Today is May 1, 2026 — roughly twenty-five days since Anthropic announced Claude Mythos Preview and Project Glasswing, and the story has quietly stopped being about discovery. The find rate was the headline in April. The patch rate is the headline now, and the gap between the two is what I’d argue every defender, regulator, and insurer should be staring at this morning.
The number that’s been bothering me all week: less than 1% of the high-severity vulnerabilities Mythos surfaced across major operating systems and browsers are fully patched. That figure has been floating around analyst notes and security write-ups for the past two weeks, and nobody is contesting it. We have a model that found thousands of severe issues — and a maintainer ecosystem that, by even charitable counts, has closed a few dozen.
That’s the actual Mythos story for May. Not capability. Throughput.
The 99% That’s Still Open
Let’s anchor in the specifics that have been disclosed publicly. CVE-2026-4747 — a 17-year-old unauthenticated RCE in FreeBSD’s NFS server, where Mythos autonomously built a 20-gadget ROP chain split across multiple network packets. A 27-year-old signed integer overflow in OpenBSD’s SACK TCP implementation that crashes any host that receives the right packet. These are not academic. These are dial-tone-of-the-internet bugs that Mythos chained working exploits for, and they are representative — not exceptional — of what’s now sitting in disclosure queues.
Anthropic’s stated discipline is 90-day notification timelines and a 45-day post-patch window before publishing technical detail. Do the math from April 7. The earliest of those 90-day clocks expires on July 6. By August, technical writeups for the first wave of unpatched bugs become public regardless of patch status, and the calculus of “wait for the vendor” stops working.
The defender’s job between now and then is to close as much of that 99% as possible. The sober assessment from where I sit is that they will not.
Why Maintainer Throughput Doesn’t Scale
The optimistic frame on Mythos was always: capabilities are symmetric, defenders get the same uplift attackers do. I bought parts of that argument three weeks ago. I’m less sure now, because the symmetry breaks at the maintainer.
Mythos can find a 17-year-old NFS bug in an afternoon. Patching that bug still requires a human reviewer who understands the kernel module, a backport across a half-dozen supported branches, distribution package builds, regression testing, and downstream rollout to operators who in many cases haven’t applied last quarter’s patches yet. The compress on the find side is real. The compress on the fix side is marginal. AI-assisted patch authoring helps a little. AI-assisted upgrade pipelines at end-user organizations help less than a little.
Project Glasswing’s bet was that giving early access to AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, and Nvidia would seed a defender advantage. That bet is mostly working inside those nine names. It is conspicuously not working at the long tail of OS distributions, networking gear vendors, and embedded software shops where the actual install base lives.
The Insurance Industry Just Started Looking at This
The thing that shifted my framing this week wasn’t a security write-up — it was the property and casualty industry waking up. P&C trade press is now openly warning about systemic cyber risk linked to Mythos, with carriers preparing to underwrite the next renewal cycle assuming the loss curve gets meaningfully worse.
That matters because cyber insurance has been the one external forcing function that consistently moves SMB security posture. Not regulation. Not best practices. The renewal questionnaire. When Travelers or Chubb or Beazley starts asking “have you remediated the FreeBSD/OpenBSD/browser-stack vulnerabilities disclosed under Project Glasswing’s coordinated process,” organizations either patch or lose coverage or get repriced. We’ve seen this movie before with ransomware. The 2021–2023 hardening cycle — MFA everywhere, EDR mandates, immutable backups — was driven primarily by underwriters, not CISOs.
I expect the next 90 days to produce a Mythos-shaped supplemental questionnaire, and SMBs that ignored the April news cycle will encounter it via their renewal in June or July. That’s the moment Mythos becomes operational reality outside the Glasswing nine.
What I’m Telling Otaris Clients
Practical posture from where I sit running through this with our SMB book:
The patch backlog you have today is not an inventory problem, it’s an exposure forecast. Every package on a deferred-update schedule is increasingly likely to have a Mythos-discovered, attacker-redeveloped vulnerability sitting in it before the 45-day public-disclosure window opens. Compress your patch SLAs now, before the questionnaire shows up.
Inventory your perimeter for the obvious targets — anything running NFS, anything terminating TCP from the public internet on legacy stacks, anything embedding browser engines. These are the package categories where Mythos disclosures are concentrating, and they’re also the categories most likely to be enumerated in carrier supplementals.
Have a defensible answer to the question “how would you know if someone exploited a zero-day in [your stack] tomorrow?” If that answer doesn’t include EDR telemetry, network anomaly detection, and a credentialed vulnerability scanner that’s actually been run this month, the answer is “we wouldn’t.”
Containment Is the Real Open Question
The piece I keep circling back to is that the public Mythos story still presumes Anthropic’s containment is holding. The Cloud Security Alliance lab notes from the last two weeks have been carefully not saying that — they’ve been documenting “containment failures” plural, and the work I covered last week on the Glasswing leak is the obvious example. If a single Mythos-class capability gets exfiltrated to a non-aligned actor, the 1% patch rate isn’t a backlog — it’s a target list.
I don’t have an answer to that. Nobody does. But the asymmetry between find and fix is the entire risk surface for May, and it gets worse, not better, while we wait.
What I’m Watching
The first CVEs hitting their 90-day disclosure deadline in July, and whether maintainers cluster their releases or stagger them. Whether the Cyber Summit on May 21 produces any concrete coordination between regulators and underwriters, or just another communique. Whether the next Anthropic Opus release ships the cybersecurity safeguards they’ve publicly committed to — and whether anyone independent gets to verify them. And whether the first publicly attributable Mythos-derived exploit lands before any of the above.
The tempo from April was exhilarating. The tempo from May is going to be exhausting.
Sources
- Project Glasswing: Securing critical software for the AI era — Anthropic
- Anthropic’s Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems — The Hacker News
- P&C industry urged to prepare for systemic risk linked to Claude Mythos — Canadian Underwriter
- Claude Mythos: AI Vulnerability Discovery and Containment Failures — Cloud Security Alliance Labs
- Claude Mythos and the AI Cybersecurity Wake-Up Call — Bain & Company
Leave a Reply