Become a TechRadar Insider
- Anthropic reported Mythos Preview uncovered over 10,000 high‑ and critical‑severity vulnerabilities in under two months, with Cloudflare alone finding 2,000 bugs
- Independent validation confirmed 90% of assessed findings as real, though critics argue the breakthrough may stem from massive compute and workflows rather than unique reasoning
- The bottleneck has shifted from discovery to verification, disclosure, and patching, as AI now surfaces vulnerabilities faster than organizations can remediate them
In less than two months, Anthropic and friends have apparently discovered more than ten thousand critical and high-level security vulnerabilities using the famed Mythos Preview artificial intelligence tool.
In a brief update on the state of the project, published late last week, Anthropic said that since the release of the tool, roughly 50 organizations that got to use it each found “hundreds” of vulnerabilities.
“Several have told us that their rate of bug-finding has increased by more than a factor of ten,” the company said. “For instance, Cloudflare has found 2,000 bugs (400 of which are high- or critical-severity) across their critical-path systems, with a false positive rate that Cloudflare’s team considers better than human testers.”
Anthropic explained that sharing details on vulnerabilities is usually done with a 90-day delay, to give users enough time to patch and to not put anyone at risk of compromise. Therefore, it only shared general, “illustrative examples” to prove, once again, just how powerful the tool is.
With that in mind, it said that Mythos found an estimate of 6,202 high- or critical-severity vulnerabilities in these projects (out of 23,019 in total, including those it estimates as medium- or low-severity).
Skepticism lingers
Of those, 1,752 have been assessed by independent security researchers, and 90% were confirmed as valid positives, while 62.4% were confirmed as either high- or critical-severity.
But while the overall reaction to Mythos Preview has been extremely positive, there are voices saying the hype may be overstated, as well. Techzine analysis, for example, argues that AI-assisted vulnerability discovery already existed through systems like Google’s Big Sleep, and that the real challenge is still human operational security.
A recent academic paper, “Benchmarking Mythos-Linked Bug Rediscovery,” found that under controlled conditions, public frontier models like GPT-5.5 were able to rediscover some of the same vulnerabilities attributed to Mythos, and on Reddit, different communities have been even more skeptical. The key takeaway seems to be that Mythos may simply be using enormous amounts of compute and long-running agentic workflows rather than possessing qualitatively different reasoning abilities.
In any case, Anthropic now says that progress on software vulnerability is no longer limited by the speed of discovery, but rather by the speed of verification, disclosure, and patching.
➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.