Verdict: AI models can now find and chain software vulnerabilities at a speed and scale that outpaces traditional security testing. Anthropic's Claude Mythos Preview found thousands of high-severity flaws in its first months, and Palo Alto Networks' Unit 42 reported finding 26 CVEs in roughly three weeks with Mythos-class access versus a typical monthly volume of fewer than five. The US government suspended Anthropic's Fable 5 and Mythos 5 over national-security concerns on June 12, 2026. For most businesses, the practical takeaway is simpler than the headlines: patch faster, reduce exposed attack surface, and treat identity as the new perimeter.
Last verified: 2026-06-17 · Core trend: AI is compressing the vulnerability-discovery timeline from weeks to hours · Bottom line: fundamentals matter more than ever
⚠️ Volatile facts: Model availability, government directives, and vulnerability counts change quickly. Check primary sources before acting on pricing, access, or patch status.
What just happened: AI vulnerability discovery at machine speed
In April 2026, Anthropic announced Project Glasswing, a defensive cybersecurity initiative built around a restricted frontier model called Claude Mythos Preview. The model is not publicly available. Anthropic gave controlled access to roughly 50 launch partners—including Palo Alto Networks, AWS, Apple, Google, Microsoft, Cisco, CrowdStrike, NVIDIA, JPMorgan Chase, and the Linux Foundation—to use the model to find and fix flaws in critical software before attackers can exploit them Anthropic, 2026.
Mythos Preview is designed to autonomously discover vulnerabilities and, in some cases, chain them into working exploit paths. Anthropic's coordinated vulnerability disclosure dashboard shows that, as of May 22, 2026, the model had contributed to 1,596 disclosed vulnerabilities across 281 open-source projects, with 97 patched and 88 assigned CVE records or GitHub Security Advisories Anthropic, 2026. In a first-month progress report, Anthropic said Project Glasswing partners had found more than 10,000 high- or critical-severity vulnerability candidates across systemically important software, including an estimated 6,202 across over 1,000 open-source projects Anthropic, 2026.
The capability jump is not incremental. Independent benchmarks compiled from Anthropic's system card show Mythos Preview scoring 93.9% on SWE-bench Verified and 77.8% on SWE-bench Pro, compared with 53.4% for Claude Opus 4.6 Mythos Preview Daily, 2026. On CyberGym, a defensive/offensive security benchmark, Mythos Preview scored 83.1% versus 66.6% for Opus 4.6 APIYI, 2026.
Why the US government pulled Fable 5 and Mythos 5 offline
On June 9, 2026, Anthropic launched Claude Fable 5, a publicly available Mythos-class model with extra safeguards, and Claude Mythos 5 for vetted partners. Both were priced at $10 per million input tokens and $50 per million output tokens SecurityWeek, 2026. Three days later, on June 12 at 5:21 p.m. ET, Anthropic received a US Commerce Department export-control directive ordering it to suspend all access to Fable 5 and Mythos 5 by any foreign national, including foreign-national Anthropic employees. Because the company could not reliably restrict access by nationality in real time, it disabled both models for all users worldwide Anthropic, 2026.
Anthropic said the directive offered no specific national-security justification but that its "understanding is that the government believes it has become aware of a method of bypassing, or 'jailbreaking' Fable 5." Anthropic reviewed a demonstration of the technique and found it identified "a small number of previously known, minor vulnerabilities" that other publicly available models could also find Anthropic, 2026. Reuters confirmed the Commerce Department issued the directive and that a US official said it cited national security authorities Reuters, 2026.
What Unit 42's testing tells us about defensive value
Palo Alto Networks' Unit 42 was one of Project Glasswing's launch partners. In an interview, Unit 42's Philippa Cogwell noted that the company's offensive-security and red-team testing with Mythos-class models produced 26 CVEs in roughly the first three weeks of full access, against a normal monthly volume of fewer than five CVEs across Palo Alto Networks' 130-plus products. The model also helped identify misconfigurations, leaked credentials, and exposed APIs—context beyond raw code flaws [Palo Alto Networks / Unit 42, transcript, 2026].
Separately, Unit 42's 2026 Global Incident Response Report, published in February 2026, analyzed more than 750 major cyber incidents across over 50 countries. It found that in the fastest 25% of cases, attackers moved from initial access to data exfiltration in 72 minutes—four times faster than the prior year—and that 87% of intrusions spanned multiple attack surfaces. It also found that over 90% of breaches were enabled by preventable gaps such as misconfigurations, inconsistent controls, excessive trust, and limited visibility Palo Alto Networks, 2026.
What this means for you: a small-business and builder playbook
Most businesses do not have a red team, a managed SOC, or a seat at Project Glasswing. That is fine. The lesson from both Mythos and Unit 42's incident data is that basics are the best defense against faster attackers.
1. Patch within days, not weeks
If AI can surface vulnerabilities at machine speed, the time between disclosure and patch becomes the critical variable. Enable automatic updates for operating systems, browsers, and SaaS tools. For self-hosted software, build a process to review security advisories weekly and test patches quickly.
2. Shrink your external attack surface
Unit 42's report repeatedly finds organizations are unaware of exposed IPs, domains, or cloud services. Use free or low-cost attack-surface tools to list what is publicly reachable: old subdomains, open ports, unpatched appliances, and abandoned cloud buckets.
3. Treat identity as the perimeter
Identity weaknesses played a material role in nearly 90% of Unit 42 investigations Industrial Cyber, 2026. Require phishing-resistant MFA, remove unused accounts, limit admin rights, and review third-party app permissions quarterly. These controls are part of the broader small-business security baseline we outline in Is AI Safe for My Small-Business Data?.
4. Consolidate visibility
Eighty-seven percent of attacks crossed multiple surfaces—endpoint, cloud, SaaS, identity. If your security tools do not talk to each other, you cannot correlate signals. A single platform or integrated telemetry is usually better than a patchwork of best-of-breed point products. This is one reason we treat AI security as a business-risk discipline, not only an IT problem — see AI Risks for Small Business: Legal, Privacy, and Accuracy Pitfalls.
5. Know where AI is used in your stack
If developers or vendors use AI coding assistants, Claude Security, or other AI-powered scanners, understand what data they access and who reviews their outputs. Anthropic launched Claude Security for enterprise code scanning in 2026, and similar tools will increasingly become standard—but they still require human review Anthropic, 2026.
Will AI make security solvable or just noisier?
Palo Alto Networks' Lee Klarich has argued that "security is solvable" for organizations that consolidate visibility, enforce least privilege, and automate response. The flip side is that AI also gives attackers faster reconnaissance, better phishing, and automated exploit chaining. The net effect depends on whether defenders automate the right things while keeping human judgment on high-stakes decisions.
Unit 42's own workflow illustrates the balance: it uses Mythos-class models inside a harness, then puts an experienced red teamer over the results to filter false positives and confirm real flaws. For a small business, the equivalent is: let AI tools scan and triage, but keep a human in the loop for remediation decisions. That human-in-the-loop discipline is also the best defense against everyday AI mistakes, as we explain in AI Giving Wrong Answers? How to Avoid AI Mistakes in Your Small Business.
Related reading
FAQ
Q: What is Claude Mythos? A: Claude Mythos Preview is Anthropic's most capable unreleased frontier model, with exceptional software-engineering and cybersecurity capabilities. It is restricted to vetted partners under Project Glasswing because it can autonomously discover and chain software vulnerabilities.
Q: Why was Fable 5 banned? A: On June 12, 2026, the US Commerce Department issued an export-control directive requiring Anthropic to suspend access to Fable 5 and Mythos 5 by foreign nationals. Anthropic disabled both models globally because it could not reliably enforce nationality-based access. The directive was reportedly linked to a demonstrated jailbreak of Fable 5.
Q: Is AI vulnerability discovery a threat to my business? A: It is a dual-use shift. Defenders can find and fix flaws faster; attackers can discover new exploits faster. Most businesses are better served by patching faster, shrinking their attack surface, and strengthening identity controls than by worrying about frontier models directly. If you are just starting to map where AI fits into your operations, our AI for Small Business: The Complete, Practical Guide covers the fundamentals.
Q: Can small businesses use Claude Mythos or Claude Security? A: Mythos Preview is not available to the public. Claude Security, a separate enterprise code-scanning product, is available to Claude Enterprise customers. Most small businesses will interact with these trends indirectly through their software vendors and security tools.
Q: What is Project Glasswing? A: Project Glasswing is Anthropic's defensive cybersecurity initiative that gives controlled access to Claude Mythos Preview to critical-infrastructure providers, technology companies, and open-source maintainers. Anthropic has committed up to $100 million in usage credits and $4 million in open-source security donations.
Q: What should I do this week? A: Turn on automatic updates, audit admin accounts and MFA coverage, run an external attack-surface check, and review which third-party apps have access to your core SaaS accounts.
Discussion
0 comments