Anthropic's Mythos Builds Exploits in Hours, Not Weeks

Get the Tech newsletter
Daily tech — startups, AI labs, chips, the launches that shape the next decade. Free.
- Anthropic's Mythos Preview can turn newly disclosed software vulnerabilities into working exploits in hours instead of weeks, according to research shared exclusively with Axios
- Mythos generated its first proof-of-concept exploit for a Windows kernel vulnerability within 31 minutes, and across 21 kernel bugs tested, produced 8 distinct exploits — the longest taking about 5.7 hours
- The model caused a "blue screen of death" in 18 of 21 Windows kernel bugs tested, and built 8 working code-execution exploits across 18 Firefox security patches
- Anthropic estimates Mythos generated its Windows privilege-escalation exploits for roughly $15,700 in API credits — about $2,000 per exploit
- The tests targeted Mozilla Firefox and Windows kernel vulnerabilities disclosed in January and February 2026, after the models' knowledge cutoff, to measure how quickly AI can weaponize public patches
- Open-source models and OpenAI's GPT-5.5-Cyber are already finding bugs at a similar level to Mythos, meaning rapid exploit generation isn't unique to one model
- The Trump administration is beginning to implement a new AI security executive order aimed at assessing national security risks from increasingly capable AI models
Why it matters: The $2,000-per-exploit cost collapses the economic barrier to weaponizing known flaws, which most cyberattacks already target. Defenders now face a shrinking patch window — disclosed vulnerabilities can become working attacks within hours, not the weeks organizations typically need to test and deploy fixes safely.

