Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation
Security WeekArchived Jun 09, 2026✓ Full text saved
Public LLM models with safeguards turned off can also build working exploits, increasing patch gap risks. The post Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation appeared first on SecurityWeek .
Full text archived locally
✦ AI Summary· Claude Sonnet
Anthropic says its Claude Mythos Preview model can build working exploits targeting known vulnerabilities within hours, or even minutes.
Announced in early April and promoted as the most capable AI frontier model, Mythos right from the start raised fears regarding its ability to supercharge attacks.
In April and May, Anthropic touted its ability to find vulnerabilities, including 271 Firefox flaws and thousands of severe security defects across over 1,000 open source software (OSS) projects.
Now, the company says its most advanced model can also weaponize these discoveries, demonstrating that the surge in AI use in cyberattacks increases the threats faced by organizations in the patch gap.
Put to the test, Claude Mythos Preview delivered 16 working exploits targeting Firefox and Windows within hours.
Anthropic’s public models were also tested, with safeguards off. While they did not rise to Mythos’s level, they too delivered working exploits, proving that LLMs significantly increase the threat posed by N-days that have not been exploited in attacks before.
According to Anthropic, N-days are even more dangerous than zero-days, because attackers can patch diff and reverse-engineer them to build exploits.
This is exactly where LLMs become valuable weapons to attackers, as they significantly accelerate and automate the process of building N-day exploits.
“Exploit development is not the only step in a real N-day campaign (target discovery, delivering the exploit to the target, and detection evasion all take time and resources too), but historically it has been the step most bottlenecked by scarce reverse engineering expertise,” Anthropic explains.
PoC for Firefox vulnerability in 8 minutes
To validate the theory, the company tested Mythos Preview, Opus, and Sonnet’s ability to construct proof-of-concept (PoC) code targeting 18 security patches delivered for SpiderMonkey in Firefox 148 and 149.
They all delivered within minutes. Opus 4.8 created 11 PoCs, while Mythos Preview produced 14. Opus 4.8 delivered the first PoC in eight minutes, while Mythos Preview created it in 12.
Anthropic also tested the models’ ability to turn crashes into working exploits. Mythos Preview built eight of them, Opus 4.8 two, and Opus 4.6 and Sonnet 4.6 one each.
“This is where Mythos Preview really pulled ahead. Mythos Preview wrote its first working exploit in just under one hour, and ultimately created eight different exploits in roughly 12 hours,” Anthropic says.
8 Windows exploits in 18 hours
Next, the company tested the LLMs’ ability to build exploits for closed-source software, and chose Microsoft’s Windows platform for the task, looking at 21 kernel vulnerabilities disclosed between January and February 2026.
“This is substantially harder: with no source code available, the agent must work from compiled binaries and decompiler reconstructions that have been stripped of helpful context, like variable names, types, and structure,” Anthropic notes.
Sonnet 4.6 and Opus 4.7 built PoCs that triggered BSOD for 13 of the bugs, Opus 4.8 for 15, and Mythos Preview for 18. Mythos Preview delivered the first PoC in 31 minutes.
Mythos Preview was also able to create working exploits leading to privilege escalation for eight of the vulnerabilities, and delivered all of them within 18 hours.
According to Anthropic, because it typically takes seven days before Windows patches are pushed to 90% of enrolled devices in a fleet, and because they are typically force-rebooted only on day 11, the model makes exploitation viable within the patch gap.
Faster patching amid low exploit costs
“At this speed, Mythos Preview would have finished creating all eight full chain exploits before any of the Windows devices had received the patch as an update. Turning these exploits into a real campaign still requires further work, but Mythos Preview has now collapsed one of the most time-intensive steps into hours,” Anthropic notes.
The cost of building these exploits is not high either, the company says. Each model was given a three-million-token budget for creating the PoCs and exploits targeting Firefox. The cost of creating the full chain exploits targeting Windows was $15,700 in API credits, or around $2,000 per privilege escalation.
“The binding constraint to N-days is now just a few thousand dollars and API access, which expands the pool of capable N-day attackers dramatically,” Anthropic says.
The company calls for an updated patching playbook, which should rely on “N-hour” rather than “N-day”, and should no longer assume that weaponizing a patch takes weeks.
“N-days have historically caused most harm to systems that are slow or difficult to patch. Industrial control systems, medical devices, and ‘internet of things’ devices often run on fixed maintenance windows, vendor-locked firmware, or have uptime guarantees. As the cost of weaponizing any given patch falls toward zero, these devices and systems will become even more exposed. And even systems operating on an established, ‘responsible’ patch cadence are now far easier targets than before,” Anthropic notes.
Related: Anthropic Expanding Mythos Access to 150 New Organizations
Related: Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere
Related: Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means
Related: The Mythos Moment: Enterprises Must Fight Agents with Agents
WRITTEN BY
Ionut Arghire
Ionut Arghire is an international correspondent for SecurityWeek.
More from Ionut Arghire
Everest Forms Vulnerability Exploited to Hack WordPress Sites
174,000 Impacted by Lansing Community College Data Breach
Silent Ransom Group Uses DNS Fast Flux in Attacks
SolarWinds Serv-U Vulnerability Exploited in the Wild
Emphere Raises $2.1 Million for AI-Powered Vulnerability Remediation
Opal Security Raises $23 Million for AI-Native Identity Governance
Hackers Leak DentaQuest Information Impacting 2.6 Million
Chrome 149 Patches 429 Vulnerabilities
Latest News
New Platform Uses Cryptographic Invisibility to Protect AI-Built Applications
SAP Patches Critical NetWeaver, Commerce Vulnerabilities
Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks
Will AI Kill the Bug Bounty Industry?
Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks
Google Patches 5th Chrome Zero-Day Exploited in 2026
A Security Raises $37 Million for Autonomous Offensive Security Platform
Everybody Is Vibe Coding But Nobody Told the Security Team
Trending
Webinar: Third-Party Risk In Practice
June 4, 2026
Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice.
Register
Virtual Roundtable: CISO Forum 2026 Mid-Year Review
June 10, 2026
Explore how attackers are using AI to scale threats and how security teams can respond with AI-driven defenses. Protecting against unmonitored use of generative AI (Shadow AI) in business units and building and enforcing AI governance frameworks.
Register
People on the Move
Opal Security has appointed CPO, CTO, VP of Field Engineering, VP of Marketing, and Head of Product and Solutions Marketing.
The Department of the Air Force has appointed Ashley Devoto as Chief Information Officer.
Bartley Richardson has been named Chief AI and Autonomous Systems Officer at CrowdStrike.
More People On The Move
Expert Insights
Everybody Is Vibe Coding But Nobody Told The Security Team
AI-driven development is not something organizations can or should block. But it must be governed. (Danelle Au)
The Zero-Knowledge Threat Actor And The End Of Responsible Disclosure
AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. (Etay Maor)
Raising The Cybersecurity Stakes: Ante Up For The Agentic Era
CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale. (Nadir Izrael)
Caught Off Guard: Securing AI After It Hits Production
As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. (Joshua Goldfarb)
Cyber Resilience Is The New Business Continuity Plan
The organizations best prepared to face disruption are those that align security, continuity and risk management around what the business cannot afford to lose. (Steve Durbin)
Flipboard
Reddit
Whatsapp
Email