Anthropic's Mythos Preview Model Discovers Thousands of High-Severity Vulnerabilities

Anthropic has released Claude Mythos Preview, a general-purpose language model capable of identifying and exploiting zero-day vulnerabilities in widely used software. The company reported that the model found thousands of high-severity vulnerabilities, including bugs in every major operating system and web browser. The model demonstrated the ability to construct sophisticated exploits, including those that can escape sandboxed environments. Anthropic engineers observed that non-experts could leverage Mythos Preview to find and exploit complex vulnerabilities, raising concerns about the democratization of advanced offensive security capabilities. The vulnerabilities discovered span multiple categories, with a particular focus on memory safety issues. In one example, the model identified a subtle vulnerability in OpenBSD's implementation of TCP Selective Acknowledgment that could allow an adversary to corrupt memory. Anthropic stated it did not explicitly train Mythos Preview for offensive security capabilities. The company said these capabilities emerged during standard training, representing a significant advancement in AI systems' ability to reason about complex software systems. The company is releasing the model initially to a limited audience of trusted testers while the security community adapts to these new capabilities.