VulnCheck — Project Glasswing: Only 1 Confirmed CVE Despite Anthropic Mythos Hype

AI relevance: VulnCheck's independent audit of Anthropic's Project Glasswing reveals that despite Claude Mythos Preview's reported 72% exploit success rate, the publicly attributable output is just one CVE — highlighting the gap between benchmark performance and real-world vulnerability discovery.

Key Findings

• VulnCheck researcher Patrick Garrity searched the full CVE database for records mentioning "Anthropic" and found 75 total records, of which only 40 were credited to Anthropic researchers.
• Of those 40 CVEs, 10 came from external collaborations (e.g., Calif.io's MADBugs initiative), not from Glasswing itself.
• Only one CVE — CVE-2026-4747, a FreeBSD NFS remote code execution flaw — is explicitly attributed to Project Glasswing as autonomously identified and exploited.
• The remaining 30 Anthropic-credited CVEs affected Firefox (28), wolfSSL (9), and one each for NGINX Plus, FreeBSD, and OpenSSL.
• Neither the Glasswing report nor red.anthropic.com provides a comprehensive CVE list, making independent verification difficult.
• Melissa Bischoping (SANS Technology Institute / Tanium) notes that Claude Mythos Preview achieved ~72% exploit success rate — jumping from near-zero — suggesting exploit development is "no longer a high-skill, high-effort bottleneck."
• The gap between cutting-edge AI models and open-weight models has shrunk from over a year to just weeks, raising concerns about capability diffusion.
• Bischoping warns that organizational change control and bureaucracy "don't run at the speed of AI," making rapid patch response unrealistic for most enterprises.
• Anthropic plans a full public accounting of Glasswing-identified vulnerabilities in July 2026.

Why It Matters

The discrepancy between Mythos's benchmark performance (72% exploit success rate, thousands of zero-days found in testing) and its single publicly confirmed CVE matters for two reasons. First, it suggests that AI vulnerability discovery at scale may be harder to translate into coordinated disclosure than labs claim. Second, if the exploit capability gap between frontier and open models is collapsing to weeks, the same weaponization potential could become widely accessible soon — regardless of how many CVEs Anthropic formally discloses.

What to Do

• Treat AI-assisted exploit development as a present-day threat, not a future one — the $2,283 Chrome exploit chain proves commercial models are already capable.
• Accelerate patch deployment timelines for critical infrastructure; the traditional 30-90 day patch window may no longer be viable.
• Monitor open-weight model releases for capability jumps that narrow the gap with frontier models.
• Build agentic patch workflows that can operate at AI speed, including automated testing and rollback capability.

Sources

• Conzit — Project Glasswing: Unpacking the Limited Impact of Mythos
• Infinum — Project Glasswing: AI's Impact on Software Security
• Anthropic — Project Glasswing Official Page