Anthropic's Claude Mythos CVE count remains unclear as Project Glasswing participants stay silent

One week after Anthropic announced Project Glasswing, the number of vulnerabilities discovered by its Claude Mythos model remains largely unknown. According to VulnCheck researcher Patrick Garrity, the actual CVE count is "maybe 40, or maybe none at all."

What we know about Project Glasswing

Anthropic announced Claude Mythos Preview on April 7, 2026, claiming the model can find and develop exploits for zero-day vulnerabilities "in every major operating system and every major web browser." Rather than releasing the model publicly, Anthropic launched Project Glasswing, allowing approximately 50 selected organizations to test the model on their own products.

Confirmed participants include Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, Nvidia, Palo Alto Networks, and Intel.

The CVE database search

Garrity searched the CVE database—which contains over 327,000 records—for any entries containing "Anthropic" from February 2026 onward. His findings:

• 75 total CVE records mentioning Anthropic
• 35 CVEs affect Anthropic's own tools (Claude Code, MCP Inspector, third-party integrations)—not Glasswing discoveries
• 40 CVEs credited to Anthropic or Anthropic-affiliated researchers—potentially Glasswing finds, but unconfirmed

The 40 potential Glasswing CVEs break down as:

• 28 CVEs in Mozilla Firefox
• 9 CVEs in wolfSSL embedded SSL/TLS library
• 1 CVE in F5's NGINX Plus
• 1 CVE in FreeBSD (CVE-2026-4747)
• 1 CVE in OpenSSL

Only one confirmed Glasswing CVE

CVE-2026-4747, a remote code execution bug in FreeBSD, is the only publicly disclosed vulnerability directly tied to Project Glasswing. The CVE record credits "Nicholas Carlini using Claude, Anthropic." According to Anthropic's blog, "Mythos Preview fully autonomously identified and then exploited a 17-year-old remote code execution vulnerability in FreeBSD that allows anyone to gain root on a machine running NFS."

Anthropic has also claimed Mythos Preview found:

• A now-patched 27-year-old bug in OpenBSD (no CVE assigned)
• A 16-year-old FFmpeg bug (no CVE assigned)
• Linux kernel privilege escalation chains (no CVE assigned)

None of these have been assigned CVE identifiers.

Transparency concerns

Garrity noted that the three distinct credit attributions in the database—Anthropic research team, Nicholas Carlini individually, and Calif.io (running "MADBugs" program)—make it difficult to determine which vulnerabilities are actually Glasswing discoveries.

"The full picture won't be known until public disclosure takes place and Anthropic has indicated a public summary report is expected around July 2026," Garrity wrote. He suggested Anthropic create a dedicated security advisory page for consistent vulnerability disclosure.

What this means

Anthropic made bold claims about Claude Mythos's vulnerability discovery capabilities, stating it would "cause mass chaos and break the internet" if released publicly. However, one week into Project Glasswing, the actual impact remains unverifiable. With only one confirmed CVE directly linked to the program and a promised public report not expected until July 2026, the industry lacks concrete data to evaluate whether Claude Mythos represents a genuine breakthrough in automated vulnerability discovery or primarily generates marketing value through secrecy.