Anthropic finds 10,000 code bugs

Anthropic said on May 22 that Claude Security entered public beta for Claude Enterprise customers, adding automated code-repository scanning and proposed fixes through Claude Opus 4.7. In a separate May 22 research update, the company said its Project Glasswing cybersecurity initiative had identified more than 10,000 high- or critical-severity vulnerabilities across widely used software. Those figures gave the company’s security push a concrete benchmark as outside reports also circulated about brief references to “claude-mythos-1-preview” appearing inside Claude Code and Claude Security. TechTimes reported on May 24 that the 10,000-vulnerability figure surfaced as Anthropic moved closer to a wider Mythos release, citing the company’s early defensive-security testing. Anthropic’s own materials publicly describe Claude Mythos Preview as its most capable frontier model to date, but the company has not announced a general release for that model. The company’s official May 22 updates focused instead on Claude Security and Project Glasswing. ### Where did the 10,000-bug number come from? Anthropic said on May 22 that Project Glasswing had found “more than 10,000 high- or critical-severity vulnerabilities” across widely used software through controlled defensive workflows. The company said roughly 50 partner organizations were deploying Claude Mythos Preview in those workflows, according to reporting that cited the update. Anthropic also said in its May 22 Glasswing update that Claude Opus 4.7 had been used to patch more than 2,100 vulnerabilities in the three weeks since Claude Security launched. (claude.com) The company wrote that the bottleneck in software security was shifting from finding flaws to verifying, disclosing and patching them. ### What exactly is Claude Security doing in this rollout? Claude said in its public-beta announcement that Claude Security lets Enterprise customers scan codebases for vulnerabilities and generate proposed fixes with Opus 4.7. (anthropic.com) Anthropic said customers could use the tool on the Claude Platform or through technology and services partners building with Claude. Infosecurity Magazine reported that the product, previously called Claude Code Security, includes scheduled and targeted scans, audit-system integrations and tracking for triaged findings. (anthropic.com) Anthropic said no custom agent build or API integration was required to start scanning. ### What is known about “claude-mythos-1-preview”? NewsBytes and other outlets reported on May 24 that users had briefly seen references to “claude-mythos-1-preview” in Claude Code shortly after Anthropic said it was not planning a broad public release of Mythos in the near term. (claude.com) Those reports described the references as transient and tied them to developer tooling rather than a formal product launch. (infosecurity-magazine.com) Anthropic’s publicly available Mythos Preview system card shows the model exists and is being evaluated as a cybersecurity-focused frontier system. The document says Mythos Preview outperformed Claude Opus 4.6 on several benchmarks, but Anthropic’s official news page did not list a public launch for Mythos as of May 25. ### Why are security teams paying attention to the Firefox example? TechTimes reported that Mozilla found and fixed 271 vulnerabilities in Firefox 150, compared with a much smaller number in Firefox 148 using an earlier Claude model. (newsbytesapp.com) The report cited Anthropic’s claim that Mythos Preview produced a lower false-positive rate than conventional human-led testing. (www-cdn.anthropic.com) Anthropic has not published a separate standalone Firefox case study in the sources reviewed here, but the company’s May 22 Glasswing update and Mythos materials frame the work as defensive testing with human validation and disclosure steps for the most serious findings. ### What happens next in this story? May 22 remains the key date in Anthropic’s official record, because that is when the company published both the Claude Security public-beta announcement and the initial Project Glasswing update. (techtimes.com) Any broader Mythos release would most likely appear first through Anthropic’s news page, system cards or transparency materials, which already host the current Claude Security, Glasswing and Mythos Preview documents. (claude.com) (anthropic.com)