{"id":30,"date":"2026-04-30T20:41:44","date_gmt":"2026-04-30T20:41:44","guid":{"rendered":"https:\/\/inhochoi.com\/index.php\/2026\/04\/30\/the-patch-deficit-one-month-into-mythos-less-than-1-has-been-fixed\/"},"modified":"2026-04-30T20:41:44","modified_gmt":"2026-04-30T20:41:44","slug":"the-patch-deficit-one-month-into-mythos-less-than-1-has-been-fixed","status":"publish","type":"post","link":"https:\/\/inhochoi.com\/index.php\/2026\/04\/30\/the-patch-deficit-one-month-into-mythos-less-than-1-has-been-fixed\/","title":{"rendered":"The Patch Deficit: One Month Into Mythos, Less Than 1% Has Been Fixed"},"content":{"rendered":"

Today is May 1, 2026 \u2014 roughly twenty-five days since Anthropic announced Claude Mythos Preview and Project Glasswing, and the story has quietly stopped being about discovery. The find rate was the headline in April. The patch rate is the headline now, and the gap between the two is what I’d argue every defender, regulator, and insurer should be staring at this morning.<\/p>\n

The number that’s been bothering me all week: less than 1% of the high-severity vulnerabilities Mythos surfaced across major operating systems and browsers are fully patched. That figure has been floating around analyst notes and security write-ups for the past two weeks, and nobody is contesting it. We have a model that found thousands<\/em> of severe issues \u2014 and a maintainer ecosystem that, by even charitable counts, has closed a few dozen.<\/p>\n

That’s the actual Mythos story for May. Not capability. Throughput.<\/p>\n

The 99% That’s Still Open<\/h2>\n

Let’s anchor in the specifics that have been disclosed publicly. CVE-2026-4747 \u2014 a 17-year-old unauthenticated RCE in FreeBSD’s NFS server, where Mythos autonomously built a 20-gadget ROP chain split across multiple network packets. A 27-year-old signed integer overflow in OpenBSD’s SACK TCP implementation that crashes any host that receives the right packet. These are not academic. These are dial-tone-of-the-internet bugs that Mythos chained working exploits for, and they are representative \u2014 not exceptional \u2014 of what’s now sitting in disclosure queues.<\/p>\n

Anthropic’s stated discipline is 90-day notification timelines and a 45-day post-patch window before publishing technical detail. Do the math from April 7. The earliest of those 90-day clocks expires on July 6. By August, technical writeups for the first wave of unpatched bugs become public regardless of patch status, and the calculus of “wait for the vendor” stops working.<\/p>\n

The defender’s job between now and then is to close as much of that 99% as possible. The sober assessment from where I sit is that they will not.<\/p>\n

Why Maintainer Throughput Doesn’t Scale<\/h2>\n

The optimistic frame on Mythos was always: capabilities are symmetric, defenders get the same uplift attackers do<\/em>. I bought parts of that argument three weeks ago. I’m less sure now, because the symmetry breaks at the maintainer.<\/p>\n

Mythos can find a 17-year-old NFS bug in an afternoon. Patching that bug still requires a human reviewer who understands the kernel module, a backport across a half-dozen supported branches, distribution package builds, regression testing, and downstream rollout to operators who in many cases haven’t applied last quarter’s patches yet. The compress on the find side is real. The compress on the fix side is marginal. AI-assisted patch authoring helps a little. AI-assisted upgrade pipelines at end-user organizations help less than a little.<\/p>\n

Project Glasswing’s bet was that giving early access to AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, and Nvidia would seed a defender advantage. That bet is mostly working inside<\/em> those nine names. It is conspicuously not working at the long tail of OS distributions, networking gear vendors, and embedded software shops where the actual install base lives.<\/p>\n

The Insurance Industry Just Started Looking at This<\/h2>\n

The thing that shifted my framing this week wasn’t a security write-up \u2014 it was the property and casualty industry waking up. P&C trade press is now openly warning about systemic cyber risk linked to Mythos, with carriers preparing to underwrite the next renewal cycle assuming the loss curve gets meaningfully worse.<\/p>\n

That matters because cyber insurance has been the one external forcing function that consistently moves SMB security posture. Not regulation. Not best practices. The renewal questionnaire. When Travelers or Chubb or Beazley starts asking “have you remediated the FreeBSD\/OpenBSD\/browser-stack vulnerabilities disclosed under Project Glasswing’s coordinated process,” organizations either patch or lose coverage or get repriced. We’ve seen this movie before with ransomware. The 2021\u20132023 hardening cycle \u2014 MFA everywhere, EDR mandates, immutable backups \u2014 was driven primarily by underwriters, not CISOs.<\/p>\n

I expect the next 90 days to produce a Mythos-shaped supplemental questionnaire, and SMBs that ignored the April news cycle will encounter it via their renewal in June or July. That’s the moment Mythos becomes operational reality outside the Glasswing nine.<\/p>\n

What I’m Telling Otaris Clients<\/h2>\n

Practical posture from where I sit running through this with our SMB book:<\/p>\n

The patch backlog you have today is not an inventory problem, it’s an exposure forecast<\/em>. Every package on a deferred-update schedule is increasingly likely to have a Mythos-discovered, attacker-redeveloped vulnerability sitting in it before the 45-day public-disclosure window opens. Compress your patch SLAs now<\/em>, before the questionnaire shows up.<\/p>\n

Inventory your perimeter for the obvious targets \u2014 anything running NFS, anything terminating TCP from the public internet on legacy stacks, anything embedding browser engines. These are the package categories where Mythos disclosures are concentrating, and they’re also the categories most likely to be enumerated in carrier supplementals.<\/p>\n

Have a defensible answer to the question “how would you know if someone exploited a zero-day in [your stack] tomorrow?” If that answer doesn’t include EDR telemetry, network anomaly detection, and a credentialed vulnerability scanner that’s actually been run this month, the answer is “we wouldn’t.”<\/p>\n

Containment Is the Real Open Question<\/h2>\n

The piece I keep circling back to is that the public Mythos story still presumes Anthropic’s containment is holding. The Cloud Security Alliance lab notes from the last two weeks have been carefully not saying that \u2014 they’ve been documenting “containment failures” plural, and the work I covered last week on the Glasswing leak is the obvious example. If a single Mythos-class capability gets exfiltrated to a non-aligned actor, the 1% patch rate isn’t a backlog \u2014 it’s a target list.<\/p>\n

I don’t have an answer to that. Nobody does. But the asymmetry between find<\/em> and fix<\/em> is the entire risk surface for May, and it gets worse, not better, while we wait.<\/p>\n

What I’m Watching<\/h2>\n

The first CVEs hitting their 90-day disclosure deadline in July, and whether maintainers cluster their releases or stagger them. Whether the Cyber Summit on May 21 produces any concrete coordination between regulators and underwriters, or just another communique. Whether the next Anthropic Opus release ships the cybersecurity safeguards they’ve publicly committed to \u2014 and whether anyone independent gets to verify them. And whether the first publicly attributable Mythos-derived exploit lands before any of the above.<\/p>\n

The tempo from April was exhilarating. The tempo from May is going to be exhausting.<\/p>\n

Sources<\/h2>\n