# Anthropic's AI found thousands of security bugs โ€” explained > Anthropic's Claude Mythos found 6,202 serious security flaws in open-source software. *What Project Glasswing found, why it's a big deal, and why it's also a warning.* By The SuggestedTech Team ยท SuggestedTech Canonical: https://suggestedtech.com/news/anthropic-mythos-security-bugs-explained A lot of the world's software is built on free, 'open-source' code maintained by small teams of volunteers. Anthropic just pointed a powerful AI at it โ€” here's what happened, in plain English. > **Info:** ๐Ÿ’ก **In plain English:** Anthropic has a special, restricted AI called Claude Mythos that's very good at spotting security holes in software. In a project called Glasswing, it scanned 1,000 open-source programs and found thousands of real flaws. ## What it found Mythos found **6,202 serious (high- or critical-severity) vulnerabilities**. To check it wasn't just making things up, six independent security firms reviewed the results and confirmed about **91% were genuine**. One flaw was in software (wolfSSL) used by billions of devices, and it has since been fixed. ## Why it's both good and worrying Good: defenders can now find and fix dangerous flaws much faster โ€” Anthropic only gave this tool to about 50 trusted partners like Apple, Google and big banks. Worrying: **finding** bugs is now easy, but **fixing** them still depends on busy (often unpaid) people. So there's a growing pile of known problems waiting to be patched. > **Note:** **The reassuring bit:** Anthropic kept this AI locked down to trusted defenders, didn't release it to the public, and put $100m of support behind helping maintainers fix what it finds. It's being careful โ€” because the same skill could help attackers too. ## Key takeaways - Anthropic used a powerful, restricted AI (Claude Mythos) to hunt for security flaws in open-source software. - It found 6,202 serious vulnerabilities, and outside experts confirmed about 91% were real. - Many flaws are in software used by billions of devices; several have already been fixed. - The catch: AI finds bugs much faster than the (often volunteer) maintainers can fix them. ## FAQ ### Does this make my apps less safe? Not directly โ€” these flaws already existed; the AI just found them, mostly so defenders can fix them, and many are already patched. The longer-term worry is that fixes can lag behind discoveries, so keeping your software updated matters more than ever. ### Can I use Claude Mythos? No. It's restricted to about 50 vetted partners for defensive security work and isn't publicly available. Anthropic says it will only widen access once stronger safeguards are in place, because the tool is powerful enough to be dangerous in the wrong hands.