Sign In
Go back

Observations on Anthropic’s Vulnerability Disclosure Ledger

Patrick Garrity

Patrick Garrity

in/patrickmgarrity/

cveai

Key Takeaways

  • Anthropic cited “thousands of high-severity vulnerabilities,” but the ledger does not include CVE-2026-4747 and still shows only 27 fixed findings, despite the dashboard announcement referencing 88 published advisories.
  • The next month will help show whether the ledger is being maintained as an active disclosure process. Ten undisclosed findings are already past Anthropic’s stated 90-day disclosure window, and 168 more will reach that mark soon.
  • Anthropic’s disclosure policy sends mixed messages. The policy references a 90-day publication window, a 45-day wait after patches, 14-day extensions and broader exceptions, which makes the practical disclosure clock less straightforward.
  • The ledger overlooks CVE/GHSA mapping and cvss metrics used to calculate severity.
  • Only 1,596 of the 23,019 vulnerability candidates have reached maintainers so far, underscoring the human effort involved in validation, disclosure coordination and remediation that still have to happen.
  • Anthropic is not the only organization facing this challenge. Its ledger is an early public example of the pressure AI-assisted vulnerability discovery could place on maintainers, PSIRTs and open source security teams.

Since the initial announcement of Anthropic Glasswing, I've been tracking vulnerabilities publicly disclosed that have been attributed to Anthropic. In that announcement, Anthropic claimed "Mythos Preview has already found thousands of high-severity vulnerabilities." I found it odd that only a single CVE discovered by Mythos was mentioned publicly in their research, so I was excited to see their first step toward transparency with the launch of the Anthropic Disclosure Ledger.

Exploring Anthropic’s Ledger

In my initial exploration of the Anthropic Ledger, I found it odd that the only CVE disclosed in Anthropic's initial Glasswing report, CVE-2026-4747, isn't listed on the disclosure ledger. And while the Glasswing vulnerability disclosure dashboard announcement claims 88 security advisories have been published, the dashboard has sat at just 27 fixed vulnerabilities and no additional findings since its launch nearly 3 weeks ago.

Forecasting Disclosures

While 27 findings have been patched and released, the 10 findings that have already passed Anthropic's 90 day disclosure policy deadline have yet to be revealed. In the next 30 days, 168 more findings will reach that 90-day deadline. Considering there have been no real updates to the ledger since launch, it will be interesting to see if Anthropic actually follows through on their disclosure policy.

Contradicting Vulnerability Disclosure Policy

Anthropic's coordinated vulnerability disclosure policy appears to contain contradicting statements. In one place it says "we aim to share details publicly with defenders after 90 days, or after a patch is released, whichever comes first." In another it says, "Once a patch is available, we would generally wait 45 days before publishing full technical details."

The policy also includes a host of caveats that carve out exceptions: a 14 day extension can be granted if a vendor or maintainer is engaged and making progress toward a fix as the 90 day deadline approaches, and in extenuating circumstances Anthropic reserves the right to adjust deadlines entirely. I'm not trying to be overly critical, but the lack of updates to the ledger in the first three weeks is worth calling out.

Patches Pre-Dating Reporting Timeline

Another observation worth noting is that there are several instances across the ledger where a patch appears to have been released before the vulnerability was even reported to the maintainer. This could mean the maintainer was already aware of and had fixed the vulnerability independently, but it may also highlight research collisions similar to what we saw with an OpenSSL vulnerability, where AISLE discovered and provided a fix well before Anthropic reported it.

Example: https://red.anthropic.com/2026/cvd/findings/ANT-2026-DJBBBBPE

Incomplete CVE attribution

Only 14 of the vulnerabilities in the Anthropic ledger have a CVE associated with them in the ledger, however all of them do have a CVE. For example, the Ghost vulnerability disclosed by Anthropic as finding ANT-2026-H5T8XKWR has CVE-2026-26980 listed on its GitHub security advisory.

Example: https://red.anthropic.com/2026/cvd/findings/ANT-2026-H5T8XKWRhttps://github.com/TryGhost/Ghost/security/advisories/GHSA-w52v-v783-gw97 CVE-2026-26980

Why are CVSS vectors omitted from the ledger?

Anthropic's ledger update acknowledges that Claude overestimated the severity of vulnerabilities it discovered compared to third party manual assessments, but it doesn't mention CVSS as the basis for determining severity. It's also odd that the ledger includes severity ratings from Claude, a security research firm, and the maintainer, yet provides no base metrics to explain how those ratings were calculated. This omission makes it impossible to assess what factors might be driving Claude's inflated scores. Worth noting too that CVSS isn't mentioned anywhere in the report, leaving open the possibility that different methodologies or standards were used across assessments. Anthropic should be publishing the metrics used to determine severity.

What about the 20,000+ other candidates?

Anthropic validated and reported 467 findings out of 23,000, with an additional 1,129 findings reported without validation at the maintainer's request. If it took roughly 60 days to send 1,596 findings, just 6.9% of the total, to maintainers, it puts the resource limitations around validating, reporting, and fixing AI-discovered vulnerabilities at this scale into sharp relief. At that pace it would take approximately 2.4 years to work through the backlog. During that time it's reasonable to expect other AI-assisted researchers will independently discover and report many of the same vulnerabilities. The more unsettling question is how many of those findings will be discovered and actively exploited by adversaries before Anthropic ever gets to them.

It's worth noting that not all 23,019 candidates would necessarily be reported, as many may not survive triage or validation. Even so, if the 21,000+ remaining candidates convert at a similar rate to what we've seen so far, the backlog challenge doesn't get meaningfully smaller.

Resource Limitations Related to Coordinated Vulnerability Disclosure

The challenges Anthropic is facing with coordinated disclosure closely mirror what VulnCheck is hearing from PSIRTs and the open source community, both of which are being overwhelmed with vulnerability reports. It also aligns with the recent Executive Order on Promoting Advanced Artificial Intelligence Innovation and Security, as well as the senior leader perspective published in The Cyber Defense Review, "Responsible Disclosure in the Age of AI: A Call for Urgent Action."

The Industry Challenges Ahead

The ledger is a meaningful first step and transparency is hard, especially at this scale. But first steps only matter if they're followed through on. The security community is watching, and the next 30 days will be the real test as 168 findings hit the 90 day deadline. Whether Anthropic follows through on its disclosure policy will say a lot about whether the ledger is a genuine commitment or just a footnote.

These challenges aren't unique to Anthropic though. They're a preview of what the entire security ecosystem is about to face as AI-assisted vulnerability discovery scales across the industry. The question of how to validate, disclose, and remediate findings at machine speed with human processes is one the community hasn't solved yet. Anthropic is just the first organization doing it publicly enough to examine. How they handle what comes next matters well beyond their own ledger.

About VulnCheck

VulnCheck is helping organizations not just to solve the vulnerability prioritization challenge - we’re working to help equip any product manager, CSIRT/PSIRT or SecOps team and Threat Hunting team to get faster and more accurate with infinite efficiency using VulnCheck solutions.

We knew that we needed better data, faster across the board, in our industry. So that’s what we deliver to the market. We’re going to continue to deliver key insights on vulnerability management, exploitation and major trends we can extrapolate from our dataset to continuously support practitioners.

Are you interested in learning more? If so, VulnCheck's Exploit & Vulnerability Intelligence has broad threat actor coverage. Register and demo our data today.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.
  • Vulnerability Prioritization
    Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
  • Early Warning System
    Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.
Schedule a Demo