Skip to content
HN On Hacker News ↗

Disclosed CVEs: 3.5× Spike After Claude Mythos

▲ 156 points 73 comments by cubefox 4d ago HN discussion ↗

Pangram verdict · v3.3

We believe that this document is fully human-written

1 %

AI likelihood · overall

Human
100% human-written 0% AI-generated
SEGMENTS · HUMAN 1 of 1
SEGMENTS · AI 0 of 1
WORD COUNT 248
PEAK AI % 1% · §1
Analyzed
Jul 4
backend: pangram/v3.3
Segments scanned
1 windows
avg 248 words each
Distribution
100 / 0%
human / AI fraction
Verdict
Human
Pangram v3.3

Article text · 248 words · 1 segments analyzed

Human AI-generated
§1 Human · 1%

Severe cybersecurity vulnerability disclosures (CVEs) spiked in 2026. In June, notable organizations published around 1,500 high- and critical-severity CVEs — more than 3.5× the monthly record prior to Mythos’ release. The spike follows Anthropic’s April announcement that Claude Mythos Preview could autonomously discover software vulnerabilities, and that the company’s Project Glasswing partners — including Microsoft, Google, Apple, and AWS — had been using it to find and fix bugs ahead of the model’s public release. Since its commencement, Project Glasswing claims to have found over 10,000 high- or critical-severity vulnerabilities, many of which have yet to be individually disclosed. Similar efforts have been undertaken by OpenAI with their Daybreak product. Epoch's work is free to use, distribute, and reproduce provided the source and authors are credited under the Creative Commons BY license. Learn more about this graph In April 2026, Anthropic announced that its latest internal model (Claude Mythos Preview) was capable of autonomous cybersecurity vulnerability discovery and exploitation. Since then, both Anthropic and OpenAI have launched efforts to use frontier models to harden critical software before malicious actors are able to use the same models for harm. We show that the number of Common Vulnerabilities and Exposures (CVEs) jumped significantly following these announcements. Compared to the previous monthly record before the Mythos Preview announcement, the number of high- and critical-severity vulnerabilities increased more than 3.5x in June. Data

Assumptions and limitations

Download this data Monthly high- and critical-severity CVEs from 21 notable organizationsCSV, Updated Jul. 2, 2026