Anthropic — Glasswing Red Team Blog Discloses Thousands of AI-Found Zero-Days Across Major OS and Browsers

AI relevance: Anthropic's Claude Mythos Preview has identified thousands of zero-day vulnerabilities across every major operating system and web browser — and 99%+ of these findings remain unpatched, meaning defenders are racing against a clock that started ticking the moment the model was activated.

Details

• Anthropic published its Frontier Red Team blog alongside the Project Glasswing announcement, releasing technical details on a subset of vulnerabilities that Mythos Preview discovered and that have already been patched by vendors.
• FreeBSD NFS — CVE-2026-4747, a 17-year-old remote code execution hole in the Network File System implementation, now patched.
• OpenBSD TCP SACK — a 27-year-old remote crash bug in the TCP SACK handler, patched in OpenBSD 7.8.
• FFmpeg H.264 — a 16-year-old heap write vulnerability in the H.264 decoder.
• curl — one confirmed low-severity vulnerability planned for CVE publication with curl 8.21.0; curl maintainer Daniel Stenberg characterized Mythos' five "confirmed" findings as mostly non-security bugs after manual review.
• Firefox — Mythos surfaced 271 vulnerabilities in a single Firefox release cycle, all patched before publication, a volume that normally takes the broader security community several months.
• Palo Alto Networks — scanning its own product code with Mythos under Glasswing produced 26 CVEs covering 75 issues, several times the company's typical monthly disclosure volume.
• Anthropic estimates over 99% of Mythos-discovered vulnerabilities are not yet patched or disclosed, meaning they exist in no CVE database.
• Project Glasswing commits $100M in model usage credits and $4M in direct donations to open-source security organizations, with 12 founding partners (AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks) and 40+ additional participants.

Why It Matters

• The disclosure gap is critical: vulnerability management programs that rely on CVE feeds are blind to the class of risk Mythos is surfacing, since most findings have no CVE yet.
• The volume-to-severity ratio challenges assumptions about AI bug-hunting: while Mythos finds thousands of issues, independent reviewers (like curl's Stenberg) note many are low-severity or non-security bugs, raising questions about signal-to-noise in AI-assisted auditing.
• Project Glasswing represents the first coordinated defensive use of a frontier model that is explicitly considered too dangerous for public release — a precedent for how AI companies may gate cyber-capable models going forward.
• The 99% unpatched figure means every disclosed Mythos finding is effectively a race: if an adversary gains access to similar capabilities, the window to patch is measured in weeks, not months.

What to Do

• Organizations participating in Glasswing should prioritize Mythos findings by exploitability, not just severity score, and establish internal SLAs for remediation.
• Security teams should evaluate whether their CVE-dependent vulnerability management workflows need to incorporate AI-assisted source-code auditing for critical dependencies.
• Open-source maintainers receiving Mythos reports should plan for triage capacity — the volume of findings may exceed manual review bandwidth.
• Watch for Anthropic's 90-day Glasswing report (expected early July 2026), which should provide the first quantified data on whether the defender head-start strategy works in practice.

Sources

• Anthropic — Project Glasswing: Securing Critical Software for the AI Era
• Anthropic — Frontier Red Team Blog (Mythos Preview Technical Details)
• curl maintainer — Mythos Finds a curl Vulnerability