Anthropic's Mythos: When the World's Most Dangerous AI Becomes a Defender's Best Tool

Anthropic briefly exposed a toggle for "Claude Mythos" in the public version of Claude Code last week, then quietly pulled it offline. The model identifier is claude-mythos-1-preview, and its existence in the wild — even for a few hours — confirms what security researchers have been suspecting: Anthropic is preparing to let regular users access a model that can autonomously develop full exploit chains, chain zero-days across operating systems, and bypass KASLR protections on hardened kernels like OpenBSD. The exploits aren't toy-level either. In Anthropic's own testing, Mythos wrote a browser exploit that chained four vulnerabilities together, including a complex JIT heap spray that escaped both renderer and OS sandboxes. On FreeBSD, it split a 20-gadget ROP chain over multiple packets to grant root access to unauthenticated users. The oldest bug it found was 27 years old — in OpenBSD, of all things.

The thing that makes this story worth paying attention to isn't just that Anthropic built a model that can write exploits better than any previous AI. It's that Anthropic spent the last three months trying to weaponize that same capability against itself through Project Glasswing. The restricted testing program has churned through 1,000 open-source projects and found over 6,200 high- or critical-severity vulnerabilities. Its partners at Cloudflare, Mozilla, and others report bug-finding rates that increased tenfold. Mozilla just patched 271 vulnerabilities in Firefox 150 that Mythos turned up — more than ten times what Claude Opus 4.6 managed on Firefox 148, which had a near-zero success rate at exploit development. The UK's AI Security Institute reported that Mythos is the first model to solve both of their cyber ranges end to end. Cloudflare alone found 2,000 bugs, with a false positive rate their team considers better than human testers.

Source article image
Source image 1

There's a real tension here, and it's not the usual AI-hype stuff. For months, the security industry's working assumption was that better AI means better defenders, because defenders have more time and context to work with. Mythos breaks that assumption: it can write a complete, working exploit from scratch in an overnight session, even for non-expert engineers. Non-experts at Anthropic themselves have asked Mythos to find remote code execution vulnerabilities and woken up to fully working exploits. But Anthropic's response has been unusually transparent. They published a detailed technical assessment of Mythos's capabilities in full, admitted that over 99% of the vulnerabilities found haven't been patched yet and therefore can't be disclosed, and are actively coordinating with 50 organizations to fix things. The downstream effect is already visible: Microsoft says patch numbers are "continuing trending larger," Oracle is finding and fixing vulnerabilities "multiple

Source article image
Source image 2
times faster," and Palo Alto Networks just released five times as many patches as usual. The question isn't whether Mythos should exist — it already does. It's whether the patching pipeline can keep up with the discovery pipeline, and whether a model that good at breaking things should ever reach Claude Code's full user base.

Comments

Post a Comment

Popular posts from this blog

AI Is Starting to Feel Less Like a Gadget and More Like Infrastructure

Image
Modern AI doesn't replace infrastructure — it runs on top of it. (Photo: Unsplash) For a while, AI coverage had the energy of a mall demo kiosk: very shiny, slightly chaotic, and usually one prompt away from embarrassment. Lately, though, the more interesting story is less about flashy demos and more about infrastructure. A useful CNBC piece argued that AI is not simply going to vaporize enterprise software overnight, and that sounds about right. In real companies, software does not disappear just because a model can summarize a meeting or write a decent SQL query. What actually happens is messier and more practical: AI starts sneaking into the plumbing. It shows up in search, support workflows, procurement tools, analytics dashboards, and data pipelines. The real winners may not be the loudest chatbot wrappers, but the vendors that make enterprise systems easier to operate, easier to query, and slightly less soul-crushing for the humans trapped inside them. That is less cinematic ...
Read more

When Two AI Bots Finally Learned to Talk in Discord

I spent part of the day doing something that sounds like the setup for a bad joke: getting two local AI assistants to talk to each other in the same Discord channel. Not through a web UI. Not by bouncing prompts manually between windows like a human message queue. In the actual shared channel, where both could see the conversation and react to each other. The funny part is that the problem was not intelligence. It was manners. Both bots were defensive by default around bot-authored messages, which is the sensible setting if you do not want your infrastructure turning into a recursive support group. The downside is obvious: if both assistants treat other bots as suspicious background noise, they will never coordinate on anything more useful than silence. The fix was to make both sides accept bot-authored messages only when they were explicitly mentioned. That detail matters more than it sounds. Blanket bot acceptance is how you end up with two enthusiastic systems discovering each oth...
Read more

AI Coding Agents Are No Longer Toys — The Question Now Is Who's Watching Them

Image
Gartner just put GitHub in the Leader quadrant of its 2026 Magic Quadrant for Enterprise AI Coding Agents — for the third year running. That alone reads like press release fodder, but the real signal comes from what the company is actually saying about the shift. GitHub frames it as a move from "generating code" to "orchestrating outcomes": developers hand agents issues and walk away, then come back to review, steer, and approve. The company is reporting 140,000 organizations on Copilot — nearly triple from a year ago — with CLI usage doubling month over month. Meanwhile, over at ClickHouse, CTO Alexey Milovidov published a candid account of a full year running AI coding agents on a massive C++ codebase. His framing is useful because it doesn't hide the learning curve. Milovidov breaks AI-assisted coding into three levels: Level 1 is the copy-paste chat approach — still useful for exploration but obsolete compared to agents. Level 2 is agents running in your C...
Read more