AI Bug Hunting Hits Hard: Claude Mythos Causes a 3.5× Surge in High-Risk Vulnerability Reports

Epoch AI’s latest report shows that in June 2026, the number of high-risk and critical vulnerability reports across the industry reached about 1,500—more than 3.5 times the previous monthly record—with the source traced to Anthropic’s April release of the Claude Mythos Preview model. This yet-unreleased Tier 4 model is reshaping the time scale of cyber offense and defense.
Epoch AI’s monthly report released yesterday hides a number that made the entire cybersecurity industry uncomfortable: in June 2026, a total of 21 organizations worldwide reported around 1,500 “high‑severity” and “critical” vulnerabilities — more than 3.5 times the previous record‑high month.
This surge began curving upward in April, almost perfectly coinciding with Anthropic’s April 7 announcement — Claude Mythos Preview. Since then, Anthropic’s Project Glasswing claims Mythos has unearthed more than 10,000 high‑ or critical‑severity vulnerabilities, many of which remain undisclosed.
In other words, what we’re seeing now is only the tip of the wave. The real swell is still beneath the surface.

A model that was never publicly released has dragged the entire industry into a new era
First, some context for that April event: Mythos Preview is Anthropic’s most powerful frontier model to date, performing far beyond Claude Opus 4.6 and internally classified at its self‑described “Copybara Layer 4” — a level above Haiku, Sonnet, and Opus. On the CyberGym benchmark Mythos scores 83.1%, while Opus 4.6 scores 66.6% — not a tuned marginal gain but a step‑change leap.
Yet Anthropic did something counter‑intuitive: it refused to release it.
The reason is simple — it’s too dangerous. Mythos can autonomously discover zero‑days, write working exploits, and chain three to five independent flaws into a full privilege‑escalation route from user to root, entirely without human oversight. Anthropic officially cited three illustrative cases:
- A 27‑year‑hidden flaw in OpenBSD. This firewall‑grade OS is widely regarded as the most secure in its class. Mythos discovered a remote‑crash bug — a specially crafted packet could take the machine down.
- A one‑line bug in FFmpeg from 16 years ago. Automated fuzzing had hammered it five million times without a hit; Mythos found it.
- Several Linux‑kernel flaws chained automatically into a complete local privilege‑escalation path.
Taken together, the question is no longer whether AI can find vulnerabilities — that was a DARPA AIxCC‑era question. The new question is: at what cost and speed can AI find them?
Measured data from NSFOCUS offers a vivid ratio: a tens‑of‑millions‑of‑lines codebase that once took expert analysts months now takes Mythos only hours at a cost under USD 20 K; identifying a single vulnerability completes within minutes for under USD 50.
USD 50 per high‑severity vulnerability. That price detonates the economics of the vulnerability market.
Where the 3.5× came from
Back to Epoch AI’s report. What’s notable about the 3.5× figure is that it doesn’t come solely from Mythos itself — Mythos access is tightly controlled: only the 12 founding Glasswing partners (AWS, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, J.P. Morgan, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks) plus about 40 critical‑infrastructure organizations can use it.
The 3.5× is a “radiation effect.”
1. First layer: Glasswing partners used Mythos to scan their own systems; discoveries entered the CVE database via responsible disclosure — large but manageable.
2. Second layer: at the same time, other model vendors followed suit — Axios reported OpenAI was preparing an “advanced‑cybersecurity” product for select partners. The industry had started to move.
3. Third and fastest layer: independent researchers used publicly available models (Opus 4.6, GPT‑5, DeepSeek, etc.) to scan open‑source projects on GitHub. Mythos’ methodologies — multi‑turn context management, skill accumulation, agent orchestration — were rapidly absorbed; even weaker models could produce quantity if pipeline engineering was done right.
The result: a collective eruption in vulnerability disclosures.
Signs that the ecosystem is overstretched
The upstream yield has exploded, but downstream simply can’t keep up — and that’s the real problem.
The clearest signal: HackerOne in April announced a suspension of the Internet Bug Bounty (IBB) program, promptly followed by Node.js dropping its bug‑bounty payouts. Their stated reason is blunt: remediation capacity has fallen far behind discovery rate. AI‑generated vulnerability reports have flooded maintainers; valid submission rates dropped from 15% to 5%.
Translation: a deluge of AI‑generated reports — plausible‑looking yet often false or trivial — is consuming open‑source maintainers’ time, while truly valuable findings are harder to triage.
Anthropic has recognized this, donating USD 2.5 million to the Linux Foundation’s Alpha‑Omega and OpenSSF projects, and USD 1.5 million to the Apache Foundation, hoping to prop up the downstream ecosystem. But for global open source, a few million barely scratches the surface.
A deeper structural issue is the collapse of the vulnerability weaponization window:
- Traditional flow: discovery → exploitation = weeks to months.
- Mythos era: Mythos can autonomously chain 3–5 bugs into a multi‑stage attack sequence — from initial access to domain admin in hours — while defenders still patch on day‑ or week‑scale cycles.
Dan Schiappa (formerly Sophos, now CrowdStrike) summed it up: the discovery‑to‑weaponization gap is shrinking to “the cost of a prompt.” The volume defenders must audit and fix will expand massively.
The two sides of offensive–defensive asymmetry
A hard truth: Models like Mythos are inherently asymmetric.
Attackers need only one working vulnerability. Defenders must block them all. Among Mythos’s 10 K plus high‑risk findings, Glasswing’s internal processing speed defines how long those flaws remain “transparent.” Once disclosed or leaked to others with Mythos‑level capabilities, attackers worldwide will enjoy a lavish buffet.
Anthropic admits in its own papers that Mythos‑class capability propagation “should be measured in months, not years.”
Hence U.S. Treasury Secretary Bessent and Fed Chair Powell rushed on April 7 to convene Citibank, Morgan Stanley, Bank of America, Wells Fargo, and Goldman Sachs. The Bank of England, FCA, and Treasury held parallel emergency talks with the NCSC and major financial institutions. These moves weren’t alarmism — if Mythos‑class power falls into nation‑state hands, financial infrastructure would be first in line.
IMF chief Kristalina Georgieva told CBS flatly: the global monetary system is not ready for the pace of AI risk escalation. No diplomatic spin — just truth.

What this means for developers
As a developer, over the three months since April you’ve likely noticed a few things:
Your CI/CD pipeline needs redesigning. Traditional SAST/DAST tools are kindergarten‑level against Mythos‑class AI. NSFOCUS recommends moving security extremely left — embed AI security agents into GitHub Actions or GitLab CI/CD, require AI audits for every PR, and block merges on “must‑fix” findings.
Dependency‑chain risk is growing exponentially. Long‑dormant dependencies — especially ancient C/C++ libraries — may hide flaws that a Mythos‑class model could excavate in minutes. SBOM (Software Bill of Materials) has moved from compliance checkbox to survival requirement.
AI‑generated code demands AI‑speed review. Futurum Group states plainly: AI‑written code must undergo adversarial audits at the same velocity it is produced. Only AI‑native AppSec tools embedded in the workflow can bridge that gap; manual reviews can’t keep up.
Re‑examine permission models and micro‑segmentation. If you assume vulnerabilities will be AI‑discovered quickly, defense must shift from “patch everything” to “limit blast radius post‑exploit.” Fine‑grained network segmentation, strict auth, and full logging ensure that even if Mythos finds a zero‑day on a peripheral service, lateral movement is slowed.
For those experimenting with Claude series models in security, Mythos Preview itself is restricted, but Claude Opus 4.6 and Sonnet remain first‑tier for code audit and CTF tasks — NSFOCUS measured Opus 4.6 at 79% flag success (44/56) on expert CTFs. Through OpenAI Hub, one API key can reach Claude, GPT, Gemini, and DeepSeek models in OpenAI‑compatible format with straightforward domestic access and low integration cost.
A rarely discussed problem: the vulnerability‑disclosure mechanism itself
A cooler angle: the existing disclosure system was built for human speed.
CVE assignment, CVSS scoring, CISA’s KEV catalog, vendors’ 90‑day windows — these assume vulnerability discovery is scarce and needs a ceremonial process.
When Mythos digs up ten thousand critical flaws overnight, that machinery freezes. Who scores them? Who verifies PoCs? Are there enough CVE IDs? Do maintainers even have time to respond? — no on all counts.
Anthropic’s stopgap is “encrypted‑hash submission”: for unpatched bugs, publish an encrypted hash placeholder and reveal details after a fix. Pragmatic, but illustrates how current systems are being overrun by AI‑level output.
Looking further ahead: if vulnerability discovery becomes as cheap as running unit tests, the concept of the “vulnerability” itself may need redefinition. Should every crash‑triggering input warrant a CVE? Should anything below CVSS 8.5 even count? The industry has no answers yet.
Epilogue
Senator Mark Warner summed it up well: AI has dramatically accelerated vulnerability discovery, and the industry must equally accelerate and re‑prioritize patch management.
From April to June alone, Epoch logged a 3.5× surge in reports. Expect July and August to go higher — Glasswing has only just hit its 90‑day reporting mark, other vendors are closing the gap, and the methods are still spreading.
Mythos was never formally released, yet it has already pushed AI‑era cybersecurity into a new normal: the speed of discovery, patching, and exploitation has all been reset by AI. Whoever adapts to this new timescale first will survive.
References
- ITHome: Boosted by Anthropic’s most powerful bug‑hunter AI, Epoch reports June’s high‑severity vulnerability count at 3.5 times the previous record — Core data source: Epoch AI monthly report analysis



