Seal Security Launches Mythos Readiness Program to Close the "Silent Patch Gap" Between Fix Commits and CVE Advisories

News provided by

Seal Security

Apr 16, 2026, 09:03 ET

Research shows 94% of CVE fix commits are pushed publicly before the advisory - a median 11-day window in which attackers can now weaponize a bug in minutes using frontier AI agents. The program offers 50 companies outside Anthropic's Glasswing partnership the tooling and implementation support to close that gap.

BOSTON, April 16, 2026 /PRNewswire/ -- Seal Security today announced the Mythos Readiness Program, a limited-availability initiative for enterprises that are not part of Anthropic's private Project Glasswing review of Claude Mythos Preview. The program follows new Seal research showing that the coordinated-disclosure process, long considered the bedrock of responsible vulnerability handling, now systematically leaks exploit primitives to attackers.

Seal's analysis of public commit activity across more than 100,000 JavaScript repositories since January 2026, and a careful examination of historical security fix commits and CVEs data across all programming languages found:

  • 94% of CVEs have a public fix commit before the official advisory is published.
  • The median patch gap between the fix commit and the advisory is 11 days; for critical-severity CVEs, it rises to 30 days.
  • Ecosystems vary by up to 80x. npm ships in a median of 8 days; Maven takes 167.
  • When a blind Sonnet 4.6 agent was given only the parent-to-fix diff - no CVE identifier, no advisory text, no human in the loop - it produced 97 working exploit proofs-of-concept within minutes per bug.
  • 99% of security fixes can be applied surgically without breaking code changes

"Coordinated disclosure assumed the fix commit was a harmless implementation detail and the advisory was the signal attackers followed," said Itamar Sher, CEO at Seal Security. "That assumption held when turning a diff into a working exploit took a skilled human hours to days per bug, and the whole process was like finding a needle in a haystack. It does not hold anymore. Even before Mythos, every company is now on the wrong side of a clock that's already running."

The Mythos Readiness Program gives 50 companies that apply:

  • Full access to the Seal Security platform, which monitors the open-source commit stream for security-relevant changes and delivers standalone security patches to agentic pipelines ahead of the advisory.
  • Dedicated implementation support from Seal engineers, including custom integrations.
  • No upgrade required, no supply-chain risk from malicious public repo takeover, and no long-term vendor lock.

The program opens today and runs through the Anthropic 100-day defender window.

About Seal Security

Seal Security delivers standalone security patches for open-source dependencies directly into enterprise agentic pipelines, triggered by upstream fix commits rather than CVE advisories. Seal customers receive the same fixes, weeks earlier, without requiring disruptive library upgrades.

Program application: https://news.seal.security/the-silent-patch-gap.

SOURCE Seal Security

21%

more press release views with 
Request a Demo

Also from this source

Seal Security Introduces a Fully Autonomous Agent for Open Source Vulnerability Remediation

Seal Security, the company focused on fixing open source vulnerabilities in place, today announced a new autonomous agentic capability that enables...

Seal Security Joins Wiz Integration Network (WIN) to Deliver Hardened Container Base Images for Seamless Vulnerability Remediation

Seal Security, today announces its partnership with leading cloud security provider Wiz and joins the Wiz Integration Network (WIN). This partnership ...
More Releases From This Source

Explore

Computer & Electronics

Computer & Electronics

Computer Software

Computer Software

Computer Software

Computer Software

High Tech Security

High Tech Security

News Releases in Similar Topics