New serious vulnerabilities spiked around release of Claude Mythos Preview — Epoch.ai analysis
What happened
Epoch.ai published a data analysis of disclosed CVEs for June 2026. They recorded approximately 1,500 high- and critical-severity CVEs from 21 tracked organizations — including Microsoft, Google, Apple, Oracle, and AWS. The previous monthly record was approximately 430 CVEs.
Context and impact
In April 2026, Anthropic announced that Claude Mythos Preview could autonomously discover software vulnerabilities. The partnered Project Glasswing used this model to identify and remediate bugs before public disclosure. Epoch.ai argues this project directly explains the spike. If AI dramatically accelerates vulnerability discovery, the entire cybersecurity dynamic changes — for defenders and attackers.
Details
- June 2026: approximately 1,500 high/critical CVEs
- Previous monthly record: approximately 430 CVEs
- Increase: 3.5× above previous peak
- Project Glasswing claim: more than 10,000 high/critical vulnerabilities identified
- Organizations tracked: 21 (Microsoft, Google, Apple, Oracle, AWS...)
- Note: only covers publicly disclosed CVEs — actual bugs found is likely much higher
Open original source
Epoch.ai