Anthropic researchers just published a technical assessment of Claude Mythos Preview. It's sobering. The model found a 27-year-old vulnerability in OpenBSD, wrote a four-vulnerability browser exploit chain that escaped both renderer and OS sandboxes, and constructed a 20-gadget ROP chain for FreeBSD's NFS server that grants root access to unauthenticated users. In benchmark testing against Firefox 147, Mythos Preview produced 181 working JavaScript shell exploits. The previous model, Opus 4.6, managed two.
The gap between Opus 4.6 and Mythos Preview is stark. Opus 4.6 had a near-0% success rate at autonomous exploit development. Mythos Preview achieved full control flow hijack on ten separate, fully patched targets in OSS-Fuzz testing. Anthropic engineers with no formal security training asked the model to find remote code execution vulnerabilities overnight. They woke up to working exploits. These capabilities emerged without explicit training. They're a side effect of general improvements in reasoning and code generation.
Hacker News commenters noted that many of these exploits target C/C++ codebases with historically high bug densities, not newer architectures like WebAssembly interpreters. Techniques like heap sprays and KASLR bypasses are well-established in security research. But the jump from requiring domain expertise to letting non-experts generate complete exploits overnight changes the math. Over 99% of discovered vulnerabilities remain unpatched, so Anthropic's withholding details per responsible disclosure practices.
Anthropic's launched Project Glasswing to help secure critical software before models with similar capabilities become widely available. The company argues that language models will eventually benefit defenders more than attackers, similar to how fuzzing tools like AFL became standard defensive infrastructure. Claude AI recently found a 57-year-old bug in Apollo 11's Guidance Computer code. The transitional period may be rough. The same model that helps secure OpenBSD can also help attack it. Anthropic's stance on autonomous agents like OpenClaw signals the company is already grappling with these dual-use risks.