Dario Amodei's Mythos bet is hitting the public CVE record
Epoch AI found a June spike in serious vulnerability disclosures, but the data shows a bottleneck Anthropic still has to clear: patching.
By Ryan Merket ยท Published
Why it matters
Anthropic's Mythos story is shifting from model capability to operating capacity: the winner in AI cyber may be the lab that clears the patch queue, not the one that finds the most bugs.

Dario Amodei and Daniela Amodei's Anthropic is starting to show up in the public vulnerability record: Epoch AI said in a July 2 data insight that major software organizations disclosed about 1,300 to 1,500 high- and critical-severity CVEs in June 2026, more than 3.5x the previous monthly record before Anthropic announced Claude Mythos Preview.
That is the first broad public signal that Anthropic's cyberdefense push is moving from lab claim to disclosure queue. Epoch's chart does not prove Claude Mythos Preview caused the spike. It does show the software industry absorbing a new volume of serious bug reports in the weeks after Anthropic began giving a limited group of partners access to a model the company says can autonomously discover and exploit vulnerabilities.
The timing matters because Anthropic was built around a founder thesis that stronger AI systems would arrive before institutions were ready for them. The company, founded in 2021 by former OpenAI employees including Dario and Daniela Amodei, presents itself as a public benefit corporation dedicated to securing AI's benefits and mitigating its risks. Mythos has turned that positioning into a live operating problem: if frontier models can find real zero-days at scale, the gating question becomes who gets access, how quickly vendors can validate findings, and whether patches land before attackers learn the same tricks.
The spike Anthropic wanted, and the backlog it created
Epoch's analysis uses public disclosures from CVE.org, focusing on 21 notable organizations to reduce noise from lower-quality submissions. The list includes Microsoft, Google, Apple, Adobe, Oracle, Cisco, IBM, Red Hat, Intel, AMD, NVIDIA, Qualcomm, Samsung, SAP, Amazon Web Services, VMware/Broadcom, GitHub's own products, Linux, Mozilla, Apache, and OpenSSL.
The count is imprecise even inside Epoch's own page. The main text says around 1,500 high- and critical-severity CVEs in June; the summary at the bottom says roughly 1,300. The safe reading is that June produced a step-function increase, with the monthly total more than 3.5x the pre-Mythos record. Epoch also cautions that disclosure procedures, labels, and cadence vary by organization, and that public CVEs exclude vulnerabilities found but not yet disclosed.
That caveat is the story. Anthropic's own numbers imply a much larger private backlog than the public CVE record can currently show. In a May 22 Project Glasswing update, Anthropic said it and about 50 partners had used Claude Mythos Preview to find more than 10,000 high- or critical-severity vulnerabilities. Anthropic framed the new bottleneck bluntly: progress in software security used to be limited by finding bugs, while the constraint has shifted to verifying, disclosing, and patching them.
Anthropic said in that same update that many disclosures must lag discovery because the industry gives maintainers time to patch before details are published. The company also said it has used Mythos Preview to scan more than 1,000 open-source projects and has shared aggregate results while full details wait on coordinated disclosure timelines.
Those are company-reported figures. They still explain why the June CVE spike matters: the public record is probably a lagging indicator of a private triage process already running at a scale that normal security teams were not staffed to handle.
Mythos made release policy part of the product
Anthropic's April 2026 technical assessment of Claude Mythos Preview said the model was unusually strong at computer security tasks and that Anthropic had launched Project Glasswing to use it to secure critical software before similar capabilities reached attackers. The post described Mythos Preview as capable of autonomous vulnerability discovery and exploitation when directed by a user.
Anthropic expanded Glasswing on June 2, saying it would add about 150 organizations across more than 15 countries after the first cohort of roughly 50 partners. The expansion targeted infrastructure providers, maintainers of critical open-source software, and organizations in power, water, healthcare, communications, and hardware. Anthropic said each organization would need to meet security requirements before receiving access.
That is a founder-friendly version of controlled distribution, and it is also a sales and standards-setting move. By giving critical vendors early access, Anthropic can make Mythos-class capabilities part of the defensive workflow before rival labs or offensive-security startups define the market. By keeping access limited, Anthropic also preserves a policy argument it has made repeatedly: some model capabilities should be deployed through trusted channels before general release.
The rest of the market is moving to the same constraint
Anthropic is not alone in trying to turn frontier models into defensive cyber infrastructure. OpenAI's Daybreak page says the cybersecurity bottleneck is shifting from finding reports to validating findings, testing patches, coordinating disclosure, and getting fixes merged. OpenAI is packaging that work through Codex Security, Trusted Access for Cyber, GPT-5.5-Cyber, and a partner program for approved defenders.
Microsoft is making a similar argument from inside its own engineering machine. In a May 12 security blog post, Microsoft said its codename MDASH multi-model agentic scanning harness found 16 CVEs that were included in that day's Patch Tuesday cohort.
The result is a market where the old AI security pitch, faster bug finding, is already table stakes. The harder product is the queue after discovery: deduplication, exploitability validation, maintainer routing, patch generation, regression testing, disclosure timing, and evidence that fixes actually land. Epoch's June chart is valuable because it captures that queue spilling into the public CVE system.
For Dario and Daniela Amodei, that public signal cuts both ways. It supports the argument that Anthropic's controlled-access model can help defenders move first. It also creates a scoreboard that Anthropic cannot fully control. If the CVE record keeps rising without faster remediation, Mythos will look less like a shield and more like a force multiplier for the software industry's existing patch debt. If the spike is followed by cleaner disclosures and faster fixes, Glasswing becomes Anthropic's strongest case that frontier AI can be released through institutions before it is released to everyone.