Efforts to cut through the buzz surrounding Anthropic’s Mythos are emerging. As OpenAI moves to counter the hype around it with its own cybersecurity model, VulnCheck is reporting that the model’s publicly attributable output amounts to just one confirmed CVE.
While Project Glasswing, the controlled access program for Mythos, promises a powerful offensive capability, gated behind vetted organizations, VulnCheck’s recent findings reveal what those capabilities actually represent in practice.
“Anthropic’s Project Glasswing has generated significant attention—but very little concrete data,” said Patrick Garrity, researcher at VulnCheck, in a blog post. “While Anthropic researchers are actively contributing to vulnerability discovery and appear to be promising, the publicly attributable impact of Glasswing itself remains limited so far.”
Anthropic did not immediately respond to CSO’s request for comments.
Only one CVE is attributable to Glasswing
VulnCheck’s analysis of Project Glasswing drills into the numbers behind the claims by looking into public CVE attribution. “I started by re-reading the Glasswing report and the advisories published at red.anthropic.com,” Garrity said. “Neither source provides a comprehensive CVE list of vulnerabilities discovered by Anthropic. So I decided to search the full CVE record database, and searched every CVE record containing the term “anthropic” and reviewed each one.”
Garrity identified 75 CVE records that mention Anthropic. But only 40 of those were actually credited to Anthropic researchers, with the rest tied to affected products or unrelated references. Of those 40, 10 originated from external collaboration programs, such as Calif.io’s MADBugs initiatives.
The 40 CVEs attributed to Anthropic researchers span multiple products, including 28 affecting Firefox, nine tied to wolfSSL, and one each impacting NGINX Plus, FreeBSD, and OpenSSL.
When narrowed down further, the number that mattered the most showed up. Only one CVE is explicitly attributed to Project Glasswing itself, CVE-2026-4747. This is a FreeBSD NFS remote code execution (RCE) flaw described as autonomously identified and exploited.
Garrity did not include the three vulnerabilities without CVE numbers mentioned on the Glasswing page. These include a 27-year-old OpenBSD flaw, a 16-year-old FFmpeg bug, and Linux kernel privilege escalation chains, all under embargo pending patches.
Why is Glasswing still a big deal
VulnCheck’s findings reframe Glasswing’s capabilities. The limited number of directly attributable CVEs is just one way of measuring its impact. Industry observers are interpreting Mythos much differently.
Melissa Bischoping, a SANS Technology Institute board member and senior Director of security and product research at Tanium, thinks Mythos potential lies elsewhere. According to a breakdown of the Claude Mythos Preview System Card, which Bischoping and her colleagues at Tanium reviewed, the model achieved an unseen exploit success rate. “Jumping from near-zero success to ~72% on the same class of targets suggests exploit development is no longer a high-skill, high-effort bottleneck,“ she said, adding that it’s only a matter of time before every other model catches up.
While Mythos is being regulated under Glasswing, it has already shown the world what is possible. “The gap between frontier models and open-weight models has compressed from more than a year to a matter of weeks, which means this level of capability is poised to spread rapidly, likely without the same safety guardrails,” Bischoping noted.
Bischoping is also concerned about whether organizations can act on what Mythos finds before Mythos is out in the wild. “Agentic patch workflows are possible and can match pace with adversarial AI in a lot of cases, but org politics and change control don’t run at the speed of AI today.”
The full picture about the model’s true capability won’t be known before July 2026, when Anthropic will make a full public accounting of what Glasswing found and fixed, Garrity said.