Anthropic's Project Glasswing — a controlled preview program letting ~50 industry partners use its Claude Mythos model to find security vulnerabilities — has produced an unclear CVE track record. VulnCheck researcher Patrick Garrity searched the CVE database and found only 40 records potentially linked to Anthropic researchers, with just one CVE (CVE-2026-4747, a FreeBSD RCE) directly tied to Glasswing. The remaining bugs — including a 27-year-old OpenBSD flaw, a 16-year-old FFmpeg bug, and Linux kernel privilege escalation chains — have not yet received CVE assignments. A full public summary from Anthropic is expected around July 2026, and Garrity recommends Anthropic create a dedicated security advisory page for transparency.
Sort: