Anthropic Built a Machine That Finds Bugs Faster Than the World Can Credit Them

That is the attribution gap, according to VulnCheck, an independent security research firm that audited the CVE database. An AI is finding vulnerabilities in foundational open-source infrastructure that humans have missed for years — and the official record designed to track exactly that is structurally unable to record the AI's contribution. A 27-year-old OpenBSD TCP SACK vulnerability, a 16-year-old FFmpeg bug that survived five million automated fuzzing runs, and a 17-year-old FreeBSD NFS remote-code-execution flaw all exist in the CVE record under human names. Glasswing's name appears once.

The gap is not a failure of intent. Anthropic has committed up to $100 million in usage credits and $4 million in direct donations to open-source security through Project Glasswing. It built a public disclosure dashboard. It follows the 90-day industry standard disclosure window. And it is publishing the results. The gap is structural: the CVE system — the official ledger that defenders, CISOs, and security researchers rely on to understand what is actually being found and fixed — was not designed to absorb what Mythos Preview is producing.

The CVE record is the plumbing of the vulnerability economy. Bug bounties are paid against it. CVSS severity scores are calculated from it. Security product procurement is evaluated against it. If an AI finds a critical remote-code-execution flaw in a widely-deployed library and the CVE record does not mention the AI by name, the AI's contribution to internet security is effectively invisible — even if that flaw was a 27-year-old OpenBSD TCP SACK vulnerability that every prior audit missed.

FIRST, the organization that coordinates CVE assignment globally, revised its 2026 vulnerability forecast the same week Anthropic's dashboard went live, projecting approximately 68,000 CVEs for the year, 46.3 percent above its original estimate. GitHub reported a 224 percent increase in vulnerability reports over the preceding three months. Cisco's security team noted that the CVE program, now 27 years old, was designed when the security community measured vulnerability disclosures in the hundreds per year. The median 2026 forecast is 59,000.

The cURL maintainer, Daniel Stenberg, told NPR that he received 185 bug reports in 2025. Less than 5 percent were actual security problems. The rest were AI-generated noise: plausible-looking crash reports that did not survive triage. This is the patch-side version of the same problem. AI can find more than the world can absorb.

Anthropic is not alone in this. Microsoft patched more than 500 vulnerabilities in the first five months of 2026, on pace to break its annual record. The NSA has been briefing Congress on AI-assisted vulnerability discovery. The EU has been negotiating access to Anthropic's model for its own evaluation programs. What Anthropic's dashboard does, for the first time, is put a public number on the gap between what AI can find and what the disclosure infrastructure can process.

The attribution gap is not unique to Anthropic. Fewer than 200 CVEs globally currently credit AI or LLM-assisted discovery, even as the volume of AI-found vulnerabilities surges. The CVE format was built for a world where a named researcher found a bug, filed a report, and received credit. It is not built for a world where a model finds 23,019 potential vulnerabilities and a small team of human triage reviewers filters them at 90 percent accuracy.

What Glasswing has found is real. A 27-year-old OpenBSD TCP SACK vulnerability. A 16-year-old FFmpeg bug that survived five million automated fuzzing runs. A 17-year-old remote code execution flaw in FreeBSD's NFS server granting unauthenticated root access to any internet-connected attacker. These are not marginal findings. They are foundational infrastructure bugs that evaded decades of human security work.

The question is not whether Mythos Preview works. It does. The question is what happens to the security ecosystem when its most prolific bug-finding engine is also its most invisible contributor to the official vulnerability record. If the CVE system cannot absorb and credit AI-scale discovery, the system that ties vulnerability findings to patches, bounties, and downstream fixes will continue to lag behind what AI is actually producing.

Anthropic has the data. It is publishing the data. The disclosure ledger, the dashboard, the triage partnerships, the funding commitments: all of it is designed to make the system work better. What the CVE system does with that data, how it credits what Glasswing finds, and whether it can scale to absorb AI-era vulnerability volumes, is the question the security community has not yet answered. What to watch: whether FIRST's revised forecast triggers a structural reform of the CVE program itself, or whether AI-generated vulnerability volumes simply become the new background noise the system learns to absorb.