# Anthropic's Mythos finds 6,202 critical software flaws > Anthropic says Claude Mythos found 6,202 critical open-source flaws, 90.6% validated. *AI vulnerability-hunting, with independent receipts. The brief.* By The FeaturedDaily Desk · FeaturedDaily Canonical: https://featureddaily.com/news/anthropic-mythos-glasswing-brief > **Key:** **The one-liner:** Anthropic's restricted bug-hunting AI found thousands of real, serious flaws — and proved that the hard part is now fixing them, not finding them. **What happened.** In a 26 May update on **Project Glasswing**, Anthropic said **Claude Mythos** scanned 1,000 open-source projects and found **6,202 high/critical vulnerabilities** (of 23,019 findings). Six independent firms validated **90.6%** as real — unusually strong corroboration for a capability claim. **Who has it.** About 50 vetted partners (AWS, Apple, Google, Microsoft, NVIDIA, JPMorgan and others) for defensive work; partner bug-finding reportedly rose more than tenfold. Mythos itself remains restricted. > **Note:** **The catch.** Anthropic says patching is now the bottleneck — maintainers can't keep up. It committed $100m in model credits and support via OpenSSF's Alpha-Omega to help close the gap. ## Key takeaways - Found: 6,202 high/critical vulnerabilities (of 23,019 findings) across 1,000 open-source projects. - Validated: six independent firms judged 90.6% of findings to be real. - Access: restricted to ~50 vetted partners (AWS, Apple, Google, NVIDIA, JPMorgan) — not public. - Bottleneck: maintainers can't patch fast enough; Anthropic pledged $100m in credits + OpenSSF support. ## FAQ ### What did Mythos actually find? 6,202 high- or critical-severity vulnerabilities (of 23,019 total findings) across 1,000 open-source projects, with 90.6% validated as real by six independent firms — including a flaw in the widely used wolfSSL library, since patched. ### Is this tool public? No — Mythos Preview is restricted to about 50 vetted defensive partners. Anthropic says wider access will come only after stronger safeguards, given the offensive risk of the same capability.