Claude Mythos Preview is a new general-purpose AI language model by Anthropic. This model performs strongly across the board, but it is especially strong at computer security tasks.
This model is not publicly available yet, but Anthropic is making it available to selected tech projects via their Project Glasswing. Through this initiative, Claude Mythos has found thousands of security vulnerabilities, including some in every major operating system and web browser.
Symfony recently teamed up with The PHP Foundation and Anthropic to build the official MCP SDK for PHP applications. That's why we reached out to some folks at Anthropic, and they were kind enough to provide us with a one-off analysis of Symfony's and Twig's code by Claude Mythos Preview.
Security Analysis Results
A few days later, and following Symfony's security disclosure process, we received a ZIP file with all their findings. In total, Claude Mythos reported 19 security vulnerabilities in Symfony and Twig codebases. The Symfony Core Team reviewed every report manually, and all 19 findings turned out to be real vulnerabilities, with no false positives.
Each vulnerability was reported in a separate file containing:
- The CWE, affected files, component, and version
- A summary of the problem with the vulnerable code highlighted
- Step-by-step exploitation instructions and impact analysis
- A reproducer
- A suggested fix
We've already fixed every one of these issues in our latest security releases. Details are available in the security advisories blog category.
The Future of Code Security
In 2011, Symfony organized a crowdfunding campaign to pay for an external security audit of Symfony code and, in 2019, Symfony set up a bug bounty program with the support of the European Commission.
In 2026, models like Claude Mythos Preview and initiatives like Project Glasswing are revolutionizing the way code security is audited. Thanks to Anthropic for giving us a chance to be part of it.
We're also grateful to every security researcher who recently reported issues to us, whether using other AI tools or through careful manual review.