White House Blocked Mythos After AI Found 1,726 Security Flaws

The White House blocked Anthropic from expanding access to its Mythos AI model to approximately 120 organizations after the model autonomously discovered 1,726 confirmed security vulnerabilities across open-source software — more than 1,000 of them rated high or critical severity. Dario Amodei has warned publicly that adversaries have a 6-12 month window before they develop or acquire AI with comparable offensive cyber capabilities. Mythos is currently restricted to roughly 40-50 organizations under Project Glasswing, a coordinated defensive patching program.

This is not a story about an AI model being too good at coding. It's about an AI system that can autonomously find and exploit zero-days at a scale that breaks the existing assumption of how long organizations have to patch before attackers arrive.

What Is Anthropic Mythos and What Can It Do?

Mythos is Anthropic's most capable cybersecurity-focused AI model, announced in early April 2026 as the Claude Mythos Preview under Project Glasswing. Anthropic describes it as "far ahead" of other models specifically on offensive and defensive security tasks.

The model's demonstrated capabilities are specific. In its initial deployment under Project Glasswing, Mythos scanned more than 1,000 open-source software projects and identified over 23,000 potential vulnerabilities. Of those, 1,726 were confirmed as real security flaws. More than 1,000 of the confirmed vulnerabilities are rated high or critical severity — the categories that, in practice, mean an attacker with the bug and an exploit can achieve code execution or data exfiltration.

The model can autonomously find vulnerabilities, generate working exploit code, and identify patch approaches — all without human direction on each step. That combination is what makes it categorically different from existing security scanning tools, which require human analysts to evaluate candidate bugs before any exploitation is possible.

For context on the earlier Mythos announcement and which specific projects were affected, see Claude Mythos Zero-Days: Developer Patch Action for FreeBSD, OpenBSD, FFmpeg, Linux 2026.

Why Did the White House Block the Expanded Rollout?

Anthropic had planned to expand Project Glasswing access from the initial 40-50 organizations to approximately 120. The White House blocked the expansion over concerns about offensive capability proliferation.

The concern is straightforward. Every organization that receives Mythos access gains a significant asymmetric capability. For defenders — the stated purpose of Project Glasswing — that's finding vulnerabilities before attackers do. But if any of the 120 organizations misuses access, or if access credentials are compromised, the same capability becomes an offensive tool. An AI that can find 1,726 confirmed critical vulnerabilities in OSS projects can also find them in private infrastructure, financial systems, and operational technology.

The "SolarWinds every quarter" framing that circulated in government briefings captures the concern precisely. SolarWinds involved one supply chain compromise. Mythos, in the wrong hands, could enable a sustained cadence of novel zero-day exploitation at a scale and speed that human security teams cannot respond to in time.

What Is Dario Amodei's 6-12 Month Warning?

Amodei has stated publicly that adversaries — nation-state actors and sophisticated criminal groups — have approximately 6-12 months before they develop or acquire AI systems with offensive cyber capabilities comparable to Mythos. His argument is that the window to patch the 1,726 confirmed vulnerabilities Mythos found before those same bugs are found by adversaries using their own AI is measured in months, not years.

This is the core tension in Project Glasswing. Anthropic holds a temporary defensive advantage: its model found the bugs before adversaries did. But that advantage exists only if the organizations responsible for patching can move faster than the 6-12 month adversary development window.

The implication is uncomfortable. Every week that patching is delayed on the 1,000+ high/critical CVEs Mythos discovered is a week closer to the point where adversaries independently discover the same bugs. Amodei's framing treats the vulnerability disclosure as a race against a specific clock — not an indefinite grace period.

Who Currently Has Access to Mythos Under Project Glasswing?

Approximately 40-50 organizations have access as of May 2026, described as U.S.-heavy and spanning major technology companies and infrastructure operators. Named participants in reporting include Apple, AWS, and Microsoft. Several allied governments have been added cautiously — the specific countries have not been disclosed publicly.

Access is restricted to defensive use: finding vulnerabilities in systems the organization owns or is responsible for, so they can patch them. Anthropic has implemented technical controls and contractual restrictions prohibiting offensive use. The company is also monitoring for anomalous usage patterns.

The White House's block on expanding to 120 organizations means the defensive patching work is currently being done by a smaller set of organizations than Anthropic and BIS originally planned. For OSS projects and infrastructure that Glasswing partners don't maintain, the 1,726 CVEs may sit unpatched for longer than Amodei's 6-12 month warning suggests is safe.

What Does This Mean for the 1,726 Confirmed CVEs?

The 1,726 confirmed vulnerabilities are in open-source software projects scanned during Project Glasswing. The affected projects span operating systems, web browsers, media processing libraries, and infrastructure components — the kinds of code that sits at the base of almost every production software stack.

Patching is underway but not complete. The original Glasswing launch partners received vulnerability disclosures and began coordinated patching. The pace of remediation depends on the maintainers of each affected project, many of whom are volunteers or small teams with limited capacity to respond quickly to a sudden flood of high-severity disclosures.

For developers, the practical implication is: if you are running software that incorporates popular OSS components, you are running code that has already been scanned by a nation-state-capable AI vulnerability finder. The patch may or may not be available yet. Treat your dependency update cadence as a security-critical practice, not a maintenance task.

How Does Mythos Compare to Other AI Cybersecurity Tools?

Existing AI security tools — including GPT-4-based vulnerability scanners, GitHub Copilot Autofix, and commercial SAST/DAST products — assist human analysts. They flag candidate issues that analysts must evaluate before any action is taken. The human in the loop is the rate-limiting step.

Mythos removes that rate limit for initial discovery. It can autonomously scan, evaluate, confirm, and generate exploit code for vulnerabilities without waiting for a human to review each one. The 23,000 candidate bugs surfaced from 1,000+ OSS projects in a timeframe that no human security team could match.

This is why the White House treat the expansion as a capability proliferation problem rather than a standard enterprise software rollout. The bottleneck in offensive cyber operations has historically been finding the bugs, not writing the exploit. Mythos compresses the discovery phase from months to days.

Key Takeaways

• White House blocked Anthropic from expanding Mythos access to 120 organizations over offensive capability proliferation concerns
• 1,726 confirmed CVEs found by Mythos across 1,000+ OSS projects; 1,000+ rated high or critical severity
• 23,000 potential vulnerabilities scanned; 1,726 confirmed real
• ~40-50 organizations currently have access under Project Glasswing, including Apple, AWS, and Microsoft
• Dario Amodei's warning: adversaries have 6-12 months before developing comparable offensive AI capability
• For developers: Run your dependency updates as a security-critical discipline — Glasswing partners are patching bugs an AI already confirmed are real and exploitable
• What to watch: CVE disclosures from Glasswing partners in Q2-Q3 2026; any indication of adversary AI tools finding the same bugs before patches ship