bridges, DeFi protocols, and exchanges. These systems rely on libraries, operating systems, and networking stacks that were part of the Mythos scan.
Additionally, the confirmation rate for this initiative is noteworthy, with a 7.5% true positive rate among the flagged vulnerabilities. This level of validation is impressive for automated scanning at this scale, reinforcing the importance of such technologies in enhancing software security.