Anthropic's AI Found a 27 Year Old Bug in 1,000 Tries—Now Every Patch Cycle Is a Race Against the Machine

What Mythos Preview Can Do

Anthropic's security research team spent roughly a month testing Claude Mythos Preview, a model that reads source code, forms hypotheses, runs software, uses debuggers, and produces bug reports with working proof of concept exploits. The results were staggering.

When tested against Firefox 147 JavaScript vulnerabilities, Mythos Preview produced 181 working shell exploits. The previous model, Opus 4.6, managed just two. On 7,000 entry points from OSS Fuzz repositories, Mythos achieved complete control flow hijack on ten patched targets compared to one each for prior models.

Engineers at Anthropic with no formal security training reported asking Mythos Preview to find remote code execution vulnerabilities overnight, and waking up the next morning to a complete, working exploit.

The Bugs Nobody Found for Decades

The most striking discoveries involve vulnerabilities that sat undetected in critical software for decades:

• A 27 year old OpenBSD TCP SACK denial of service vulnerability that allows a remote attacker to crash any OpenBSD host responding over TCP. Mythos found it across 1,000 scaffold runs at a total cost under $20,000.
• A 17 year old FreeBSD NFS remote code execution flaw (CVE-2026-4747) granting unauthenticated root access. The model discovered and fully exploited it autonomously, with no human involvement after the initial prompt.
• A 16 year old FFmpeg H.264 codec vulnerability introduced during a 2010 refactor, overlooked by every fuzzer and code reviewer for over a decade.

For Linux kernel vulnerabilities, Mythos successfully built privilege escalation exploits for over 50% of 40 potentially exploitable CVEs from 2024 and 2025. One complete exploit chain was finished in under a day, at a cost under $2,000.

"We Did Not Train It to Do This"

Perhaps most unsettling, Anthropic's researchers state the capabilities were not deliberately engineered: "We did not explicitly train Mythos Preview to have these capabilities. Rather, they emerged as a downstream consequence of general improvements in code, reasoning, and autonomy."

Of 198 manually reviewed findings, 89% matched professional security contractor severity ratings, with 98% within one severity level. The model identifies authentication bypasses, cryptography library weaknesses in TLS, AES GCM, and SSH implementations, virtual machine vulnerabilities, and browser exploits that bypass multiple sandboxes.

The Exploit Gap Is Closing

The discovery arrives at a moment when AI accelerated exploitation is already reshaping the threat landscape. According to Zero Day Clock data, the average time between vulnerability discovery and a functional exploit now sits under 20 hours, a timeframe that renders traditional patch cycles dangerously slow.

The escalation has been rapid. In June 2025, autonomous system XBOW topped HackerOne's U.S. leaderboard. By August 2025, Google's Big Sleep had identified 20 zero days in open source projects. In November 2025, Chinese state sponsored actors used AI coding tools for attack chains targeting approximately 30 global entities. By February 2026, Anthropic had already discovered 500 or more high severity vulnerabilities in open source software, and researchers at AISLE found 12 OpenSSL zero days, including a CVSS 9.8 flaw from 1998.

Gartner predicts that half of all cybersecurity incidents will involve AI by 2028. Mythos Preview suggests that timeline may be conservative.

Project Glasswing: Offense as Defense

Anthropic is not releasing Mythos Preview to the public. Instead, the company launched Project Glasswing, an initiative to direct the model's capabilities toward securing critical software by working with selected industry partners and open source developers. The goal is to patch as many vulnerabilities as possible before comparable capabilities emerge from less responsible actors.

The approach is a race against time. If general purpose AI improvements naturally produce offensive security capabilities, it is only a matter of time before similar models, without safety guardrails, reach the same level of performance. In November 2025, Chinese state actors already demonstrated they could use AI coding tools for attack chains targeting dozens of organizations.

What This Means for Your Security

For organizations running any software stack, the implications are concrete:

• Patch cycles must accelerate. Traditional quarterly or monthly patch schedules were designed for human speed threats. AI discovered vulnerabilities demand continuous patching.
• Legacy code is now high risk. The bugs Mythos found had been hiding for 17 to 27 years. Any codebase with decades old components should be treated as vulnerable.
• Dependency audits are urgent. Mythos successfully exploited known CVEs in dependencies at scale. Treating CVE tagged dependency updates as urgent, not optional, is now a minimum standard.
• AI assisted security is no longer optional. Organizations that do not deploy AI driven vulnerability scanning in their CI/CD pipelines risk falling behind both defenders and attackers.
• Incident response must adapt. Security teams should prepare for simultaneous patch surges as AI discovered vulnerability disclosures accelerate.

The Race Is On

The cybersecurity world just split into two eras: before Mythos and after. Whether AI discovered vulnerabilities become a tool for defense or offense depends entirely on how fast organizations adapt.

Former Google Cloud CISO Phil Venables noted that infrastructure and development teams must improve their tooling to handle faster vulnerability remediation cycles. Rich Mogull of the Cloud Security Alliance emphasized the need for approved AI providers and enterprise subscriptions, combined with training on how and where to use them.

For now, Anthropic controls the most powerful vulnerability discovery tool ever built. The question is not whether others will catch up, but when. The downstream effect is already visible in the public tracking infrastructure: NIST just stopped scoring most new CVEs after submissions jumped 263 percent, a direct consequence of AI driven vulnerability discovery outpacing what a public agency can sustain.