May 23, 2026 Insights 9 min read

Claude Mythos and Project Glasswing: What 10,000 AI-Discovered Zero-Days Mean for Canadian Businesses

By Cybersecurity Canada Editorial Team | Published May 23, 2026

In its first month of operation under Anthropic's Project Glasswing, the unreleased Claude Mythos Preview model autonomously discovered more than 10,000 high- and critical-severity zero-day vulnerabilities across major operating systems, browsers, and widely used open-source software. The figure was published by Anthropic in its mid-May 2026 program update and analysed by mainstream outlets including Bloomberg and consulting firm Bain & Company. The model is not publicly available — Anthropic is holding it back specifically because of its offensive cybersecurity capabilities — but the disclosures from Glasswing are already pushing patches into the software Canadian businesses run every day.

The headline number is dramatic. The more important number for Canadian small and medium-sized businesses is the one underneath it: as of Anthropic's first program update, roughly 827 confirmed high- or critical-severity vulnerabilities are still awaiting disclosure, and the open-source maintainers receiving them have asked Anthropic to slow down because they cannot patch quickly enough. That backlog — not the AI itself — is the immediate risk for Canadian SMBs.

What is Claude Mythos, and what did Project Glasswing find?

Claude Mythos Preview is an unreleased frontier model from Anthropic that can autonomously identify, validate, and exploit software vulnerabilities with minimal human guidance. Project Glasswing is the invitation-only partner program Anthropic launched in April 2026 to give about a dozen founding organizations — including Amazon Web Services, Apple, Google, Microsoft, Cisco, NVIDIA, CrowdStrike, JPMorgan Chase, and the Linux Foundation — controlled access to Mythos, along with roughly 40 additional critical-infrastructure operators and $100 million in Claude usage credits.

Among the disclosed findings is CVE-2026-4747, a 17-year-old remote-code-execution flaw in FreeBSD's NFS server that Mythos identified and fully exploited end-to-end with no human steering after the initial prompt. The program has also flagged long-standing flaws in OpenBSD, FFmpeg, and the Linux kernel that remain under embargo while patches are written. Independent CVE trackers, including VulnCheck and The Register, note that only a small fraction of the 10,000+ findings have been publicly attributed so far — the rest sit inside a 90-day coordinated-disclosure window.

Why this matters even though Mythos is not publicly available

Anthropic's decision to gate Mythos behind Glasswing has been described as the "responsible" path by Canada's Minister of Artificial Intelligence and Digital Innovation, Evan Solomon, after an April 14, 2026 meeting with the company, reported by Bloomberg and Global News. Restricting access gives defenders a head start, but it does not buy them a permanent advantage. Three things follow from that, and all three matter for Canadian businesses:

1. Patches will arrive in bursts. As Glasswing maintainers ship fixes, Canadian businesses will see unusually large security updates for FreeBSD, Linux distributions, browsers, media libraries, and other foundational software. The volume is the point — not any single CVE.
2. The window between patch release and exploitation is collapsing. Exploit-intelligence groups now report a median time from CVE disclosure to working exploit of roughly 10 hours in 2026, down from 56 days in 2024. Attackers do not need their own Mythos to weaponise a public advisory — current open models are already enough to read a fix and reverse-engineer the bug.
3. Maintainer capacity, not detection, is the bottleneck. Anthropic has reported that high- or critical-severity findings take an average of two weeks to patch, and that some maintainers have asked the company to slow disclosure. For software that depends on volunteer maintainers, "more findings" does not translate cleanly into "more fixes."

What changes for Canadian businesses right now

The practical risk for Canadian businesses is not that Claude Mythos itself will be turned against them. It is that monthly patch cycles no longer match the speed of the threat. A small business that batches Windows, macOS, browser, and router updates into a once-a-month maintenance window was already exposed; in the Mythos era, that delay is likely to be the difference between patched and compromised.

Three specific Canadian risk concentrations are worth naming:

• Edge devices and routers. Many Canadian SMBs rely on consumer-grade or end-of-life networking equipment whose vendors patch slowly, if at all. Glasswing-style disclosures will surface long-standing flaws in this category.
• Open-source dependencies in custom software. If your business runs custom web applications, an internal portal, or vendor software built on FFmpeg, OpenSSL, or Linux components, you may inherit a Glasswing-related advisory through a supplier rather than directly. This is the same pattern we covered in our analysis of the Notepad++ supply-chain attack.
• Unpatched legacy systems. Devices still on Windows 10, end-of-life network appliances, or unmaintained line-of-business applications will not receive Glasswing fixes at all. The Canadian Centre for Cyber Security has long flagged this category as the most attractive to opportunistic attackers; AI-assisted exploitation makes the gap worse.

How Canadian SMBs should respond to the Mythos disclosures

The right response is not specialised AI security tooling. It is faster, more disciplined execution of the controls the Canadian Centre for Cyber Security has been recommending since 2022. Five practical moves, in priority order:

1. Move patch management from monthly to weekly — or automatic. For workstations and browsers, turn on automatic updates and verify they are landing. For servers, shorten your patch window for high- and critical-severity CVEs to seven days or less. Our pillar on patch management lays out the checklist.
2. Inventory what you actually run. You cannot patch what you do not know about. Maintain a simple list of operating systems, key applications, network devices, and the open-source components your custom software depends on. Vendors that cannot provide a software bill of materials are now a vendor and third-party risk finding.
3. Make multi-factor authentication mandatory. A working exploit still usually needs an initial foothold. MFA on email, remote access, cloud admin consoles, and any internet-facing service remains the single highest-leverage control available to a Canadian SMB. See multi-factor authentication for the rollout pattern.
4. Test your backups against a ransomware scenario, not a tidy "files deleted" scenario. Glasswing-class disclosures lower the cost of opportunistic intrusion; ransomware operators will be the first commercial users. Offline, immutable, and tested backups are the floor.
5. Rehearse the first 24 hours. If a Mythos-disclosed flaw is exploited against a Canadian SMB before it is patched, the first hour of the response will determine the outcome. Our piece on what to do in the first 24 hours after a cyber attack is the starting script; pair it with the incident response pillar.

This is also the moment to be honest about why cybercriminals target small businesses — not because they are valuable, but because they are reachable. AI lowers the cost per target, which makes "we are too small to attack" a worse assumption in 2026 than it was a year ago.

How Project Glasswing maps to Canada's Baseline Cyber Security Controls

Most of what the Mythos disclosures require from Canadian SMBs is already in the Cyber Centre's 13 Baseline Controls. The mapping is direct:

• Faster patching of operating systems and applications → Patch management (BC.2), shortened to weekly cadence for critical CVEs.
• Hardening of internet-facing services and edge devices → Secure configuration (BC.4) and network security (BC.9).
• MFA on admin and remote access → Authentication (BC.5) with phishing-resistant factors where possible.
• Backups that survive ransomware → Backup and recovery (BC.7) with offline copies and restoration tests.
• A tested response plan → Incident response (BC.1), updated to assume short patch windows and AI-accelerated attacker tooling.

If you are not sure where your organization sits against these controls today, our free cybersecurity assessment walks through all 13 in about ten minutes and produces a prioritised list of gaps — the same gaps a Glasswing-class advisory would be most likely to exploit. The companion piece on agentic AI security for Canadian businesses covers the other half of the AI-cyber picture: what happens when your own business starts deploying AI agents inside its systems.

Frequently asked questions

What is Claude Mythos in plain terms?

Claude Mythos is an unreleased AI model from Anthropic with strong autonomous cybersecurity capabilities. Unlike publicly available models, it can plan, run, and verify a vulnerability-discovery process end-to-end with minimal human input. Anthropic has chosen not to release it publicly and is instead giving controlled access to about a dozen partner organizations under Project Glasswing.

Did Claude Mythos really find 10,000 zero-days?

Anthropic reports that Claude Mythos Preview identified more than 10,000 high- or critical-severity findings during its first month under Project Glasswing. Independent CVE trackers note that only a handful — including the FreeBSD NFS flaw CVE-2026-4747 — have been publicly attributed so far. The remainder are inside a 90-day coordinated-disclosure window, and the total assumes Anthropic's own validation methodology. Treat the 10,000+ figure as Anthropic's claim, not yet an independently audited count.

Should Canadian businesses be worried about Mythos itself?

Not directly. Mythos is gated behind Glasswing partners and is not available to the public, and Canada's federal AI minister has characterised that gating as a responsible approach. The realistic risk is the disclosure pipeline that Glasswing is producing: Canadian businesses will need to patch high- and critical-severity flaws faster than they did in previous years, because attackers using current open AI models can reverse-engineer fixes into exploits in hours rather than weeks.

What should we do this week?

Turn on automatic updates everywhere they are available, shorten your patch window for critical CVEs, verify that MFA is enforced on every internet-facing account, confirm you have an offline backup tested within the last 90 days, and re-read your incident response plan. None of this is new — Mythos has changed the urgency, not the playbook.

Where can I read the primary sources?

Anthropic's Project Glasswing page is at anthropic.com/glasswing, and the technical write-up of Claude Mythos Preview is at red.anthropic.com. The Canadian Centre for Cyber Security publishes ongoing guidance at cyber.gc.ca.