The Model Anthropic Won't Release Just Found 10,000 Vulnerabilities in Critical Infrastructure. The 6-Month Warning Is the Story.

In two months, Claude Mythos Preview surfaced more than 10,000 high- or critical-severity vulnerabilities. Not from a curated test corpus — from real operating systems, browsers, and production software that hundreds of millions of people depend on every day. Anthropic's June 2 expansion of Project Glasswing extends access to 150 new organizations across more than 15 countries: power grids, water systems, hospital networks, telecommunications infrastructure, and hardware manufacturers. A successful attack on most of these new partners, Anthropic said explicitly, would affect more than 100 million people. That context explains the access structure: Claude Mythos Preview is not available via API or any commercial tier. It exists in a controlled loop, running defensive security operations for a few hundred organizations globally, under security requirements that each must meet before access is granted.

The technical claim underneath this is significant. Anthropic describes Mythos Preview as a general-purpose frontier model that has crossed a threshold: it can surpass all but the most skilled human security researchers at finding and exploiting software vulnerabilities. The word "exploiting" is doing real work in that sentence. A model that can find vulnerabilities at this rate and quality also describes the capability profile of a model that could be directed to use them. The dual-use problem in AI cybersecurity isn't theoretical — Mythos is its first concrete expression at frontier quality. Anthropic's controlled deployment is an acknowledgment of that asymmetry: the access framework is a bet that defensive use at sufficient scale buys enough runway before the capability diffuses to actors outside the controlled program.

The 6 to 12 month warning is the most precise sentence in the announcement. Anthropic said directly: within that window, they expect other AI labs to develop Mythos-class models — and some could release them without the safeguards Anthropic has built into Glasswing. That isn't a cautionary note buried in a policy document. It's an operational forecast from the organization that built the capability, embedded in the press release announcing its controlled expansion. When a frontier AI lab publicly estimates that its most sensitive capability will diffuse to competitors in under a year, the current access framework isn't a permanent architecture. It's a grace period — specific, bounded, and already counting down.

For security-adjacent investors, the implication is structural. Cybersecurity is one of the few enterprise verticals where AI capability creates a genuine first-mover advantage for the defense. An organization that deploys Mythos-class vulnerability detection across its infrastructure before competitors have equivalent access closes attack surface at a rate human red teams cannot match. The asymmetry matters: AI-powered defense can systematically patch vulnerabilities faster than adversaries operating on current-generation manual tools can discover and exploit them. That window is measured in months, not years — and it closes from both ends simultaneously as the capability spreads.

The 10,000 vulnerabilities number will grow every month Glasswing runs. But the number worth tracking isn't how many Mythos finds. It's how many get patched before the labs Anthropic cannot govern build equivalent capability and deploy it without access controls. Anthropic has set the clock themselves. The question is whether 150 organizations in 15 countries is enough defenders to change the structural math of what gets attacked versus what gets protected — before the countdown expires.