Anthropic's Claude Mythos: The AI That Found Thousands of Zero-Days and Changed Cybersecurity Forever
Imagine waking up to discover that an artificial intelligence has found more security vulnerabilities in a few weeks than you have in your entire career. Now imagine that same AI can chain those vulnerabilities together into working exploits while you sleep. This is not science fiction. This is Claude Mythos Preview, and it is already reshaping everything we thought we knew about cybersecurity.
On April 7, 2026, Anthropic dropped a bombshell that sent shockwaves through the security community. Their newest frontier model did not just find bugs. It autonomously discovered thousands of zero-day vulnerabilities across every major operating system and web browser. It exploited vulnerabilities that had survived 27 years of human review. And it did all of this with minimal human intervention beyond an initial prompt.
What Makes Claude Mythos Different
You have probably heard claims about AI finding vulnerabilities before. Security researchers have been using machine learning to assist with bug hunting for years. But Claude Mythos represents something fundamentally different. It is not just incrementally better. It is a qualitative leap that changes the entire threat landscape.
The numbers tell a stark story. When tested against Firefox 147's JavaScript engine, Claude Opus 4.6 produced working shell exploits only twice across several hundred attempts. Mythos Preview produced 181 working exploits. That is not a 10% improvement or even a 50% improvement. That is a 90x improvement in a single generation.
On the SWE-bench Pro benchmark, which measures how well AI models can solve real software engineering tasks, Mythos scored 77.8% compared to Opus 4.6's 53.4%. In cybersecurity-specific testing on CyberGym, Mythos achieved 83.1% success at vulnerability reproduction versus 66.6% for its predecessor.
These are not incremental gains. They represent a fundamental shift in capability.
The Vulnerabilities That Survived Decades of Review
Perhaps the most chilling aspect of Anthropic's announcement is not what Mythos found, but where it found it. This AI did not just discover bugs in obscure, unmaintained codebases. It found critical vulnerabilities in some of the most heavily audited software on Earth.
The 27-Year-Old OpenBSD Bug
OpenBSD is famous for being aggressively security-hardened. It is the operating system that prides itself on having only two remote holes in the default install in over 30 years. Security researchers have been fuzzing, auditing, and attacking OpenBSD for decades.
Yet Mythos found a 27-year-old vulnerability in OpenBSD's TCP SACK implementation that allows remote attackers to crash any OpenBSD host with just two crafted packets. The bug dates back to 1998, when SACK was first implemented. It survived countless security audits, penetration tests, and fuzzing campaigns.
The vulnerability is subtle. It involves a chain of two bugs that interact through signed integer overflow on TCP sequence number comparisons. The kind of deep, contextual reasoning required to identify this flaw is exactly what makes Mythos so different from previous tools.
The 16-Year-Old FFmpeg Flaw
FFmpeg is one of the most thoroughly tested software projects in existence. It powers video processing for nearly every major service on the internet. Security researchers have written entire academic papers about fuzzing FFmpeg. The codebase has been hammered by automated testing tools for years.
Mythos found a 16-year-old vulnerability in FFmpeg's H.264 decoder. The bug involves a type mismatch between a 32-bit slice counter and a 16-bit lookup table. When a specially crafted frame contains exactly 65,536 slices, the counter collides with a sentinel value, triggering an out-of-bounds write.
Here is what makes this discovery remarkable. Fuzzers had exercised the vulnerable code path 5 million times without ever triggering the flaw. The bug was not just hidden. It was hiding in plain sight, invisible to the very tools designed to find it.
FreeBSD NFS Remote Code Execution
Perhaps the most technically impressive finding is CVE-2026-4747, a 17-year-old remote code execution vulnerability in FreeBSD's NFS server. Mythos did not just find this bug. It fully autonomously exploited it.
The exploit is sophisticated. It bypasses multiple mitigations, including stack canaries and kernel address space layout randomization. It chains together multiple techniques, including a 20-gadget ROP chain split across six sequential RPC packets. The result is unauthenticated root access from anywhere on the internet.
An independent research firm had previously shown that Opus 4.6 could exploit this same vulnerability, but only with substantial human guidance and prompting. Mythos required none. Given the same scaffold used for other vulnerability discovery tasks, it produced a complete, working exploit overnight.
How Mythos Works
Understanding how Mythos finds these vulnerabilities helps explain why it is so different from previous approaches. Anthropic used a consistent scaffold for all discovery work. A containerized environment, a Claude Code instance running Mythos Preview, and a single-paragraph prompt asking the model to find a security vulnerability.
From there, the model reads source code, forms hypotheses, validates them against running targets, and outputs a bug report with proof-of-concept exploit and reproduction steps. Human involvement ends at the initial prompt.
The model does not just pattern-match against known vulnerability types. It reasons about code semantics, understands the relationship between different components, and can chain together multiple vulnerabilities into complete exploit chains. It can identify logic vulnerabilities that traditional tools miss entirely because they do not involve memory corruption.
Critically, these capabilities were not explicitly trained into the model. Anthropic's researchers note that exploit proficiency emerged as a downstream consequence of broader improvements in code reasoning and agentic autonomy. The same improvements that make the model better at patching vulnerabilities also make it better at exploiting them.
Project Glasswing: A Defensive Coalition
Recognizing the dual-use nature of these capabilities, Anthropic has taken the unprecedented step of canceling the public launch of Mythos. Instead, they have assembled Project Glasswing, a restricted defensive initiative that gives Mythos Preview access to a limited group of critical infrastructure operators and open-source developers.
The coalition includes tech heavyweights like Amazon Web Services, Apple, Cisco, CrowdStrike, Google, Microsoft, NVIDIA, and Palo Alto Networks. Anthropic has committed up to $100 million in usage credits for defensive security work. They have also donated $4 million to open-source security groups including the Linux Foundation and Apache Software Foundation.
The goal is clear. Use Mythos to secure critical systems before models with similar capabilities become broadly available to attackers. Anthropic has committed to a public findings report within 90 days, landing in early July 2026.
What This Means for Defenders
The implications of Claude Mythos for cybersecurity are profound and multifaceted. Here is what security teams need to understand about the new landscape.
The Detection Ceiling Has Been Raised
Traditional security tools have a detection ceiling. Static analysis tools miss logic flaws that require semantic reasoning. Fuzzers miss vulnerabilities that require specific conditions to trigger. Penetration testers are time-boxed and scope-limited.
Mythos operates above this ceiling. It can reason about code semantics in ways that static analysis cannot. It can identify vulnerabilities that fuzzers miss even after millions of attempts. And it can work autonomously,δΈεζΆι΄ιεΆ.
As Merritt Baer, CSO at Enkrypt AI and former Deputy CISO at AWS, noted: "What security leaders actually mean is: we have exhaustively scanned for what our tools know how to see. That's a very different claim."
Vulnerability Chaining Changes Everything
One of Mythos's most significant capabilities is its ability to chain multiple vulnerabilities together into complete exploits. This is not just about finding more bugs. It is about understanding how bugs interact.
CVSS scores individual vulnerabilities in isolation. But Mythos exposes that risk is increasingly graph-shaped, not point-in-time. A low-severity information disclosure vulnerability becomes critical when it enables a KASLR bypass that makes a separate buffer overflow exploitable.
Security programs that do not adapt from coverage thinking to interaction thinking will keep reporting green dashboards while sitting on red attack paths.
The Exploitation Window Is Collapsing
The time between vulnerability disclosure and exploitation has been shrinking for years. The CrowdStrike 2026 Global Threat Report documents a 29-minute average eCrime breakout time, 65% faster than 2024.
Mythos accelerates this trend dramatically. Attackers can now use AI to reverse engineer patches within hours of release. The traditional patching cycle, where defenders take weeks or months to deploy fixes, is no longer viable.
As Mike Riemer, Field CISO at Ivanti, noted: "Threat actors are reverse engineering patches, and the speed at which they're doing it has been enhanced greatly by AI. They're able to reverse engineer a patch within 72 hours. So if I release a patch and a customer doesn't patch within 72 hours of that release, they're open to exploit."
The July Patch Tsunami
Over 99% of the vulnerabilities Mythos has identified have not yet been patched. Anthropic's public Glasswing report lands in early July 2026. It will trigger a high-volume patch cycle across operating systems, browsers, cryptography libraries, and major infrastructure software.
Security directors who have not expanded their patch pipeline, re-scoped their bug bounty programs, and built chainability scoring by then will absorb that wave cold. July is not a disclosure event. It is a patch tsunami.
What Security Teams Should Do Now
The transition to an AI-driven security landscape is not optional. Here are concrete steps security teams should take immediately.
Deploy Current Frontier Models for Vulnerability Discovery
Opus 4.6 and comparable models already find high- and critical-severity bugs across open-source targets, web applications, cryptography libraries, and the Linux kernel. Organizations that have not adopted AI-assisted bug hunting are leaving findings on the table and potentially leaving them for adversaries to find first.
Compress Patch Cycles
Organizations should tighten patching enforcement windows, enable auto-update where feasible, and treat dependency bumps carrying CVE fixes as urgent rather than routine maintenance. Out-of-band patching processes may need to become standard rather than exceptional.
Extend AI Tooling Beyond Bug Finding
Current models can triage reports, deduplicate findings, draft patch proposals, review pull requests for security issues, analyze cloud configurations, and support incident response documentation. Automation of these workflows reduces human bottlenecks as discovery volume increases.
Reassess Friction-Based Defenses
Mitigations whose security value derives primarily from making exploitation tedious rather than technically impossible may be significantly weaker against model-assisted adversaries operating at scale and low cost. Hard barriers such as KASLR, W^X, and memory-safe language adoption remain valuable.
Update Vulnerability Disclosure Policies
Programs designed around individual researcher findings may need restructuring to manage the volume that AI-driven pipelines can generate. Anthropic itself contracted professional human validators to triage its own disclosure queue before sending reports to maintainers.
The Broader Implications
Beyond immediate operational concerns, Claude Mythos raises fundamental questions about the future of cybersecurity.
The Democratization of Exploit Development
Historically, finding and exploiting zero-day vulnerabilities required specialized expertise, significant time investment, and substantial resources. Mythos changes this equation. Engineers with no formal security training can ask the model to find vulnerabilities overnight and wake up to working exploits.
This democratization cuts both ways. Defenders can use these capabilities to find and fix vulnerabilities before attackers do. But attackers will eventually have access to similar tools. The advantage will belong to whoever can deploy these capabilities most effectively.
The Open Source Security Challenge
Open-source software powers the modern internet, but it is often maintained by underfunded, overstretched volunteers. The volume of vulnerabilities that AI can now discover threatens to overwhelm open-source maintainers.
Anthropic's $4 million donation to open-source security groups is a recognition of this challenge. But it is only a down payment on what will be needed to secure the open-source ecosystem in an age of AI-driven vulnerability discovery.
The Accountability Gap
As AI systems become more capable of autonomous security research, questions of accountability become more complex. If an AI finds a vulnerability and a human uses it maliciously, who bears responsibility? If an AI-generated exploit causes harm, how do we trace accountability?
These are not abstract philosophical questions. They are immediate practical concerns that the security community, legal system, and policymakers will need to address.
Looking Ahead
Anthropic has described the current moment as a disruption of the security equilibrium that has prevailed for roughly 20 years. They express confidence that AI-driven defense will eventually dominate, producing a net improvement in software security across the industry. But they are direct about the difficulty of the transitional period.
The company has stated it has no plans to make Mythos publicly available, citing the severity of its offensive capabilities. But the capabilities Mythos demonstrates will not remain exclusive to Anthropic indefinitely. Other AI labs are undoubtedly pursuing similar research. Open-source models will eventually catch up.
Wiz's security researchers estimate that it will take roughly 12-18 months before capabilities similar to Mythos reach open-source models that anyone can run locally without restrictions. From that point forward, we should assume that malicious actors will be able to use AI models to discover and weaponize zero-day vulnerabilities at scale.
This gives defenders a narrow window to prepare. The organizations that use this time wisely, building AI-powered security into their operations and hardening their systems against the coming wave, will have a meaningful advantage. Those that do not will find themselves facing attackers equipped with capabilities that were science fiction just months ago.
Frequently Asked Questions
What is Claude Mythos?
Claude Mythos is a frontier AI model developed by Anthropic that can autonomously discover and exploit zero-day vulnerabilities in software. Unlike previous models that could identify vulnerabilities but rarely exploit them, Mythos can find bugs, develop working exploits, and chain multiple vulnerabilities together without human intervention beyond an initial prompt.
How many vulnerabilities has Mythos found?
Anthropic has reported that Mythos has identified thousands of zero-day vulnerabilities across every major operating system and web browser. Over 99% of these vulnerabilities have not yet been patched and are undergoing responsible disclosure.
Is Mythos publicly available?
No. Anthropic has canceled plans for a public release due to the model's dangerous capabilities. Instead, they have launched Project Glasswing, which provides restricted access to critical infrastructure operators and open-source developers for defensive security work.
What is Project Glasswing?
Project Glasswing is a defensive coalition assembled by Anthropic that includes major tech companies like AWS, Apple, Cisco, CrowdStrike, Google, Microsoft, and others. The initiative provides up to $100 million in usage credits for using Mythos to secure critical software before similar capabilities become broadly available to attackers.
When will the vulnerabilities be disclosed?
Anthropic has committed to a public findings report within 90 days of the April 7, 2026 announcement, landing in early July 2026. Individual vulnerabilities are being disclosed to affected vendors through responsible disclosure processes.
How does Mythos compare to previous AI security tools?
Mythos represents a qualitative leap in capability. On Firefox 147 exploit writing, Mythos succeeded 181 times versus 2 for Claude Opus 4.6, a 90x improvement. It can find vulnerabilities that have survived decades of human review and automated testing, and it can autonomously develop sophisticated exploits that previously required expert human researchers.
What should security teams do to prepare?
Security teams should deploy current frontier models for vulnerability discovery, compress patch cycles to 72 hours or less, extend AI tooling to triage and remediation workflows, reassess friction-based defenses, and update vulnerability disclosure policies to handle AI-scale discovery volumes.
Will attackers eventually have access to similar capabilities?
Yes. While Mythos itself is restricted, the capabilities it demonstrates will eventually become available through other AI labs and open-source models. Wiz estimates 12-18 months before similar capabilities reach unrestricted open-source models.
What is the significance of the 27-year-old OpenBSD bug?
The 27-year-old OpenBSD bug demonstrates that Mythos can find vulnerabilities that have survived decades of intensive security review in one of the most security-hardened operating systems. It shows that AI-driven discovery can identify bugs that traditional methods miss entirely.
How much does it cost to find vulnerabilities with Mythos?
Anthropic reports that discovery campaigns cost roughly $10,000-$20,000 for major targets. Individual successful runs can cost under $50. This represents a dramatic reduction in the cost of vulnerability research compared to traditional human-led approaches.
Conclusion
Claude Mythos is a watershed moment for cybersecurity. It demonstrates that AI has crossed a threshold from assisting human security researchers to autonomously discovering and exploiting vulnerabilities at scale. The thousands of zero-days it has found, including bugs that survived decades of review, prove that the current security equilibrium has been fundamentally disrupted.
The coming months will be critical. The July disclosure cycle will trigger a wave of patching that will test organizational readiness. The 12-18 month window before similar capabilities reach open-source models is the time to prepare.
The future of cybersecurity will be AI-driven, for both attackers and defenders. The organizations that recognize this reality and act now to build AI-powered security capabilities will be the ones that thrive. Those that do not will find themselves defending against attacks that were impossible just months ago.
The race is on. The stakes could not be higher.
Stay ahead of emerging AI security threats. Subscribe to our newsletter for the latest research, analysis, and practical guidance on securing your organization in the age of autonomous AI.
Ready to assess your AI security posture? Contact our team for a comprehensive evaluation of your defenses against emerging AI-driven threats.