Anthropic‘s new Claude Mythos Preview model has autonomously identified serious zero-day vulnerabilities in widely used software systems, according to the company. The model’s performance surpassed that of both human security researchers and existing automated tools. The findings represent a notable development in the application of artificial intelligence to cybersecurity research.
Among the systems in which Mythos uncovered long-hidden flaws are OpenBSD, FFmpeg, and core components of the Linux operating system. The model demonstrated an ability to rapidly convert known software bugs into fully functional exploits, and did so at low cost. This capability raises questions about the pace at which vulnerabilities could be weaponized if such tools were misused.
Anthropic also reports that Mythos identified critical weaknesses in major cryptography libraries and widely adopted protocols, including TLS, AES-GCM, and SSH. These protocols underpin a broad range of secure communications and data protection systems. The discovery of flaws at this level carries significant implications for digital infrastructure globally.
The findings are described as particularly urgent for the DeFi sector and broader crypto infrastructure. Many of these systems rely on friction-based security defenses such as multisig arrangements, timelocks, and third-party audits. Weaknesses in the underlying cryptographic protocols on which these defenses depend could undermine their effectiveness.
The results highlight both the potential and the risks associated with deploying advanced AI models in security-sensitive contexts. While the model’s ability to surface previously unknown vulnerabilities could benefit defensive security efforts, the same capabilities could pose serious threats if applied maliciously. Anthropic has not detailed the disclosure process or remediation steps taken in response to the vulnerabilities identified.
Originally reported by CoinDesk.
