Anthropic Claude Mythos: CVE reports surge to 1,500 in June 2026
Epoch AI's chart shows 21 organizations disclosed about 1,500 high-severity CVEs in June 2026 after Anthropic's April Claude Mythos Preview.
TL;DR
- 01Epoch AI's chart shows 21 organizations disclosed about 1,500 high-severity CVEs in June 2026 after Anthropic's April Claude Mythos Preview.
- 02The jump began in April 2026 and aligns with the release of Anthropic's Claude Mythos Preview.
- 03The peak in June 2026 was large and abrupt: 21 organizations disclosed about 1,500 high-severity and critical CVEs, over 3.5 times the prior monthly record.
Epoch AI's chart shows security vulnerability reports exploded in June 2026, when 21 organizations reported about 1,500 high-severity and critical vulnerabilities (CVEs), more than 3.5 times the previous monthly record. The jump began in April 2026 and aligns with the release of Anthropic's Claude Mythos Preview.
How big was the spike in reported CVEs?
The peak in June 2026 was large and abrupt: 21 organizations disclosed about 1,500 high-severity and critical CVEs, over 3.5 times the prior monthly record. Epoch AI plotted monthly reports and the surge that starts in April 2026 climbs to that June high, making June 2026 an outlier in the dataset.
Those numbers come from Epoch AI's charting of reported vulnerabilities and reflect the category of high-severity and critical CVEs specifically, not all bug reports. The primary metric highlighted is both the count of organizations reporting and the aggregate number of high-severity and critical CVEs they disclosed.
How did AI models contribute to the increase?
AI-driven bug hunting lines up with the timing of the spike: Anthropic announced in April 2026 that its Claude Mythos Preview can "find software vulnerabilities on its own," and Epoch AI ties the rise in disclosure activity to that release. Anthropic also says trusted partners were already using the model to find and fix bugs before its public Preview.
Anthropic's internal efforts are substantial: its "Glasswing" program has reportedly uncovered more than 10,000 high-severity or critical vulnerabilities so far, and some of those discoveries have not yet been published. Epoch AI also notes OpenAI's "Daybreak" program is likely contributing to the wider surge in reported vulnerabilities. The timing and multiple AI programs suggest a wave of AI-driven discoveries, rather than a single-source artifact.
Why does this matter?
A sharp increase in high-severity and critical CVE disclosures changes how companies and security teams prioritize patching and incident response. If AI models are surfacing flaws faster and at greater scale, defenders will need to absorb more triage work and decide which fixes to deploy first. The raw numbers — about 1,500 high-severity and critical CVEs in a single month from 21 organizations — imply a sudden change in the volume of serious issues entering public or vendor disclosure channels.
The pattern also raises questions about disclosure practices and coordination. Anthropic claims partner use and a program that has found more than 10,000 severe vulnerabilities. That magnitude, combined with other AI programs like OpenAI's Daybreak, suggests the bottleneck may shift from discovery to verification, remediation, and public disclosure.
What to watch
Watch monthly CVE tallies and whether Epoch AI's chart shows the June 2026 level sustaining or falling back to prior patterns. Track further statements and data releases from Anthropic about Glasswing's discoveries and publication plans, and whether OpenAI provides more detail about Daybreak's output. A continued high monthly count would confirm AI-driven discovery is producing persistent disclosure volume rather than a transient spike.
- April 2026Claude Mythos Preview announced
Anthropic announced Claude Mythos Preview can find software vulnerabilities on its own; trusted partners were already using the model.
- April 2026Spike begins in Epoch AI chart
Epoch AI's monthly reports show a surge in high-severity and critical vulnerability reports starting in April 2026.
- June 2026Peak month: 21 organizations, ~1,500 CVEs
In June 2026, 21 organizations reported about 1,500 high-severity and critical CVEs, more than 3.5 times the previous monthly record.
- July 3, 2026Glasswing and Daybreak context
Anthropic's Glasswing program has reportedly uncovered more than 10,000 high-severity or critical vulnerabilities so far; OpenAI's Daybreak program is likely adding to the surge.
Written by The Brieftide · Source: The Decoder
The Brieftide Daily · 06:00
Briefs like this one, in your inbox every morning.
Continue reading
More in AI SafetyAgentic Analysis: LLM Pipeline compares ERC-8004 and Google A2A
An LLM-powered pipeline analyzes 4,323 governance participation records across ERC-8004 (permissionless.
Anthropic's Power Play: Leading AI Now to Make It Safer
Anthropic says building dominant AI models and accumulating influence are necessary to steer the technology away from catastrophic risks.
Human-centric AI and firm idiosyncratic risks, 2015–2023
Human-centric AI strategies are associated with lower firm idiosyncratic risk among Chinese listed firms.
OpenAI joins Appia Foundation to build shared AI standards
OpenAI supports evaluation frameworks, safety practices and global cooperation through the Appia Foundation.