Anthropic's Claude Mythos finds 19 real Symfony flaws
Key insights
- Claude Mythos audited Symfony autonomously and all 19 reported vulnerabilities were confirmed real by the Symfony Core Team.
- Confirmed CVEs include arbitrary PHP code execution (CVE-2026-46640) and a SourcePolicy sandbox escape via template name synthesis.
- A 100% precision rate on a mature production framework sets a new public benchmark for AI-driven security auditing.
Why this matters
A zero-false-positive audit on a complex, battle-hardened open-source framework signals that frontier AI has crossed a meaningful capability threshold for autonomous security research, not just assisted code review. For security teams and platform vendors, this changes the calculus on AI-augmented auditing budgets: the bottleneck shifts from model accuracy to scope definition and disclosure workflows. For Anthropic, publishing this result before Mythos is generally available is a deliberate capability signal to enterprise buyers evaluating AI for high-stakes technical work.
Summary
Anthropic's unreleased Claude Mythos model just ran an autonomous security audit on Symfony, one of the most widely deployed PHP frameworks in production web infrastructure, and reported 19 vulnerabilities. The Symfony Core Team manually reviewed every finding and confirmed all 19 were real, with zero false positives.
The confirmed issues are not trivial. They include arbitrary PHP code execution through macro-reference compilation (CVE-2026-46640), a sandbox escape in SourcePolicy via synthesized template names in the Twig templating engine, and an OidcTokenHandler that accepted JWTs missing the aud, iss, and exp claims entirely.
Essentially: (Anthropic, Symfony) produced the clearest real-world benchmark yet for frontier AI as a production security auditor.
- 100% precision rate across a complex, mature open-source codebase with no noise introduced
- Vulnerabilities span code execution, sandbox escape, and authentication bypass, not just low-severity findings
- The audit was autonomous, meaning no human guided the model toward known problem areas
The result reframes what AI security tooling can credibly claim: not a scanner that flags probable issues for human triage, but a system that delivers confirmed, actionable CVEs.
Potential risks and opportunities
Risks
- Symfony-dependent platforms (Laravel ecosystem projects, Drupal installations, enterprise PHP SaaS vendors) face unpatched exposure windows if CVE disclosure outpaces their patch cycles before fixes are widely distributed
- Anthropic publishing a zero-false-positive audit benchmark invites adversarial use: threat actors could use the same or similar models to autonomously identify exploitable CVEs in other major frameworks before defenders patch them
- If Claude Mythos audit capabilities become available via API before robust disclosure norms are established, coordinated vulnerability discovery at scale could overwhelm CERT and OSS maintainer response capacity within months of release
Opportunities
- OSS security foundations (OpenSSF, Linux Foundation) could commission Mythos-style audits on high-value projects like OpenSSL, curl, or CPython, converting AI capability into systematic infrastructure hardening
- Managed security service providers (NCC Group, Trail of Bits, Cure53) can reposition AI-assisted audit offerings around precision guarantees rather than speed, capturing enterprise clients requiring defensible CVE documentation
- Cyber insurance underwriters (Coalition, Resilience) gain a credible new input for PHP-stack risk pricing, and could offer premium discounts tied to AI audit certification as a policy condition
What we don't know yet
- Whether Anthropic has disclosed the full vulnerability list to affected downstream projects that depend on Symfony or Twig before public CVE publication
- What the audit's recall rate was -- the 100% precision figure is confirmed, but how many real vulnerabilities Mythos missed in Symfony remains unpublished
- Whether Mythos was given any prior context about Symfony's architecture or ran entirely cold with only the source code as input
Originally reported by symfony.com
Read the original article →Original headline: Claude Mythos Audited Symfony and Found 19 Vulnerabilities — All Real, Zero False Positives