Grant Bourzikas, the chief information security officer at Cloudflare, has peered into the frontier of automated digital defense and found it dangerously clumsy. Over the last week, internet giants and security researchers gained early access to Anthropic’s powerful Claude Mythos model to audit their systems. The artificial intelligence found the flaws, but its solutions were radioactive.

Bourzikas noted that when Mythos suggested patches for vulnerabilities, they routinely failed upon execution. If applied, the AI-generated code would have quietly broken something the software relied on, causing a potential crash or creating an entirely new weakness for a hacker to exploit.

The scale of the vulnerability discovery is staggering. Since the Project Glasswing cybersecurity initiative went live last month, Anthropic's model has uncovered more than 10,000 high- or critical-severity vulnerabilities. Of these, 6,202 were classified as high- or critical-severity flaws impacting more than 1,000 open-source projects. One such weakness was a critical flaw in WolfSSL (CVE-2026-5194) that could allow an attacker to forge certificates.

Yet the friction of execution remains a highly biological problem. The automated identification of software vulnerabilities does not seamlessly translate into automated remediation. Human engineers are still required to "separate noise from real, exploitable priority findings," Bourzikas observed.

The models themselves are not immune to architectural flaws. An independent cybersecurity researcher named Guan recently discovered a vulnerability in the Claude Code network sandbox. If exploited, the bypass would have allowed an attacker to intercept environment variables, credentials, and infrastructure data. Anthropic silently patched the flaw in April after Guan reported it through the HackerOne bounty program.