Anthropic's Mythos AI Generates Working Zero-Day Exploits at 72.4% Success Rate

Anthropric has developed an AI model called Mythos that can autonomously identify and exploit zero-day vulnerabilities across major operating systems and web browsers, demonstrating exploit development success rates that far exceed previous AI capabilities.

The Numbers

Mythos Preview achieves a 72.4% success rate in generating working exploits, a stark contrast to Claude Opus 4.6, which Anthropic stated had "just over zero percent" exploit development success. The model can construct complex, multi-stage exploits: in one instance, it chained four separate vulnerabilities to create a web browser exploit with a JIT heap spray that escaped both renderer and OS sandboxes. It has also autonomously developed local privilege escalation exploits on Linux using subtle race conditions and KASLR-bypasses, and created remote code execution exploits on FreeBSD's NFS server with ROP chains spanning multiple packets.

During internal testing, Mythos identified "thousands of additional high- and critical-severity vulnerabilities" across systems. The model demonstrated capability against vulnerabilities spanning decades—including a patched 27-year-old bug in OpenBSD—requiring no formal security training from operators.

Why It's Not Public

Anthropic explicitly chose not to release Mythos publicly, with researchers stating that doing so "would break the internet – in a bad way." The company released a research post authored by 22 Anthropic researchers on Tuesday detailing the model's capabilities, but access remains restricted.

Instead, Anthropic created Project Glasswing, a limited-access initiative allowing approximately 40 organizations to use Mythos Preview for defensive purposes. The core group includes: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Participating organizations receive up to $100 million in Mythos Preview usage credits and $4 million in direct funding to open-source security projects.

What Mythos Can Do

According to Anthropic's research, the model exhibits broad capability across software vulnerabilities. One case study describes an engineer with no formal security training requesting Mythos to find remote code execution vulnerabilities overnight—and finding complete, working exploits by morning. The exploits move beyond basic stack-smashing techniques to sophisticated attacks that chain multiple vulnerabilities, escape sandbox protections, and bypass modern security mitigations.

The company is conducting responsible disclosure of the vulnerabilities Mythos identified. This process remains ongoing.

What This Means

Mythos represents a significant inflection point in AI-assisted security research. The gap between exploit-generation capability (72.4%) and prior AI models (near 0%) suggests AI has crossed a threshold where it can autonomously perform tasks previously requiring specialized human expertise. Anthropic's decision to limit access rather than publish represents a pragmatic security stance—similar to how quantum computing capabilities are discussed openly while actual systems remain restricted. The 40-organization preview model creates an asymmetric advantage for well-resourced companies to patch vulnerabilities before adversaries can use similar models, but raises questions about whether this gap can persist long-term as AI capabilities diffuse. The $100 million subsidy for defensive use underscores Anthropic's acknowledgment that this technology's release could destabilize critical infrastructure.