Cisco has publicly praised its AI model ‘Mythos’ for its performance in automated vulnerability discovery but has declined to disclose the number of bugs it actually found. Separately, Anthropic has expanded its Project Glasswing initiative by adding 150 new partners, signalling growing industry investment in AI-driven security tooling. The opacity around Mythos’ results raises questions about transparency and how organisations should evaluate AI security claims.

Architect’s Take: Treat vendor claims about AI-driven vulnerability discovery with scepticism until independently verifiable metrics are published — when evaluating AI security tooling, demand concrete, auditable outputs such as CVE counts, false-positive rates, and coverage scope before committing to any platform.

Original advisory: Cisco sings Mythos’ praises - but doesn’t say how many bugs the model uncovered