In April 2026, Anthropic built a model it chose not to release. Claude Mythos Preview discovered and weaponized software vulnerabilities at machine speed, so the Anthropic team held it back and gave controlled access to roughly 50 organizations it trusted to harden their own code, among them AWS, Apple, Cisco, CrowdStrike, Google, Microsoft, NVIDIA, and the Linux Foundation. The program, called Project Glasswing, was created to provide a headstart to defenders, in hopes they could be enabled before attackers developed this capability independently. The window to harden widely deployed software would stay open only so long.
Within weeks, other AI leaders reinforced the new reality. OpenAI announced GPT-5.5-Cyber, a model built specifically for cybersecurity offense and defense. Microsoft disclosed that its own multi-model security system had found 16 previously unknown vulnerabilities in core Windows networking components, rated four of them critical, and patched them before any public disclosure. Three organizations, with three separate efforts, arrived at one shared and troubling conclusion: the capability to find and exploit vulnerable code at industrial scale is now present in AI-enabled tooling.
Now comes the contextualization of the risk, as new threats arise all the time. A novel attack against a well-understood attack surface is common enough that security teams are experienced at triaging and mitigating the new danger. The same attack, arriving where an organization has carried unaddressed technical debt for decades, presents a different class of problem entirely. That distinction colors any recommendation that follows, because the impact of AI-accelerated vulnerability discovery and exploitation arrives against organizational weaknesses that predate it by years.
A Reduced Threshold for Actors
The heightened capability of the models described lowers one of the key barriers that limited the frequency and likelihood of new and undetected campaigns. Finding and exploiting vulnerable code required uncommon skill and experience and was not a quick or simple exercise. The limited number of capable individuals and the time required to realize new attacks limited the number of attackers in play, as well as the number of targets any of them could reach. The newly demonstrated AI acceleration greatly lowers both.
Anthropic's description of its testing results paints a clear picture of the changed lifecycle for new exploits. Working from a list of 100 known Linux kernel vulnerabilities, the Anthropic team identified 40 candidates and asked the model to write working exploits. Mythos responded by developing attacks that gained unauthorized administrative control over more than half of those systems with no human guidance beyond the initial prompt. It went on to find and exploit a 17-year-old remote code execution flaw in FreeBSD that had survived decades of expert human review, and has surfaced vulnerabilities in every major operating system and every major web browser.
A Reduced Window for Defenders
The path from known vulnerability to exploit isn’t new, but it’s contracting. Consider the traditional vulnerability disclosure to exploit lifecycle, and the opportunity it provided defenders. Vulnerabilities exist in production code, unknown until researchers find them. The security community then assigns it a tracking identifier in the public Common Vulnerabilities and Exposures (CVE) database, the vendor develops and issues a patch, and security teams queue the deployment of that fix within their own remediation cycle. Microsoft's Patch Tuesday is the best-known example of this process, and it created a predictable cadence that let defenders take steps to manage and minimize their exposure during the window when the timing of their ability to patch left them vulnerable. Attackers could move faster than the cadence, but building a reliable exploit still took skilled people real time. With the demonstrated effectiveness of the new AI tooling, that window has closed, as the time from vulnerability to exploit is negligible.
Common Practice through Cost Compression
Lastly, the cost figures make the shift concrete. Starting with a published CVE entry and access to the affected code repository, Mythos built a working Linux kernel privilege-escalation exploit in half a day for less than $1000. A more complex attack that bypassed hardened kernel defenses took less than a day and cost less than $2000. A more complex and tedious effort found a 27-year-old vulnerability in OpenBSD, required roughly 1000 automated discovery runs, but ran a total cost of less than $20,000. For context, expert penetration testers reported that the model wrote in hours what would have taken them weeks, and Anthropic engineers, who were not cybersecurity experts, asked for and received complete, working exploits overnight. Similarly, on researching trends in estimated costs for exploit development, my research on estimates of exploit creation costs showed that these attacks are now an order of magnitude less expensive than they were only 5 years ago.
Detection Won’t be Sufficient
The point of this analysis is not about Mythos and its capacity to accelerate exploitation. The point is the exploit-growth trajectory that Mythos and other model testing confirm. AI systems can read public code, identify exploitable conditions, and generate working attack chains. Some of these run on freely available open-weight models that any motivated person can obtain at low or no cost. The gap between that commodity capability and leading Mythos-class results is real, but it is narrowing.
Faster individual exploits already justify tighter patch windows and more agile remediation. Security organizations and analysts understand how to think about speed and time to response. The shift that now requires our focused attention is not how quickly we can respond to a new attack, but how we will change our strategy in preparing for the predictable increase in number and breadth of this new generation of attacks.
Cybersecurity in the AI-accelerated era requires that while we continue to invest in speed to respond, we also develop new approaches that will blunt the inevitable increase in the scale of the volume of attacks we will see.
Sources
Anthropic red team, “Assessing Claude Mythos Preview's Cybersecurity Capabilities,” red.anthropic.com, April 7, 2026; corroborated by Help Net Security, April 8, 2026, and VentureBeat, April 10, 2026.
UK AI Security Institute, “Our Evaluation of Claude Mythos Preview's Cyber Capabilities,” aisi.gov.uk, April 13, 2026; corroborated by Codersera Mythos guide, May 2026.
OpenAI GPT-5.5-Cyber and Microsoft security-system disclosures are first-party vendor announcements, presented here as disclosed and not independently evaluated.
Included Topics
