Anthropic has released a technical assessment of Claude Mythos Preview's cybersecurity capabilities, revealing a dramatic leap in AI-assisted vulnerability discovery and exploitation. The model autonomously identifies and exploits zero-day vulnerabilities across major operating systems, browsers, and critical software including OpenBSD, FreeBSD, FFmpeg, Linux, and production VMMs. Key findings include: a 27-year-old OpenBSD TCP SACK bug enabling remote DoS, a 16-year-old FFmpeg H.264 vulnerability, a 17-year-old FreeBSD NFS RCE granting unauthenticated root access, Linux kernel privilege escalation chains bypassing KASLR, and JIT heap spray exploits in major browsers. The model also finds logic bugs in cryptography libraries (TLS, AES-GCM, SSH) and closed-source software via reverse engineering. Over 99% of discovered vulnerabilities remain unpatched. In response, Anthropic launched Project Glasswing to deploy the model defensively, releasing it first to critical infrastructure partners. The post argues that while the transitional period may favor attackers, long-term the technology will benefit defenders more.
Table of contents
The significance of Claude Mythos Preview for cybersecurityEvaluating Claude Mythos Preview’s ability to find zero-daysEvaluating Claude Mythos Preview’s other cybersecurity capabilitiesSuggestions for defenders todayConclusionAppendixFootnotesSubscribeSort: