`Project Glasswing` reports 10k+ severe vulnerabilities found with `Mythos Preview`

AI-assisted security work has moved from finding bugs to verifying and patching them. Dependency risk will rise before fixes land, so watch critical packages closely.

• —About 50 partners used Claude Mythos Preview to find 10k+ high or critical vulnerabilities across core software.
• —Cloudflare found 2,000 bugs, including 400 high or critical, with a false-positive rate it judged better than human testers.
• —Disclosure lags discovery by 90 days, or about 45 days after patches. Public CVEs will trail model capability.
• —The practical bottleneck is now triage, disclosure, and patch rollout. Automated scans alone are not enough without update discipline.