cross-posted from: https://piefed.world/c/tech/p/1240674/disclosure-of-serious-cyber-vulnerabilities-spiked-around-the-release-of-claude-mythos-p

Severe cybersecurity vulnerability disclosures (CVEs) spiked in 2026. In June, notable organizations published around 1,500 high- and critical-severity CVEs — more than 3.5× the monthly record prior to Mythos’ release.

The spike follows Anthropic’s April announcement that Claude Mythos Preview could autonomously discover software vulnerabilities, and that the company’s Project Glasswing partners — including Microsoft, Google, Apple, and AWS — had been using it to find and fix bugs ahead of the model’s public release. Since its commencement, Project Glasswing claims to have found over 10,000 high- or critical-severity vulnerabilities, many of which have yet to be individually disclosed. Similar efforts have been undertaken by OpenAI with their Daybreak product.

Data: Monthly high- and critical-severity CVEs from 21 notable organizations in CSV format.

Source: Epoch AI.