AI Safety4 min read

Anthropic Claude Mythos: CVE reports surge to 1,500 in June 2026

Epoch AI's chart shows 21 organizations disclosed about 1,500 high-severity CVEs in June 2026 after Anthropic's April Claude Mythos Preview.

The Brieftide

TL;DR

  • 01Epoch AI's chart shows 21 organizations disclosed about 1,500 high-severity CVEs in June 2026 after Anthropic's April Claude Mythos Preview.
  • 02The jump began in April 2026 and aligns with the release of Anthropic's Claude Mythos Preview.
  • 03The peak in June 2026 was large and abrupt: 21 organizations disclosed about 1,500 high-severity and critical CVEs, over 3.5 times the prior monthly record.

Epoch AI's chart shows security vulnerability reports exploded in June 2026, when 21 organizations reported about 1,500 high-severity and critical vulnerabilities (CVEs), more than 3.5 times the previous monthly record. The jump began in April 2026 and aligns with the release of Anthropic's Claude Mythos Preview.

How big was the spike in reported CVEs?

The peak in June 2026 was large and abrupt: 21 organizations disclosed about 1,500 high-severity and critical CVEs, over 3.5 times the prior monthly record. Epoch AI plotted monthly reports and the surge that starts in April 2026 climbs to that June high, making June 2026 an outlier in the dataset.

Those numbers come from Epoch AI's charting of reported vulnerabilities and reflect the category of high-severity and critical CVEs specifically, not all bug reports. The primary metric highlighted is both the count of organizations reporting and the aggregate number of high-severity and critical CVEs they disclosed.

How did AI models contribute to the increase?

AI-driven bug hunting lines up with the timing of the spike: Anthropic announced in April 2026 that its Claude Mythos Preview can "find software vulnerabilities on its own," and Epoch AI ties the rise in disclosure activity to that release. Anthropic also says trusted partners were already using the model to find and fix bugs before its public Preview.

Anthropic's internal efforts are substantial: its "Glasswing" program has reportedly uncovered more than 10,000 high-severity or critical vulnerabilities so far, and some of those discoveries have not yet been published. Epoch AI also notes OpenAI's "Daybreak" program is likely contributing to the wider surge in reported vulnerabilities. The timing and multiple AI programs suggest a wave of AI-driven discoveries, rather than a single-source artifact.

Why does this matter?

A sharp increase in high-severity and critical CVE disclosures changes how companies and security teams prioritize patching and incident response. If AI models are surfacing flaws faster and at greater scale, defenders will need to absorb more triage work and decide which fixes to deploy first. The raw numbers — about 1,500 high-severity and critical CVEs in a single month from 21 organizations — imply a sudden change in the volume of serious issues entering public or vendor disclosure channels.

The pattern also raises questions about disclosure practices and coordination. Anthropic claims partner use and a program that has found more than 10,000 severe vulnerabilities. That magnitude, combined with other AI programs like OpenAI's Daybreak, suggests the bottleneck may shift from discovery to verification, remediation, and public disclosure.

What to watch

Watch monthly CVE tallies and whether Epoch AI's chart shows the June 2026 level sustaining or falling back to prior patterns. Track further statements and data releases from Anthropic about Glasswing's discoveries and publication plans, and whether OpenAI provides more detail about Daybreak's output. A continued high monthly count would confirm AI-driven discovery is producing persistent disclosure volume rather than a transient spike.

Key dates in the AI-driven CVE surge
  1. April 2026
    Claude Mythos Preview announced

    Anthropic announced Claude Mythos Preview can find software vulnerabilities on its own; trusted partners were already using the model.

  2. April 2026
    Spike begins in Epoch AI chart

    Epoch AI's monthly reports show a surge in high-severity and critical vulnerability reports starting in April 2026.

  3. June 2026
    Peak month: 21 organizations, ~1,500 CVEs

    In June 2026, 21 organizations reported about 1,500 high-severity and critical CVEs, more than 3.5 times the previous monthly record.

  4. July 3, 2026
    Glasswing and Daybreak context

    Anthropic's Glasswing program has reportedly uncovered more than 10,000 high-severity or critical vulnerabilities so far; OpenAI's Daybreak program is likely adding to the surge.

Advertisement

Written by The Brieftide · Source: The Decoder

The Brieftide Daily · 06:00

Briefs like this one, in your inbox every morning.

 

FreeOne email a dayEvery claim sourcedUnsubscribe in one click

Continue reading

More in AI Safety
Advertisement