What happened
SecurityWeek reports that Mythos Preview identified more than 23,000 potential vulnerabilities across more than 1,000 open-source projects. About 1,900 were reviewed by external security firms, 1,726 were confirmed, and more than 1,000 were rated high or critical severity.
The uncomfortable part is what happens after discovery. More than 1,100 unverified findings have been reported to vendors, but only 75 high or critical issues had been patched at the time of the report, with 65 public advisories.
That is not a knock on maintainers. It is a warning about system capacity. AI can widen the discovery aperture faster than humans can triage and repair the queue.
The next security advantage may belong to teams that redesign the whole patch pipeline, not teams that merely add another scanner.
Source
Reported by Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects via securityweek.com, published May 25, 2026.