How Much Does Anthropic’s Mythos Change Enterprise Security?

There has been a significant amount of interest by CISOs in the impact of frontier artificial intelligence (AI) models for offensive and defensive purposes following Anthropic’s Claude Mythos Preview release April 7, 2026. The response from the security industry has been divided. Have we reached the end of software security as we know it? Or is this just more AI hype?

In discussions we’ve had with security practitioners and leaders, concerns have focused on the speed and scale at which these models can be weaponized and what this means for today’s security programs. This blog shares our analysts’ assessment of Anthropic’s claims about Mythos’ vulnerability discovery and exploit generation, real-world examples of AI-based vulnerability research and adversary usage, and an underground perspective.

What Mythos changes and what it doesn’t

We believe Anthropic’s published results about Mythos Preview mark a meaningful step forward in AI-assisted vulnerability research, particularly in autonomous exploit development. The increase in capability — evidenced by Anthropic’s Firefox test in February which we detail below — is indicative of a vulnerability landscape that is rapidly changing. Vulnerability discovery has been visibly reshaped by large language models (LLMs), and the effects are observable in the increase in the number of reported CVEs and bug-bounty reports. This trend is reflected by the National Institute of Standards and Technology’s announcement it will no longer enrich every CVE submitted to the National Vulnerability Database, noting a 263% increase in submissions between 2020 and 2025. As AI models improve, they likely will gain parity with Mythos Preview, compounding this growth. Enterprises must be prepared to operate in an increasingly noisy threat environment where patch prioritization is even more important.

Exploit development has been more difficult to achieve via AI, requiring significant human expertise to produce impactful proofs of concept (PoCs). This notion appears to have changed with the emergence of Mythos Preview. If the advantage demonstrated in Anthropic’s testing environment translates to practical real-life usage, we likely will see a significant collapse in the time between vulnerability discovery and weaponization.

However, until Anthropic publishes details regarding false positive rates and overall success ratios, it’s not known how effective AI models would be as an organization’s primary tool for code assurance. Even if sophisticated AI models result in more exploit code, this does not automatically translate to better outcomes for adversaries who need reliable exploits, which can easily be refined into exploitation frameworks. Meanwhile, defense-in-depth measures still provide organizations with significant protection even when adversaries are equipped with a larger arsenal of weaponized vulnerabilities.

Several factors warrant caution about the broader claims related to Mythos. The public data on Mythos Preview represents a curated sample chosen by Anthropic rather than detailed results — likely designed to stimulate media interest and increase investor interest prior to an upcoming initial public offering (IPO).

As such, AI systems are capable of detecting real-world vulnerabilities — in some cases they also generate legitimate-sounding reports against codebases — but without baseline performance data, the operational cost of AI-assisted vulnerability discovery and exploitation at scale cannot be properly estimated. Additionally, since Mythos Preview is not publicly available, the research community cannot independently audit the claims or reproduce the results — meaning we are essentially evaluating Anthropic's conclusions about its own product.

Finally, while access to Mythos Preview is currently constrained to a select few organizations, there remains a very real chance that threat actors will eventually circumvent those constraints and/or target organizations with authorized access.

With the likely increase of AI adoption in the vulnerability domain, we predict:

• The volume of vulnerabilities discovered in 2026 will continue to rise sharply.
• Time-to-exploit will continue to shorten as models improve or current restricted models are released to the wider public. This will place a burden on organizations to improve the timeliness of patch prioritization and implementation.
• The technical skill floor for exploit development will drop, resulting in the increased propagation of exploits. Given immature threat actors will be unable to distinguish the quality of AI-generated content, many of these likely will be low quality or nonviable.
• AI analysis is unlikely to replace specialist human expertise. A human in the loop is central to the verification of findings as humans currently are more adept at finding zero-days than most AI models.
• Specialist domains are unlikely to be as impacted by AI analysis. Models are trained primarily on openly available data, which means their strongest performance is on widely used open source software, major browsers and common web frameworks and libraries.

An overview of Anthropic’s technical testing of Mythos Preview

In its technical write-up, Anthropic said Mythos Preview demonstrated the ability, when directed by users, to identify and exploit zero-day vulnerabilities across every major operating system (OS) and web browser tested, including complex exploit chains and local privilege escalation paths. Anthropic also described the model as highly proficient in cybersecurity, autonomous coding and long-running agent tasks.

During roughly one month of internal red team testing, Mythos Preview identified thousands of high-severity zero-days in production software. Anthropic chose to highlight a 27-year-old bug in OpenBSD, a 16-year-old flaw in FFmpeg and a 17-year-old remote code execution (RCE) vulnerability in FreeBSD's network file server (NFS) implementation (CVE-2026-4747). Anthropic claimed the model identified and exploited CVE-2026-4747 end-to-end without human intervention after the initial prompt and in some cases achieved unauthenticated root from an internet-facing position.

It conducted similar tests on its earlier model Claude Opus 4.6, which demonstrated AI could be used for vulnerability discovery at scale — months before the Mythos Preview announcement. Anthropic reported Opus 4.6 found and validated more than 500 vulnerabilities across a variety of open source codebases, several of which survived years of expert review and continuous fuzzing. In February 2026, during a two-week collaboration with Mozilla, Anthropic used Opus 4.6 to identify 112 issues in Firefox, of which 22 were assigned CVEs and 14 were high severity. Furthermore, Claude Opus 4.6 produced working shell exploits on two occasions across several hundred attempts. In comparison, using similar test conditions, Mythos Preview reportedly succeeded 181 times, with an additional 29 runs reaching register control — meaning Mythos can control central processing unit (CPU) registers but does not have full RCE capability. Anthropic attributes these results to general improvements in code, reasoning and autonomy rather than any cyber-specific training.

Independent observations point to the same broader shift. The AI security firm Aisle reported its system discovered all 12 zero-day vulnerabilities disclosed in OpenSSL's January 2026 patch and accounted for 13 of 14 OpenSSL CVEs assigned in 2025, indicating AI systems from outside Anthropic are finding zero-days in heavily audited code. Wordfence, which runs a WordPress bug-bounty program, reported that AI-assisted vulnerability submissions rose from 16% to about 66% between late November 2025 and April 2026, while overall submission volume increased 453% in the same period.

The cost of vulnerability discovery

One of the key considerations when deciding if AI is a viable solution for vulnerability discovery is the cost. The marquee finding from Anthropic’s Mythos Preview press release was the discovery of the 17-year-old OpenBSD bug. The campaign behind its discovery allegedly cost US $20,000. Anthropic also provided an example of how Mythos Preview was used to generate an exploit that cost under US $1,000 at API pricing. While these costs are viable for many enterprises, only the most resourced adversaries would likely be able to finance them.

Vulnerability research use cases

LLMs are playing a direct role in the vulnerability research lifecycle itself, particularly in converting disclosed patches into working exploit code. The three CVEs below illustrate how quickly the time-to-exploit collapses when AI-assisted tooling is applied.

• CVE-2025-32433 — On April 16, 2025, a critical vulnerability was disclosed in the secure shell (SSH) implementation of the Erlang-based Open Telecom Platform, a runtime library widely used in telecommunications and messaging infrastructure. Per our Vulnerability Report, one day after disclosure, researchers produced a fully working exploit using ChatGPT, supplying the model only with the source code differences between patched and unpatched versions of the SSH server.
• CVE-2025-14847 aka MongoBleed — On Dec. 19, 2025, MongoDB disclosed a critical vulnerability in its database platform that allowed remote unauthenticated attackers to leak sensitive memory content, including database secrets. As noted in our analysis, on Dec. 26, 2025, security researcher Joe Desimone published a working PoC to GitHub, stating that he developed the exploit in about 10 minutes using the Cursor AI coding assistant with the MongoDB patch commit as reference input. The patch commit itself supplied sufficient context for the model to produce functional exploit code in a time frame inaccessible to unaided manual work.
• CVE-2026-1731 — On Feb. 6, 2026, BeyondTrust issued a security advisory and released patches for an OS command injection vulnerability in its Remote Support and Privileged Remote Access appliances. Our report notes the flaw had been identified six days earlier by Hacktron, an autonomous vulnerability hunter, using AI-enabled variant analysis — the use of AI techniques to identify vulnerability patterns similar to previously disclosed flaws by analyzing code semantics and patch differences across related software.

Adversary use case

We have tracked the use of AI by threat actors since the technology became mainstream in 2023. Initial concerns failed to live up to expectations with the majority of the use being limited to phishing lure refinement and know-your-customer (KYC) bypass — with marginal gains thereafter. However, this has changed with the release of recent models, and AI-assisted vulnerability discovery and exploitation has moved from demonstration to operational reality. The most documented case is a breach of Mexican government organizations between late December 2025 and mid-February 2026 where a single operator compromised nine entities using Claude Code and GPT 4.1 as primary operational tools. We reported the intrusion included more than 1,000 prompts to which Claude Code generated 20 tailored exploits against 20 distinct CVEs, 400 custom attack scripts and about 5,317 executed commands across 34 live sessions. Roughly 75% of all command execution activity on the victim infrastructure was AI generated.

Additionally, Google's February 2026 AI Threat Tracker reported the Chinese state-sponsored hacking group APT31 prompted Gemini under an expert cybersecurity persona to automate vulnerability analysis against U.S. targets, pairing it with HexStrike — an open source tool that lets an LLM agent orchestrate over 150 offensive tools — to work through RCE, web application firewall (WAF) bypass and structured query language-injection (SQLi) paths before Google disabled the associated accounts.

Underground observations

Following the release of Mythos Preview, we observed several discussions in the underground focused on the model. Some actors expressed skepticism about Claude Mythos, arguing that it appears to be more AI hype than a genuine breakthrough and that limited PoC results are being overstated as evidence of a major technological leap. We also noted a message from a user seeking access to Claude Mythos through a Telegram channel, indicating early interest in obtaining the model outside official channels. We did not observe any relevant discussion regarding the GPT‑5.4‑Cyber model at the time of this report.

Interest in Claude Mythos is expected to increase among threat actors, especially those aiming to accelerate vulnerability discovery, exploit development and operational efficiency. While the invitation-only distribution model is likely to limit immediate, large-scale misuse, the model’s perceived offensive value and restricted availability may drive attempts to gain access through compromised accounts, stolen API credentials, or intermediary or insider assistance.

Conclusion

Exploit development is becoming accessible to a wider range of actors. More actors, including less sophisticated ones working with AI output they can't fully evaluate, will be producing exploits. This will create a far noisier environment for enterprise security teams. Patch prioritization and response timelines built for a slower exploitation cycle are already behind. The window organizations have to act on a disclosure is shorter than it was a year ago, and it will be shorter still a year from now. Enterprises should not make planning decisions around last year's threat environment.

AI models perform best against widely used open source software, major browsers and common frameworks — the codebases they've seen the most training data on. Specialist and proprietary environments have more insulation, at least for now. And human expertise still matters: AI remains a productivity multiplier, not a replacement for researchers who can reason about novel contexts.