Anthropic's new model, Claude Mythos, is a serious exploit researcher (and cybersecurity risk, in the wrong hands). So much so that some vendors are getting early access so they can fix their product before Mythos gets released 🤯
"Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser." with among others:
- a 27-year-old vulnerability in OpenBSD
- a 16-year-old vulnerability in FFmpeg
- a privesc in the Linux Kernel
It's also excellent at turning vulnerabilities into exploits, according to Anthropic's internal research using the Firefox JavaScript engine as a victim:
- Opus 4.6 generally had a near-0% success rate at autonomous exploit development, only two times out of several hundred attempts
- Mythos Preview developed working exploits 181 times, and achieved register control on 29 more (see graph below)
Get your umbrellas, it is going to rain exploits in 2026.