ADVERTISEMENT

“Developers are not engineers:” Why Anthropic’s Mythos and other AI tools expose gaps in vulnerability reporting

AI systems designed to discover software flaws at scale are beginning to outpace the classification and disclosure of vulnerabilities. New research and early data from the Mythos program have highlighted gaps in how findings are reported, attributed, and tracked.

anthropic vuln disclosure

Image by Cybernews

Ann-Marie Corvin
Ann-Marie Corvin Senior Journalist
Apr 16, 2026 Updated: 16 April 2026 5 min read
Key takeaways:
Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News
Add us as your Preferred Source on Google.

Anthropic’s MCP agent framework: Flaw or expected behavior?

Anthropic Claude
Ox reported a flaw in Anthropic’s Model Context Protocol, but claims that fell on deaf ears. Image by Cybernews

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands.
18,611,353,922
Breached accounts
36,030
Breached websites
“We repeatedly tried to convince Anthropic to patch their code in ways that would instantly protect millions of users. They declined each time.”
OX Security
ADVERTISEMENT
"Developers are not security engineers; we cannot expect tens of thousands of implementers to independently discover and mitigate a flaw that is baked into the official SDKs they trust.”
OX Security

Johns Hopkins: AI-powered coding is surfacing bugs faster than the reviewers can verify

Hackers trying Claude, Gemini, ChatGPT
New study of agentic coding assistants found widespread instances of prompt-injection and tool-use flaws, but they remain undisclosed despite bounties paid.

Project Glasswing early data: the difficulty of tracking results

Anthropic Claude Mythos
A recent review of CVE records to identify vulnerabilities linked to Anthropic’s work found only a limited number of entries that could plausibly be connected to Mythos.

Disclosure pipelines under pressure

“We’re facing a double whammy - new vulnerabilities and poorer discoverability."
Ikka Turunen, field CTO at Sonatype

ADVERTISEMENT