What it is
This profile covers public disclosures that credit Claude or Anthropic Research without pinning the entry to Claude Mythos Preview by name. It includes researcher-in-the-loop and collaborator workflows, not only autonomous model runs.
What is verified
The current ledger records four high-confidence clusters:
- Apache ActiveMQ CVE-2026-34197, where Horizon3.ai’s primary finder write-up names Claude in the discovery workflow and Apache/NVD corroborate the accepted vulnerability, affected versions, fix, and CISA KEV status.
- Mozilla Firefox 148 and 149 CVEs credited to researchers using Claude from Anthropic, with Anthropic tying the Firefox 148 collaboration to Claude Opus 4.6.
- Two FreeBSD April 2026 kernel advisories directly credited to Nicholas Carlini using Claude, Anthropic.
- Calif.io MADBugs NGINX and wolfSSL findings credited to Calif.io in collaboration with Claude and Anthropic Research.
What is not counted
Vulnerabilities in Anthropic’s own products, such as Claude Code or MCP-related issues, are not counted here because they are AI-product attack-surface issues, not AI-attributed discoveries in third-party software. Embargoed Project Glasswing claims also stay out until public advisories or CVE records exist.