contact us

Mythos Preview and the Operational Reality of AI-Assisted Vulnerability Research

Anthropic's Mythos Preview can reportedly discover and exploit software vulnerabilities autonomously. But the claims remain unverified, and the real challenge is operational: accelerating patch cycles, automating incident response, and preparing for disclosure volumes that manual processes cannot absorb. We assess what organizations need to do now.
Picture of Andrei Moldovan

Andrei Moldovan

Read More »

On 7 April, Anthropic published research on Claude Mythos Preview, a general-purpose language model that the company says can autonomously discover and exploit software vulnerabilities. Rather than releasing it publicly, Anthropic is distributing Mythos through a restricted program called Project Glasswing to selected technology vendors for defensive research. Reactions have split between alarm over a looming “vulnerability apocalypse” and skepticism that the announcement is more marketing than substance. What matters for security teams is where AI-assisted vulnerability research is going and what organizations need to do now to keep pace, not whether every Mythos claim holds up.

Main Takeaways:

  • The volume and speed of vulnerability disclosures are highly likely (70%-85%) to outpace what manual workflows can process; security teams need to scale their capacity to ingest, rank, and respond to vulnerability data.
  • Organizations that have not built mature prioritization frameworks are highly likely (70%-85%) to drown in patch volume; trying to fix everything at once burns through operational resources without proportionally cutting risk.
  • As the window between disclosure and exploitation keeps narrowing, incident response teams are likely (60%-70%) to see a parallel increase in active exploitation attempts; manual triage will not keep up, and automated detection and response pipelines become a requirement.
  • Smaller organizations and late adopters of AI-assisted security tooling are highly likely (70%-85%) to fall further behind; the divide between teams running mature AI-integrated workflows and those still operating manually will grow sharper.
  • None of Anthropic’s Mythos research has been independently reproduced, and the AI industry has a track record of packaging safety narratives as marketing. Operational planning should rest on observable indicators, such as real CVE disclosures and measured exploitation timelines, not vendor benchmarks.

AI-Assisted Vulnerability Discovery Outpaces Independent Verification

According to Anthropic’s own testing, Mythos found bugs that had survived decades of scrutiny in mature codebases: a 27-year-old flaw in OpenBSD, a 16-year-old H.264 codec bug, and critical issues in FreeBSD, FFmpeg, and the Linux kernel that automated fuzzing never caught. The model builds working exploits autonomously, chains vulnerabilities to break out of renderer and OS sandboxes, reconstructs source from stripped binaries, and finds bugs in closed-source software by validating reconstructed code against the original.

Comparative benchmarks make the gap concrete. Testing against Firefox 147’s JavaScript shell, Opus 4.6 landed 2 successful exploits out of several hundred runs; Mythos scored 181, plus 29 additional register control cases. On the OSS-Fuzz corpus (roughly 7,000 entry points), Opus 4.6 produced 150-175 tier-1 crashes and around 100 tier-2; Mythos returned 595 tier 1-2 crashes, a handful of tier 3-4, and 10 tier-5 results with full control flow hijacks. None of this came from specialized offensive training. These capabilities fell out of general reasoning improvements, which means future models are likely (60%-70%) to keep gaining similar abilities as a side effect of scaling.

That said, every claim about Mythos comes from Anthropic’s own researchers. No external party has independently verified these capabilities in a controlled setting. Key details are missing: how much compute each discovery required, how much human prompting was involved, and whether the published numbers reflect cherry-picked runs. OpenAI told a similar story with GPT-2 in 2019, calling it too dangerous to release; when it eventually shipped, none of the predicted risks materialized. That does not mean Anthropic is wrong, but the “too dangerous to release” playbook has served as a marketing move before.

The so-called “vulnerability apocalypse” is about scale, not the model itself. Over 99% of the vulnerabilities Mythos flagged are still unpatched, and Anthropic estimates over a thousand more critical-severity bugs waiting to be surfaced. Project Glasswing limits who gets access, which constrains direct threat actor use. But models already available to the public are not far behind. Opus 4.6 is already strong at finding vulnerabilities, just considerably weaker at turning them into working exploits. The vulnerability picture is shifting whether or not Mythos ships broadly.

Defenders Face Compressed Timelines, Surge Patching, and Legacy Risk

Vendors that receive Mythos through Glasswing are likely (60%-70%) to find and patch vulnerabilities faster, but this creates two very different scenarios for the organizations downstream.

In the first, patch volume spikes. Vendors running Mythos against their codebases will flag bugs at rates that generate urgent patches faster than most endpoint management teams can absorb. Trying to deploy everything at once will exhaust capacity without meaningfully lowering risk. In the second scenario, vendors catch bugs before code reaches production, reducing public disclosures and stabilizing patch rates. This is the best-case outcome, but it demands serious investment in pre-release security workflows. Organizations have no say in which path vendors take. Planning must account for both: the ability to surge patch deployment when needed, and triage frameworks that rank patches by exploitability, asset exposure, and business impact rather than attempting blanket remediation.

The disclosure-to-exploitation window is highly likely (70%-85%) to keep shrinking as AI-powered discovery and weaponization become routine in threat actor operations. This compression is already underway, independent of Mythos. Advanced frontier models are available to threat actors for a few hundred EUR per month, and AI is steadily becoming part of their toolkits for malware development and vulnerability research. For defenders, the implication is direct: manual incident response is likely (60%-70%) too slow to match the speed at which new exploits land.

Organizations need automated triage, enrichment, and containment running at machine speed.

Patch decisions must now be grounded in exploitability data, asset criticality, and business context, because prioritization at this scale is no longer optional. That requires vulnerability intelligence tailored to the organization’s own environment: what is being actively exploited, what is likely to be weaponized next, and which assets carry the most consequence if compromised. Generic severity scores will not hold up when disclosure volume scales beyond what teams can manually review.

Patch deployment timelines must compress in parallel: enforcement windows need to tighten, auto-update mechanisms need broader adoption, and organizations managing tens of thousands of endpoints require deployment automation with staged rollouts and rollback capability built in.

For organizations running legacy or end-of-life systems, there is no patch-based exit, because bugs will be found in software that no vendor will ever fix. Friction-based defenses and security through obscurity are likely (60%-70%) to erode quickly against adversaries using AI to grind through those barriers at scale. Legacy system owners need compensating controls and contingency plans now, not after the first disclosure lands.

Threat Actors Will Target Mythos Access and Overwhelm Disclosure Pipelines

State-backed operators and highly resourced criminal groups are likely (60%-70%) to go after the vendors that hold Mythos access. Glasswing’s restricted distribution makes those vendors visible targets: adversaries can work out who has the model, calculate the value of getting it, and prioritize accordingly. The access list becomes a target list. A successful breach gives attackers either the model itself, giving them autonomous vulnerability research at national scale, or early visibility into which patches are coming, letting them exploit zero-days before fixes reach users. For state-level actors, either prize offers disproportionate return on the cost of compromise.

On the disclosure side, organizations that do not rethink their intake workflows face a bottleneck that will impact operations. Vulnerability disclosure was designed for reports arriving at human speed: one researcher, one bug, one write-up at a time. Teams validate, score, and route each submission manually. That model holds up at the pace of individual researchers. When AI-powered tools start filing hundreds or thousands of reports against the same product in a short window, the pipeline will collapse. Triage queues will back up, SLAs will break, and genuine critical findings will get buried under bulk noise.

These effects compound. When vendors cannot process disclosures fast enough, coordinated disclosure timelines stretch. Unpatched vulnerabilities sit in a known-but-unacted-upon state for longer, and knowledge of their existence leaks through parallel channels.

Conclusions

The security balance that held roughly stable since the mid-2000s is breaking. Anthropic calls the near-term “tumultuous,” and whether or not Mythos performs exactly as advertised, AI-assisted vulnerability discovery and exploitation are accelerating, and that will not reverse.

In the near term, attackers are likely (60%-70%) to hold the upper hand. They already have access to capable frontier models, they are weaving AI into their operations, and they benefit from an asymmetry: defenders have to cover every surface, while attackers only need one opening. Over time, defenders will regain ground, but only those who invest through the transition.

These are immediate actions, not planning exercises: compressing patch cycles, automating incident response, building real prioritization discipline, overhauling disclosure intake, and planning for legacy systems that will never see another patch. Disclosure volume is already climbing. Exploitation timelines are already shrinking. Organizations that wait will find themselves responding to emergencies instead of managing a controlled transition.

Organizations that prepare now will exit this period with stronger defenses and sharper operational discipline. Those that do not will carry higher breach exposure into a threat environment that punishes delay.

Interested in exclusive intelligence
delivered to you before public release?

Become one of our customers or Subscribe to QuoIntelligence’s Weekly Intelligence Newsletter, to keep up with the latest cyber and geopolitical threats. 

Let's talk
Picture of Andrei Moldovan
A relentless threat hunter, Andrei is a Senior Threat Researcher at QuoIntelligence who lives for tracking threat actors and dismantling their infrastructure. He specializes in malware reverse engineering and diving deep into the web to uncover emerging threats, turning raw intelligence into actionable insights to stay ahead of adversaries.

Share this article:

Mythos Preview and the Operational Reality of AI-Assisted Vulnerability Research

Share this article:

Related Posts

Subscribe To Our
Weekly Newsletter

Subscribe to our newsletter to receive Weekly Intelligence Summaries, cyber news, and exciting updates.