Anthropic: All your zero-days are belong to Mythos
Summary
Anthropic has developed an AI model called Mythos that can find and autonomously exploit zero-day vulnerabilities across major operating systems and web browsers. The company reports Mythos Preview produced working exploits at a 72.4% success rate in tests, dramatically outperforming earlier models like Claude Opus 4.6. Anthropic did not release Mythos publicly; instead it has given a preview to selected industry partners under Project Glasswing and is pursuing responsible disclosure of thousands of findings.
Key Points
- Mythos is a specialised AI zero-day engine that can identify and craft working exploits automatically.
- Anthropic reports a Mythos Preview exploit success rate of 72.4%, versus near-zero for Opus 4.6.
- The model can chain multiple vulnerabilities (eg. JIT heap spray, sandbox escapes, KASLR bypass, race conditions) to achieve remote code execution and privilege escalation.
- Anthropic chose not to release Mythos publicly; it offered a preview to industry partners via Project Glasswing (AWS, Apple, Google, Microsoft, NVIDIA, Cisco, CrowdStrike, etc.).
- Anthropic says Mythos found thousands of high- and critical-severity vulnerabilities and is disclosing them responsibly to affected projects and vendors.
- The company is subsidising participation with usage credits (up to $100M) and donations to open-source security organisations.
Content summary
Researchers at Anthropic developed Mythos, an AI trained to locate and weaponise software flaws. In internal testing the model produced complex, multi-stage exploits — including browser sandbox escapes and kernel/OS privilege escalations — often by chaining subtle or long-standing bugs. A leaked draft earlier prompted public attention; Anthropic’s subsequent post confirmed the model’s broad capability across major OSes and browsers.
Rather than a public release, Anthropic supplied a preview to a curated group of industry partners under Project Glasswing to let organisations use Mythos defensively to find and fix flaws before malicious actors do. The firm also committed financial incentives to encourage participation and bolstering open-source security work. Anthropic says it is in the process of responsibly disclosing the vulnerabilities Mythos identified.
Context and relevance
This story marks a step-change in offensive-capability risk: generative AI is no longer just an assistant for code but can autonomously discover and construct exploits at scale. That raises big questions for defenders, vendors and regulators — from accelerating patch cycles and strengthening secure development practices to rethinking disclosure models and access controls around highly capable research tools.
For security teams and software maintainers this matters immediately: automated exploit generation multiplies the speed and scale at which vulnerabilities can be found and weaponised. For policymakers and platform operators it highlights the need for tighter guardrails on sensitive model capabilities and clearer industry coordination on responsible use and disclosure.
Why should I read this?
Short answer: because this is the kind of thing that changes the game. If you care about security, risk or running software that connects to the internet, you should know that AI can now write serious exploits — and that Anthropic is trying to keep it behind a controlled release. We’ve read the detail so you don’t have to — but don’t shrug this off.