TL;DR
Anthropic's new Claude Mythos Preview model can autonomously discover and exploit zero-day vulnerabilities in major operating systems, browsers, and open-source software, marking a significant capability leap.
Key Points
- Mythos Preview achieved 181 working exploits on Firefox vulnerabilities vs. Opus 4.6's 2 out of several hundred attempts
- Model found tier-5 control flow hijacks on 10 fully patched targets; previous models achieved only single tier-3 crashes
- Discovered zero-days in every major OS and browser, including a 27-year-old patched OpenBSD bug; 99%+ of findings remain unpatched
- Non-security experts can request overnight vulnerability discovery; model autonomously chains multiple exploits (JIT heap sprays, ROP chains, sandbox escapes)
Why It Matters
This represents a watershed moment for cybersecurity: AI-driven autonomous vulnerability discovery and exploitation is now reality, forcing the industry to accelerate defensive practices and coordinated patching before these capabilities become widely available. The transitional period could favor attackers, making responsible disclosure and rapid patching critical for defenders.
Source: red.anthropic.com