# Claude Mythos Preview 发布前后，严重漏洞披露数量激增

- 来源：Hacker News 热门（buzzing.cc 中文翻译）
- 作者：cubefox
- 发布时间：2026-07-04 17:11
- AIHOT 分数：66
- AIHOT 链接：https://aihot.virxact.com/items/cmr65cd45001jslf0uv2tmc2d
- 原文链接：https://epoch.ai/data-insights/cve-severity-spike

## AI 摘要

2026 年 6 月，知名组织发布了约 1500 个高/严重等级的 CVE，是 Mythos Preview 发布前月纪录的 3.5 倍以上。Anthropic 的 Project Glasswing 迄今已发现超过 1 万个高/严重漏洞，OpenAI 也通过 Daybreak 产品开展了类似的安全加固工作。数据来自 Epoch AI 对 cve.org 公开记录的分析。

## 正文

Epoch's work is free to use, distribute, and reproduce provided the source and authors are credited under the Creative Commons BY license.

Learn more about this graph

In April 2026, Anthropic announced that its latest internal model (Claude Mythos Preview) was capable of autonomous cybersecurity vulnerability discovery and exploitation. Since then, both Anthropic and OpenAI have launched efforts to use frontier models to harden critical software before malicious actors are able to use the same models for harm.

We show that the number of Common Vulnerabilities and Exposures (CVEs) jumped significantly following these announcements. Compared to the previous monthly record before the Mythos Preview announcement, the number of high- and critical-severity vulnerabilities increased more than 3.5x in June.

Data

Our Cyber Vulnerability Reports hub visualizes data from cve.org, a public repository of CVE reports from software companies and third-party security researchers. We focus our analysis on CVEs reported by 21 notable organizations to avoid capturing noisy submissions from less reputable sources. These notable organizations include:

Microsoft · Google · Apple · Adobe · Oracle · Cisco · IBM · Red Hat · Intel · AMD · NVIDIA · Qualcomm · Samsung · SAP · Amazon (AWS) · VMware (Broadcom) · GitHub (own products) · Linux · Mozilla · Apache · OpenSSL

Assumptions and limitations

Our figures come from publicly disclosed vulnerabilities, which do not include discovered but not publicly disclosed vulnerabilities. Anthropic claims that their Project Glasswing alone has identified over 10,000 high- and critical-severity vulnerabilities.

While some of the increase in observed vulnerability disclosure is almost certainly due to increased feasibility of discovery, the spike may also be caused in part by an increase in the amount of interest in discovering bugs.

Download this data

Monthly high- and critical-severity CVEs from 21 notable organizations

CSV, Updated Jul. 2, 2026
