Cloudflare disclosed results from Project Glasswing, an internal exercise in which its security team ran Anthropic's unreleased Claude Mythos Preview model against more than fifty of its production repositories, including runtimes, edge data paths and protocol stacks. The reported findings include 595 crashes and ten documented working control-flow hijacks, with the model chaining low-severity primitives into functional exploit chains and surfacing memory-safety and command-injection issues in Cloudflare code. Anthropic rated Mythos at or near its ASL-3 cyber-capability threshold and is keeping the model under restricted release. Cloudflare's CISO framed the exercise as evidence that AI-assisted vulnerability discovery is now operationally relevant against critical infrastructure code, and warned that the same capabilities will be available to attackers. No active exploitation has been reported, and Cloudflare has not published specific CVEs tied to the findings.
- Cloudflare Tests Claude Mythos Against 50+ Repos: Anthropic AI F(opens in a new tab)
- Cloudflare Says Anthropic Mythos Can Build Exploit Chains(opens in a new tab)