Anthropic has introduced a new AI model called Claude Mythos Preview that can identify serious security flaws in software at levels much higher than previous tools. This AI has already discovered thousands of zero-day vulnerabilities across major operating systems, web browsers, and essential software. What’s more alarming is that Mythos can often create working exploits for many of these bugs, raising new security concerns.

Massive Bug Discoveries Across Popular Software

According to Anthropic, Mythos Preview has uncovered thousands of high-severity vulnerabilities that have gone unnoticed for years. These flaws span a wide range of software used worldwide, from operating systems like OpenBSD and FreeBSD to media tools like FFmpeg. Some of these bugs had been present for decades—one in OpenBSD was reportedly there for 27 years, and another in FFmpeg had gone unnoticed for 16 years.

This highlights the importance of the discovery because these are not obscure or niche apps. They are critical components used on servers, in networks, and across devices. Finding old vulnerabilities in trusted software shifts the security conversation, showing that even longstanding bugs can still be lurking in widely used systems. It also means security teams can no longer assume that long-standing bugs are safe simply because they’ve been there for years.

The Danger of AI-Generated Exploits

The bigger concern isn’t just that Mythos finds bugs but that it can often turn those bugs into working attacks. This is a significant step forward because it can drastically speed up how quickly hackers can move from discovering a flaw to exploiting it. Traditionally, security researchers and attackers spend weeks or months manually analyzing code and developing exploits. Now, AI can do this within hours, making the process much faster.

In tests, Mythos chained multiple vulnerabilities together to break out of a browser and take control of the underlying operating system. When tested on Firefox, older models of AI didn’t perform well, but Mythos succeeded much more often and gained deeper control over the target system. It also handled a simulated corporate network attack that would typically take a human expert more than ten hours to complete. This suggests that the AI isn’t just finding bugs but reasoning through complex attack scenarios.

Anthropic has chosen not to release Mythos Preview widely. Instead, it’s keeping access limited and using it within a project involving major tech companies and infrastructure groups. The goal is to understand how AI can improve security while managing the risks. This development underscores how AI is rapidly evolving into a powerful tool for cybersecurity, both for finding vulnerabilities and for simulating attacks in ways that were previously impossible.

Inspired by

• https://justainews.com/companies/anthropic-claude-mythos-raises-security-concerns-after-finding-thousands-of-zero-day-bugs/

Sources

• anthropic.com