- Anthropic reported that Mythos Preview discovered more than 10,000 high and critical severity vulnerabilities in less than two months, with Cloudflare alone finding 2,000 bugs.
- Independent validation confirmed that 90% of the findings evaluated are real, although critics argue that the advance may be due to massive workflows and computation rather than single reasoning.
- The bottleneck has shifted from discovery to verification, disclosure and patching, as AI now discovers vulnerabilities faster than organizations can remediate them.
In less than two months, Anthropic and its friends apparently discovered more than ten thousand critical and high-level security vulnerabilities using the famous Mythos Preview artificial intelligence tool.
In a brief update on the status of the project, published late last week, Anthropic said that since the tool’s release, approximately 50 organizations that have used it have found “hundreds” of vulnerabilities.
“Several have told us that their error detection rate has increased more than tenfold,” the company said. “For example, Cloudflare has found 2,000 bugs (400 of which are high severity or critical) in its critical path systems, with a false positive rate that the Cloudflare team considers better than that of human testers.”
Anthropic explained that sharing details about vulnerabilities is typically done with a 90-day delay, to give users enough time to patch and not put anyone at risk of being compromised. Therefore, he only shared general “illustrative examples” to demonstrate, once again, how powerful the tool is.
In this sense, Mythos found an estimated 6,202 vulnerabilities of high or critical severity in these projects (out of a total of 23,019, including those it estimates as medium or low severity).
Skepticism persists
Of those, 1,752 have been evaluated by independent security researchers, and 90% were confirmed as valid positive, while 62.4% were confirmed as high or critical severity.
But while the overall reaction to Mythos Preview has been extremely positive, there are voices saying that the hype may also be overblown. Technical magazine analysisFor example, he argues that AI-assisted vulnerability discovery already existed through systems like Google’s Big Sleep, and that the real challenge remains human operational security.
A recent academic article, “Comparative evaluation of the rediscovery of errors linked to myths”, found that, under controlled conditions, public frontier models like GPT-5.5 were able to rediscover some of the same vulnerabilities attributed to Mythos, and in redditdifferent communities have been even more skeptical. The key conclusion seems to be that Mythos may simply be using enormous amounts of computing and long-running agent workflows rather than possessing qualitatively different reasoning capabilities.
In any case, Anthropic now says that progress on software vulnerability is no longer limited by the speed of discovery, but by the speed of verification, disclosure and patching.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
