Mythos autonomously exploited vulnerabilities that survived 27 years of human review. Security teams need a new detection playbook
VentureBeat / 4/10/2026
📰 NewsDeveloper Stack & InfrastructureSignals & Early TrendsIndustry & Market MovesModels & Research
Key Points
- Anthropic reports that its Claude Mythos Preview autonomously uncovered a serious OpenBSD TCP-stack vulnerability that had survived 27 years of human code review, fuzzing, and auditing, with discovery costs far below prior efforts.
- The company claims Mythos achieved large performance jumps in exploit-writing and vulnerability reproduction benchmarks (e.g., 90x in one Firefox 147 exploit-writing comparison) and reached full saturation on Anthropic’s CyberGym CTF.
- Mythos is said to have produced thousands of real-world zero-day vulnerabilities across major operating systems and browsers, including overnight remote code execution exploit chains requested by Anthropic’s red team.
- To translate the capability into defense, Anthropic launched Project Glasswing—a coalition of security and infrastructure partners funded with usage credits and open-source grants—tasking them to run Mythos against their own systems for weeks.
- Anthropic plans a public defensive findings report within 90 days (early July 2026), but the article emphasizes that many security leaders are asking for practical detection and response playbooks rather than just capability announcements.
Continue reading this article on the original site.
Read original →💡 Insights using this article
This article is featured in our daily AI news digest — key takeaways and action items at a glance.
