DEV Community

gentic news
gentic news

Posted on • Originally published at gentic.news

CVEs spike 3.5x after Anthropic's Mythos Preview launch

High-severity CVEs jumped 3.5x in June after Anthropic's Mythos Preview launch. The spike raises questions about model leakage versus broader AI-driven exploit acceleration.

High-severity CVEs surged 3.5x in June after Anthropic's Claude Mythos Preview launch. Epoch's data shows the spike followed Anthropic's April announcement that Mythos can autonomously discover and exploit vulnerabilities.

Key facts

  • 3.5x increase in high-severity CVEs in June 2026
  • Mythos Preview announced April 2026
  • Previous monthly record before Mythos was lower
  • Anthropic restored Mythos access July 1 with security deal

In April 2026, Anthropic announced that its latest internal model (Claude Mythos Preview) was capable of autonomous cybersecurity vulnerability discovery and exploitation According to Epoch. Since then, both Anthropic and OpenAI have launched efforts to use frontier models to harden critical software before malicious actors can use the same models for harm.

The number of Common Vulnerabilities and Exposures (CVEs) jumped significantly following these announcements. Compared to the previous monthly record before the Mythos Preview announcement, the number of high- and critical-severity vulnerabilities increased more than 3.5x in June.

Key Takeaways

  • High-severity CVEs jumped 3.5x in June after Anthropic's Mythos Preview launch.
  • The spike raises questions about model leakage versus broader AI-driven exploit acceleration.

Two plausible explanations

Hacker News commenters offered two competing theories. One: someone with early access to Mythos leaked it to bad actors. Two: cybercriminals are getting enough mileage from alternative models to create exploits faster, even without Mythos access. The second theory also implicates "vibe-coding degrading software quality at multiple layers" as a contributing factor.

The data alone cannot distinguish between these causes. But the timing — a 3.5x spike immediately after Mythos's capability reveal — leans toward the leak hypothesis, though Epoch's report does not attribute causation.

Industry response

Both Anthropic and OpenAI have pivoted to proactive defense. Anthropic restored public access to Mythos and Fable models on July 1 under a deal requiring proactive security risk detection [per the knowledge graph]. The move signals that frontier labs view autonomous vulnerability discovery as a dual-use capability that requires guardrails.

AI Trends & Statistics

OpenAI, meanwhile, proposed giving Washington 5% equity to ease regulatory pressure [as previously reported], suggesting the CVE spike amplifies scrutiny on model release policies.

What to watch

Watch for Anthropic's Q3 vulnerability disclosure report and whether OpenAI follows with similar transparency metrics. If the CVE curve continues rising, expect regulatory demands for pre-release red-teaming mandates on frontier models.

Line chart of monthly critical- and high-severity CVEs from 21 major tech organizations between 2022 and 2026, showing a sharp spike after Claude Myth


Source: epoch.ai


Originally published on gentic.news

Top comments (0)