Glean 拾遗
Daily /2026-07-14 / High-Severity CVEs Spike 3.5x After Claude Mythos Release

High-Severity CVEs Spike 3.5x After Claude Mythos Release

Source epoch.ai Glean’d 2026-07-14 06:01 Read 2 min
AI summary

In April 2026, Anthropic announced that Claude Mythos Preview could autonomously discover software vulnerabilities. Since then, Project Glasswing partners including Microsoft, Google, Apple, and AWS have used it to find and fix over 10,000 high- or critical-severity bugs. Data from Epoch shows that the number of such CVEs disclosed by 21 notable organizations surged to ~1,500 in June 2026 — more than 3.5x the previous monthly record before Mythos. OpenAI's Daybreak product has pursued similar efforts. The spike reflects both proactive patching and an overall increase in vulnerability discovery driven by frontier models, raising important questions for security researchers, AI safety policy makers, and open-source maintainers.

Original · 2 min
epoch.ai ↗
§ 1

Severe cybersecurity vulnerability disclosures (CVEs) spiked in 2026. In June, notable organizations published around 1,500 high- and critical-severity CVEs — more than 3.5× the monthly record prior to Mythos’ release.

2026年,严重网络安全漏洞披露(CVE)数量激增。6月,知名组织发布了约1500个高严重性和关键严重性CVE——比Mythos发布前的月记录高出3.5倍以上。

§ 2

The spike follows Anthropic’s April announcement that Claude Mythos Preview could autonomously discover software vulnerabilities, and that the company’s Project Glasswing partners — including Microsoft, Google, Apple, and AWS — had been using it to find and fix bugs ahead of the model’s public release. Since its commencement, Project Glasswing claims to have found over 10,000 high- or critical-severity vulnerabilities, many of which have yet to be individually disclosed. Similar efforts have been undertaken by OpenAI with their Daybreak product.

这一激增发生在Anthropic 4月发布声明之后:Claude Mythos Preview能够自主发现软件漏洞,其Project Glasswing合作伙伴——包括Microsoft、Google、Apple和AWS——在该模型公开发布前就已用它来查找和修复缺陷。自启动以来,Project Glasswing声称已发现超过1万个高或关键严重性漏洞,其中许多尚未单独披露。OpenAI也通过其Daybreak产品进行了类似努力。

§ 3

Epoch's work is free to use, distribute, and reproduce provided the source and authors are credited under the Creative Commons BY license.

Learn more about this graph

In April 2026, Anthropic announced that its latest internal model (Claude Mythos Preview) was capable of autonomous cybersecurity vulnerability discovery and exploitation. Since then, both Anthropic and OpenAI have launched efforts to use frontier models to harden critical software before malicious actors are able to use the same models for harm.

We show that the number of Common Vulnerabilities and Exposures (CVEs) jumped significantly following these announcements. Compared to the previous monthly record before the Mythos Preview announcement, the number of high- and critical-severity vulnerabilities increased more than 3.5x in June.

Data

Assumptions and limitations

Download this data

Monthly high- and critical-severity CVEs from 21 notable organizations

CSV, Updated Jul. 2, 2026

Epoch的研究成果在遵守Creative Commons BY许可协议、注明来源和作者的前提下,可自由使用、分发和复制。

了解更多关于此图表的信息

2026年4月,Anthropic宣布其最新内部模型(Claude Mythos Preview)能够自主进行网络安全漏洞的发现和利用。此后,Anthropic和OpenAI都启动了相关工作,旨在用前沿模型加固关键软件,以防恶意行为者利用同类模型造成危害。

我们展示的数据表明,在这些声明发布后,通用漏洞披露(CVE)的数量显著跃升。与Mythos Preview发布前的月记录相比,6月份高和关键严重性漏洞的数量增长了3.5倍以上。

数据

假设与限制

下载此数据

来自21个知名组织的月度高和关键严重性CVE

CSV格式,更新于2026年7月2日

Open source ↗