Anthropic Mythos evolves faster than expected, now creates working exploits from vulnerabilities

Anthropic's Mythos is evolving faster than expected, reports AI safety agency

AI capabilities may be happening much faster than anticipated. Anthropic's Claude Mythos, which the company maintains is too powerful to be released generally, already appears to have gained new capabilities. In a blog post on Wednesday, the UK AI Security Institute (AISI) reported that it had tested a newer version of Mythos, which outperformed both its earlier results and OpenAI's GPT-5.5 -- just a month after Mythos' initial release. Also: Apple, Google, and Microsoft join Anthropic's Project Glasswing to defend world's most critical software "The newer Mythos Preview checkpoint completed both our cyber ranges, solving the range 'The Last Ones' in 6 of 10 attempts and the previously unsolved 'Cooling Tower' in 3 of 10 attempts," the blog authors wrote. "This was the first time that a model completed the second of our two cyber ranges." When Anthropic first announced Mythos Preview and Project Glasswing -- the cybersecurity testing alliance it formed with rival tech companies and AI labs, to which it gave limited access to Mythos -- last month, UK AISI evaluated it, finding that the model "represents a step up over previous frontier models in a landscape where cyber performance was already rapidly improving." That third-party perspective helped balance claims that the hype around Mythos was either solely marketing or, at the other end, signaled a catastrophic shift in AI capabilities. The truth about what the model can do is likely somewhere in the middle. Also: How to learn Claude Code for free with Anthropic's AI courses - one took me just 20 minutes AISI's updated test also exemplifies that capability improvements aren't restricted to individual model releases, but can happen within versions of a single model. AISI noted that AI models are rapidly advancing in their ability to handle cyber tasks, with serious implications for cybersecurity, especially given Mythos' knack for detecting software vulnerabilities. "In February 2026, we internally estimated that the length of cyber tasks AI models could complete had doubled every 4.7 months since late 2024 - already an acceleration from our November 2025 estimate of 8 months," the blog authors wrote. "Since then, AISI reported on two new models, Claude Mythos Preview and [OpenAI's] GPT-5.5, which substantially exceeded both doubling rate trends." Also: The third major Linux kernel flaw in two weeks has been found - thanks to AI The authors added that it's unclear whether that trend will hold or whether these findings indicate a lasting increase. Mythos and GPT-5.5 could simply be notable breaks from the overall pattern of model evolution. Still, AISI clarified that there are several unknowns its testing could not account for. The tests capped tasks at 2.5 million tokens, which let researchers better compare performance results over time. That inherently "understates what frontier models can do," they wrote. "Mythos Preview and GPT-5.5 have large upper-bound error bars due to near-100% success rates on our narrow cyber suite's longest tasks, even with the 2.5M token limit," the blog continued. "Our tasks are also not long enough to determine how sharply the models' reliability would deteriorate at higher task lengths. This places some of the latest models at the limit of what our narrow test suite can measure." Also: I put GPT-5.5 through a 10-round test: It scored 93/100, losing points only for exuberance While this makes the point of model failure hard to measure, it also means model success rates on these tasks would be much higher without the token cap -- so high, in fact, that "time horizons become impossible to calculate." Models with more token access and complex agent infrastructure would be much more capable. "A 2.5M token limit is relatively low -- in our cyber range experiment we use up to 100M tokens and find performance would likely still improve beyond that budget, especially for recent models, which disproportionately benefit from higher token limits," the blog added.

AI agents show they can create exploits, not just find vulns

Sure, AI agents such as Mythos can find security vulnerabilities in software, but the bigger question is whether they can turn those flaws into functional exploits that work in the real world. After all, many AI-discovered bugs prove minor or difficult to weaponize. New research, however, suggests frontier models can indeed develop working exploits when directed to do so. To better understand the rapidly changing security landscape, computer scientists from UC Berkeley, Max Planck Institute for Security and Privacy, UC Santa Barbara, Arizona State University, Anthropic, OpenAI, and Google decided to build ExploitGym, a benchmark for evaluating the exploitation capabilities of AI agents. This is not an entirely disinterested set of investigators - Anthropic, OpenAI, and Google all sell AI services. And both Anthropic and OpenAI have talked up the risk of leading models Claude Mythos Preview and GPT-5.5 while selling access to government partners. Since Anthropic announced Mythos in early April, the security community has been critical of the company's approach, described by some as fear-mongering. And various security experts have made the case that even commercially available AI models can find security flaws. Nonetheless, Mythos and GPT-5.5 outshine their peers in ExploitGym, as described in the paper, "ExploitGym: Can AI Agents Turn Security Vulnerabilities into Real Attacks?" ExploitGym consists of 898 real vulnerabilities found in applications, Google's V8 JavaScript engine, and the Linux kernel. Its workout consists of presenting an AI agent with a vulnerability and proof-of-concept input that triggers it, to see whether the agent can create an exploit capable of arbitrary code execution. According to the UC Berkeley Center for Responsible Decentralized Intelligence, Mythos Preview successfully exploited 157 test instances and GPT-5.5 managed 120 in the allotted two-hour window. "Even when standard security defenses like ASLR or the V8 sandbox were turned on, a meaningful number of exploits still worked," the boffins wrote in a blog post. "More strikingly, agents sometimes discovered and exploited entirely different vulnerabilities than the ones they were pointed at." The agents (CLI + model) tested were Claude Code with Claude Opus 4.6, Claude Opus 4.7, Claude Mythos Preview, and GLM-5.1; Codex CLI with GPT-5.4/GPT-5.5; and Gemini CLI with Gemini 3.1 Pro. And even the ancient models released in February (Opus 4.6 and Gemini 3.1 Pro) had some success. The researchers say that one of their more interesting findings is that these models sometimes went "off-script" in capture-the-flag (CTF) environments, where an agent has to find and retrieve some hidden value. This was most evident with Mythos Preview and GPT-5.5. The former succeeded in 226 CTF exercises but only used the intended bug in 157 instances, while the latter captured 210 flags and only used the intended bug in 120 of those cases. The authors also note that while there was some overlap in the exploits discovered, the various models found different exploits. This suggests applying a diverse set of models might be advantageous both in attack and defense scenarios. It's worth adding that ExploitGym tests were done with security guardrails disabled. When the test was re-run on GPT-5.5 with default safety filters active, the model refused 88.2 percent of the time before making any tool call. The Register, however, has seen security researchers craft prompts in a way to avoid triggering refusals. So safeguards of that sort have limits. "Our results show that autonomous exploit development by frontier AI agents is no longer a hypothetical capability," the authors state in their paper. "While current agents are not yet reliable across all targets, they already exploit a non-trivial fraction of real-world vulnerabilities, including complex targets such as kernel components." ®

AI-driven cyberattacks will start to be the 'new norm' in months, Palo Alto warns

"We now estimate a narrow three-to-five-month window for organizations to outpace the adversary before AI-driven exploits start to become the new norm," he wrote in a blog post on Wednesday. "This impending vulnerability deluge demands urgency." The rise of increasingly sophisticated AI models such as Anthropic's Mythos has raised the stakes, putting pressure on cybersecurity teams to step up their defenses as they brace for a wave of cyberattacks capable of exploiting previously unknown software vulnerabilities. The concerns led to White House meetings with bank leaders and technology giants.

AI models are getting better at replacing cybersecurity pros on certain tasks

UK researchers find LLMs are learning to finish jobs faster and improving all the time The UK AI Security Institute (AISI) has found that frontier models are quickly becoming more efficient when asked to do some cybersecurity work. AISI measures this with its "time window benchmark for cybersecurity," which estimates how much work an AI can do compared to a human. Using the benchmark could lead to findings such as Claude Sonnet 4.5 can do what a human cybersecurity expert can do in 16 minutes about 80 percent of the time, given a budget of 2.5m tokens. AISI has found the human-comparable task time - 16 minutes in this instance - is growing, fast. If tokens flowed freely instead of being arbitrarily capped, AI models might do better still. In February 2026, AISI internally reduced the expected task time doubling period from 8 to 4.7 months, based on progress made since late 2024. With the release of Anthropic Mythos Preview and OpenAI GPT-5.5, AISI has once again had to compress its projected doubling period. "In February 2026, we estimated that frontier models' 80 percent-reliability cyber time horizon had doubled every 4.7 months since reasoning models emerged in late 2024, given a 2.5M token limit," the AISI said in a post on Wednesday. "This was around half our November 2025 doubling time estimate, which was 8 months for both 50 percent and 80 percent reliability. Claude Mythos Preview and GPT-5.5 have since significantly outperformed this trend." The recalculated doubling time estimate, given what Mythos Preview and GPT-5.5 can do, is even shorter than 4.7 months. AISA does not cite a specific value but the organization points to similar time horizon estimates based on measurements of a broader skillset, software engineering, made by non-profit AI research house METR. "Their results imply a consistent doubling time of 4.2 months on software tasks since late 2024," AISI said, noting that with the latest Mythos Preview checkpoint (model update), it's closer to 4 months. Note that the time window benchmark is not a broad assessment of capabilities - AISI is not saying frontier models are becoming twice as capable by all measures. It's a narrow assessment based on the time it takes people to accomplish security tasks. Citing a different metric, AISI says the latest Mythos Preview checkpoint solved a 32-step simulated corporate network attack called "The Last Ones" in six of 10 attempts and managed to complete a previously unsolved challenge, a seven-step industrial control system attack called "Cooling Tower," in three of 10 attempts. As a point of comparison, when Opus 4.6 was evaluated in February 2026, it completed a maximum of 22 of 32 steps for The Last Ones. That model managed to reach milestone 6, which involves reverse-engineering a Windows service binary to access encrypted credentials, escalating privileges via token impersonation, and recovering a cryptographic key to access a command-and-control management service. "Frontier AI's autonomous cyber and software capability is advancing quickly: the length of cyber tasks that frontier models can complete autonomously has doubled on the order of months, not years," AISI concludes. "What this evidence does not tell us is how the pace of progress will evolve, when AI will reach any particular capability threshold, or how these capabilities will translate against defended, real-world systems." The curl project offers one data point with regard to the real world implications of the latest frontier models: Mythos managed to find just one confirmed vulnerability in its codebase.

Anthropic to present exposed Mythos flaws to global watchdog - claims critical vulnerabilities found 'in every major operating system and web browser'

* Anthropic set to brief the FSB on Mythos' capabilities * Financial experts are worried attackers could exploit vulnerabilities in banking software * Banks and lenders have been told to improve their detection and patching of vulnerabilities exposed by AI models Anthropic is due to present a briefing to the Financial Stability Board (FSB) on the vulnerabilities and flaws the Mythos AI model has exposed "in every major operating system and web browser." The FSB is a global watchdog which works with finance ministry officials, central bankers and securities regulators across the G20. In the announcement for Project Glasswing, Anthropic's collaborative effort to secure the world's critical software, the company warned that "The fallout -- for economies, public safety and national security -- could be severe." Mythos could threaten the global banking system According to two people familiar with the matter, who spoke to the Financial Times, Andrew Bailey, governor of the Bank of England, invited Anthropic to present the capabilities and findings of Mythos to the FSB. Many members of the FSB are growing increasingly concerned that AI models designed to hunt for high-severity vulnerabilities could threaten the stability of the global banking system, and in turn the global economy, if adversaries manage to obtain an AI model such as Mythos or OpenAI's Daybreak, and abuse flaws in banking software. Anthropic has provided Mythos to around 40 companies to enable them to secure their software against critical vulnerabilities. Mozilla found and patched 423 Firefox security bugs in a single month after harnessing Mythos onto the web browser, including some that had been prevalent in the code for over 15 years. Many more companies have requested access and briefings on Mythos' capabilities, but a Trump administration request has prevented Anthropic from distributing the software further. The race is now on to patch AI-discovered vulnerabilities as quickly as possible before adversaries and state-sponsored threat actors further develop their own capabilities. While AI models such as Mythos are not yet a part of the threat actors toolkit, Google recently observed attackers using an AI model to discover a zero-day exploit chain for the first time. Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

The next phase of AI cybersecurity still needs humans

Why it matters: The new phase of AI-powered cybersecurity may depend less on fully autonomous hacking and more on how effectively humans can direct, validate and operationalize increasingly powerful systems. The big picture: When Anthropic unveiled Mythos Preview to the world, it warned that the model was so powerful that it found tens of thousands of bugs spanning nearly every operating system. * Third-party testing suggests that OpenAI's GPT-5.5-Cyber is just as powerful as Mythos at finding bugs and writing exploits. * Major companies and governments around the world have been clamoring to get their hands on these models to understand what they'll be up against once similar capabilities fall into the hands of attackers. Driving the news: Several early adopters of Mythos and GPT-5.5 have shared their experiences this week from testing the seemingly revolutionary models. * Palo Alto Networks told Axios it found 75 bugs using both the Anthropic and OpenAI models, vs. the 5-10 bugs it usually discovers each month. Researchers also found the models were increasingly capable of linking seemingly low-severity vulnerabilities into workable attack chains. * Microsoft said Tuesday its new agentic security system, which runs on several frontier and distilled models, found 16 new vulnerabilities in the Windows networking and authentication stack. Microsoft also warned that AI tools are likely to increase the overall volume of discovered vulnerabilities over time, creating additional pressure on defenders to triage and patch flaws more quickly. * Cisco this week released "Foundry Security Spec," an open-source blueprint for how organizations should think about using advanced AI models. * XBOW, an AI-powered penetration testing startup, said Mythos is "extremely powerful for source code audits" in a blog post Tuesday detailing its internal tests. Reality check: Vendors consistently found that the models performed best when paired with experienced security researchers who could validate findings, guide workflows and distinguish exploitable vulnerabilities from noise. * XBOW found that Mythos was "good, but less powerful, at validating exploits" and that the model could be "too literal and conservative," sometimes overstating the practical significance of its findings. * Palo Alto Networks, which has been working with Mythos, Opus 4.7 and GPT-5.5-Cyber, saw a false positive rate of about 30% across its products -- although that rate dropped as the company trained the model on the environment it was searching. * Daniel Stenberg, the lead developer for open-source project Curl, said Monday that Mythos found one low-severity bug in its code alongside several false positives and another issue Curl ultimately considered insignificant -- underscoring the amount of human review still required. Zoom in: Inside the spec documents for Cisco's new blueprint are clues for the capabilities of the new models. * "A frontier model produces fluent, confident, plausible vulnerability claims that are wrong at a rate that makes unreviewed output worthless," Cisco wrote in its spec. * Instead of simply telling models to be more careful, Cisco researchers found better results when they instructed systems to make claims "checkable" and then explicitly verify their own findings -- an emerging approach enterprises are adopting to manage hallucinations and unreliable agent behavior. What they're saying: "A model is a brain without a body," Albert Ziegler, head of AI at XBOW, wrote in the company's blog post. * The models work best when they have a human "whose skill and control can match the brain's power," Ziegler added. Yes, but: Adversarial hackers won't have the same learning curve when using these tools, Palo Alto Networks chief product officer Lee Klarich told Axios. * "Understanding how attacks work and how you would exploit software and other things like that is the expertise of attackers," Klarich said. * Mythos is already improving on its own, according to research published Wednesday by the U.K. AI Security Institute. * "Notable capability jumps do not always require new model releases," the institute noted, adding that additional computing power and inference-time scaling alone can significantly improve autonomous cyber capabilities.

Claude Mythos turns years of security research into 20-hour AI exploits

When Anthropic announced Claude Mythos Preview on 7 April 2026, the response went well beyond the cyber security community. Finance ministers discussed it at the IMF. The Bank of England governor said it had to be taken very seriously . The UK Government wrote an open letter to every business leader in the country. What prompted this? Mythos autonomously discovered thousands of critical and high severity vulnerabilities across every major operating system and web browser, including a 27-year-old flaw in OpenBSD. It generated working exploits without human guidance. The UK's AI Security Institute tested it and found it could complete a 32-step simulated corporate network attack, from reconnaissance to full takeover, that would take human professionals around 20 hours. An important caveat is that these results come from lab environments. Anthropic's Mythos System Card notes the simulations had no active defenses, minimal security monitoring, and lacked defensive tooling. The Firefox exploitation tests ran without the browser's process sandbox. Mythos is impressive, but it has not been pitted against hardened, actively defended systems. That said, AISI estimates frontier model cyber capabilities are now doubling every four months. The genie is out of the bottle. Other model creators will deliver similar functionality but without restricting access like Anthropic has done. 1. Security is economics The AISI budgeted 100 million tokens per attempt on its network attack simulation. Across ten runs, Mythos completed the full 32-step attack three times. None of the models tested showed diminishing returns as the token budget increased; performance kept scaling upwards. In plain terms, the more compute an attacker throws at a target, the more they find. To harden a system, do we need to be spending more tokens discovering exploits than an attacker will spend finding them? The CSA and SANS "Mythos-ready" briefing makes a related point: build a permanent Vulnerability Operations function, running continuous AI-driven discovery across your entire software estate. Relying on yearly penetration tests simply doesn't match the real-world cadence. Token spend could be the new penetration test. 2. Patches signal attack vectors Project Glasswing is expected to generate a flood of vulnerability disclosures, as around 40 major software vendors have early access to Mythos to review their codebases. That coordinated and responsible disclosure is the right approach, but it creates a secondary problem: every patch is a signal to adversaries about where to look. AI accelerates patch-diffing, comparing old and new code to reverse-engineer what was fixed and what was exploitable. Each patch becomes an exploit blueprint. The Zero Day Clock project tracked time-to-exploit falling from 2.3 years in 2018 to roughly 20 hours in 2026. Organizations slow to apply patches are not just behind the curve, they are actively exposed by the disclosure itself. Mean-time-to-remediate externally exposed vulnerabilities is now one of the most important metrics a security team should be tracking. 3. Open-source transparency is now a double-edged sword Mythos analyses source code to find weaknesses. Anthropic's research distinguishes between open source software, where the model reads code directly, and closed source, where work is conducted under partnership arrangements with vendors. This has implications for open source more broadly, including policies like the UK Government's commitment to developing in the open. Publishing source code enforces good standards and invites scrutiny, but if an AI model can understand a codebase in minutes and generate working exploits, open repositories become a hunting ground. Linux kernel vulnerability reports have climbed from two to ten per week, all verified as genuine. Organizations that develop in the open, and those that depend on open source components, need to reconsider how they balance transparency with exposure, particularly for systems close to critical infrastructure. 4. Defense in depth still works, and architectural diversity matters The UK Government's open letter made the point plainly: the steps organizations should take against AI-driven threats are the same cyber hygiene measures recommended for traditional threats. Not all vulnerabilities carry the same risk. A critical CVE in an internal system with no internet exposure is a different proposition from the same CVE on a public-facing payment platform. Segmentation, identity controls, egress filtering, and phishing-resistant MFA all raise the cost for attackers, even with AI assistance. Architectural diversity matters too. An exploit against one technology stack will not necessarily work against another, so layered, diverse architectures are harder to attack end-to-end even at 'AI speed'. The NCSC's guidance on protocol breaks is one example: terminating a connection and passing the payload via a simplified protocol to a downstream system forces an attack to traverse multiple technologies, making protocol-based compromise significantly harder. 5. AI models could become instruments of geopolitical leverage Anthropic chose to restrict access to Mythos through Project Glasswing, offering it to selected partners and governments rather than releasing it publicly. The US Treasury briefed its major banks directly. This is an interesting pattern. AI models with offensive security capabilities are in effect strategic assets. The parallels with historical export controls on encryption are worth considering. In the 1990s, the US Government classified strong cryptography as a munition and restricted its export. Those controls were eventually used as a tool of influence. It is not difficult to imagine access to the most capable AI security models being restricted along geopolitical lines or used as leverage in future trade negotiations. For organizations operating internationally, this creates a new dependency risk. If your ability to defend your systems relies on access to models controlled by a foreign government or a single company, that is a strategic vulnerability in itself. Where does this leave us? The pace has accelerated but the response should not be panic. It should be focus. The CSA and SANS "Mythos-ready" briefing, reviewed by some of the most experienced CISOs in the industry, frames it well: this is the first of many waves. The organizations that weather it will be those that sharpen vulnerability prioritization, reduce their attack surface, and scale security decisions through automation and architecture rather than headcount alone. We've featured the best patch management software. This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

Major cybersecurity firm says new AI models uncovered 8x more flaws

Driving the news: Palo Alto Networks now estimates organizations have just three to five months before attackers broadly gain access to the capabilities of frontier AI cyber models. * Palo Alto Networks is among a small group of organizations with access to both Mythos and OpenAI's cyber-focused models. * Over the past month, the company scanned more than 130 products for software flaws, uncovering 75 legitimate vulnerabilities that have since been patched. None of those vulnerabilities were actively being exploited in the wild. * Usually the company finds and discloses an average of 5-10 vulnerabilities per month. Zoom in: Many of the vulnerabilities stood out because the models were able to identify ways to chain multiple flaws together into a working exploit path -- which earlier AI systems struggled to do, Chief Product Officer Lee Klarich told Axios. * The models appeared especially adept at understanding the "logic" of how applications worked and then identifying how attackers might exploit combinations of weaknesses, Klarich said. * In several cases, Palo Alto Networks said, the individual flaws might not have warranted disclosure on their own but became high-severity vulnerabilities when combined together. * During internal testing, Palo Alto Networks found the models generated working exploits more than 70% of the time. "These models are much better at writing working exploits than what we had seen before," Klarich said. Reality check: Finding the vulnerabilities still required extensive human expertise and customization, Klarich said. * Palo Alto Networks experienced an average false-positive rate of roughly 30%, though that varied widely depending on how researchers trained the models and what contextual information they provided. * The company spent significant time building what Klarich described as an "AI-scanning harness" to feed the models threat intelligence, context and operational guardrails. * "These models aren't magic," Klarich said. "We spent a tremendous amount of time building an AI-scanning harness and that harness is how we connect the model to whatever we're going to scan." The big picture: Companies and governments have spent the last month scrambling to assess how to defend against a future where attackers have access to the vulnerability-hunting capabilities of models like Mythos and GPT-5.5-Cyber. * Klarich said Anthropic's and OpenAI's models are similarly powerful, but tend to identify different types of vulnerabilities. * That means organizations should use multiple models in parallel to uncover the widest range of flaws, he said. Between the lines: Palo Alto Networks is urging organizations to take a four-pronged approach to defending against AI-assisted cyberattacks. * Build the ability to find and patch vulnerabilities before attackers can exploit them. * Reduce internet-facing exposure so only essential systems remain publicly accessible. * Deploy automated detection and prevention tools capable of blocking attacks in real time. * Integrate AI and automation into security operations centers so defenders can respond at machine speed. What to watch: The White House is actively debating proposals for testing and restricting advanced AI models with powerful cybersecurity capabilities before wider deployment.

AI is having its "Ford T" moment as Zero Day assembly lines appear

What are the security implications of Anthropic's Claude Mythos? Coming out of the major security conferences this year, the anxiety around AI was palpable. However, if you listen closely, much of the industry is still stuck viewing AI as a sophisticated phishing generator or a helpful coding assistant. Having spent my background in vulnerability research and exploit development manually hunting for memory corruption and writing exploits, looking at models like Anthropic's Claude Mythos, and now OpenAI's GPT-5.4-Cyber, hits entirely differently. Mythos isn't just an assistant. It is industrializing vulnerability discovery and exploit development at a scale we have never seen. To understand why this is a fundamentally terrifying shift in the threat landscape, you have to understand how exploits used to be built and how AI is completely rewriting those rules. The art of the exploit: A hostage negotiation with the CPU Historically, finding a vulnerability, crash, or logic flaw was only about 10% of the battle. Turning that crash into reliable code execution is an artisanal, intensely manual process. Modern systems are hostile environments, layered with mitigations like ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention). To bypass these, exploit developers rely on incredibly complex, fragile techniques: * ROP (Return-Oriented Programming) Chaining: When you can't inject your own code, you have to hijack the execution flow and stitch together tiny, existing fragments of executable memory (called "gadgets") to do your bidding. It requires an intimate understanding of the target architecture and immense trial and error just to get a foothold. * JIT Heap Sprays: Exploiting a modern browser means manipulating its Just-In-Time compiler. You have to groom the memory layout perfectly, trick the engine into allocating your payload exactly where you want it, and desperately hope the garbage collector doesn't trigger and crash the entire process before your exploit fires. This work requires intuition, deep architectural familiarity, and a massive cognitive load. Humans get fatigued. We lose track of the state machine. We miss edge cases. Building a reliable exploit chain has always been a bottlenecked process, reserved for highly specialized researchers or well-funded nation-state teams. The Mythos paradigm: abstracting art into compute For years, we tried to automate this with fuzzers throwing millions of malformed inputs at a binary hoping it would crash. But fuzzers are blind; they fail entirely at navigating subtle, multi-step logic bugs. Mythos succeeds where fuzzers fail because it isn't guessing; it is reasoning. When Mythos approaches a complex problem like a JIT spray, it holds the entire execution flow in its context window. It doesn't rely on a "gut feeling." It reads the code, generates a hypothesis, writes the exploit, executes it in an isolated sandbox, analyzes the crash dump, and iterates. It does this relentlessly, at compute speed, adjusting memory layouts programmatically until it hits the exact deterministic sweet spot. Even more alarming is its ability to chain vulnerabilities. For a human, chaining a memory leak to a buffer overflow to a privilege escalation is exceptionally difficult because the environment state changes after every step. Mythos natively handles this state-space explosion, seamlessly recalculating the environment and moving forward. It turns a fragile, human puzzle into a parallelized compute problem. Exposing civilizational software debt For the last decade, the fundamental mantra of cybersecurity has been "back to basics." We were told that if we just practiced good security hygiene, patching high and medium CVEs, reducing our known vulnerability count to zero, we could keep the blast radius contained. But this hygiene playbook assumes that the list of vulnerabilities is bounded and knowable. Glasswing obliterates that assumption. The zero-day vulnerabilities Mythos has identified aren't trivial edge cases; they include critical, difficult-to-detect flaws in every major operating system and web browser. This isn't a vulnerability backlog problem. This is a civilizational software debt problem being exposed overnight. Telling CISOs to simply "patch faster" right now is essentially telling them to empty a flooding basement with a bucket, right after the burst pipe's diameter increased by orders of magnitude. The nightmare scenario: democratizing the zero-day The existential dread setting in across the vulnerability research community is justified. What happens if a model with these capabilities is open-sourced or leaked? The barrier to entry for devastating, multi-stage attacks would hit the floor. An attacker wouldn't need to spend months reverse-engineering a proprietary SaaS platform or a legacy enterprise system; they would simply point the model at it. We would enter the era of the "Zero-Day Factory," where novel attack methods are generated continuously. The time-to-exploit window -- the time defenders have between a vulnerability being introduced and it being weaponized -- would collapse to near-zero. This asymmetric reality is exactly why Anthropic locked Mythos behind Project Glasswing. By restricting it to defensive launch partners, it appears the goal is to give the good guys a head start. For those of us tasked with designing architectures, communicating risk to clients, or defending IT infrastructure, the threat model has permanently shifted. With Anthropic's Claude Mythos and now OpenAI's GPT-5.4-Cyber, we are officially at a tipping point in model sophistication where these innovations will cause real problems for the cybersecurity industry. We can no longer rely on the assumption that complex exploit chains are too expensive or difficult for the average threat actor or perhaps even script kiddie to build. The artisanal era of exploitation is ending, and the industrialized era has already begun. We've featured the best endpoint protection software. This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

Firms nudged to go for Anthropic's Opus 4.7 as Mythos AI stays elusive

Organisations are leveraging Anthropic's Claude Opus 4.7 to address cybersecurity vulnerabilities, as the more powerful Mythos model remains largely inaccessible. Opus 4.7 offers significant capabilities, estimated at 70-80% of Mythos, making it a practical solution for threat hunting and incident response until broader Mythos access is available. Anthropic's latest AI model Claude Opus 4.7 is one of the best bets for organisations to plug cybersecurity vulnerabilities as the company's most powerful cyber-focused model Mythos continues to remain inaccessible for most companies, cybersecurity experts and analysts told ET. Opus 4.7 delivers about three-fourths of Mythos-level capability while remaining deployable and commercially usable with built-in safeguards against misuse, they noted. "Opus 4.7 has 70-80% of the capabilities of Mythos and we are recommending that organisations use Opus to fix gaps in their systems till Mythos access is not available," said Sangeeta Gupta, chief strategy officer of Nasscom. Anthropic in a blog said it deliberately reduced Opus 4.7's cyber capabilities during training compared to Mythos and introduced safeguards that automatically detect and block requests linked to prohibited or high-risk cybersecurity use cases. According to Anthropic, Mythos scored 83.1% on CyberGym, a cybersecurity capability benchmark developed by researchers at the University of California, Berkeley, while Opus 4.7 scored 73.1%. The company said Opus 4.7 as the first model on which it has tested its new cybersecurity safeguards before any broader Mythos release. "The differences between Opus 4.7 and Mythos, if any, would be only visible on some edge cases," said Jeremy D' Hoinne, vice president analyst at global research firm Gartner. "Mythos played a role in capturing the industry's attention, but now we enter the phase where the individual model will matter less than the productisation of the offerings and the results organisations get out of these products." Hoinne said enterprises are running experiments with models they currently have access to, while cybersecurity vendors have started integrating AI-driven scanning and patching capabilities into their products. Experts noted that for many enterprises, especially in regulated sectors, models like Claude Opus 4.7 are proving sufficiently capable for threat hunting, anomaly detection, compliance automation, and incident response workflows. "Within 18 months, this will become table stakes for enterprise AI," said Arjun Nagulapally, chief technology officer at AIONOS, an AI operating system delivery firm. "The companies moving fastest aren't chasing maximum capability. They are chasing minimum friction with sufficient capability. That's where Claude Opus sits right now." Nagulapally said most enterprises do not necessarily require frontier-class AI systems. Instead, they are looking for models that are powerful enough to handle complex cybersecurity and automation tasks while remaining easier to deploy across existing operations. Advanced AI systems are already changing how enterprises handle security operations across cloud, network, endpoint and identity systems. "These workflows are powerful because every instance has so much nuance that they do not exist in a fixed set of playbooks," said Nash Borges, senior vice president of engineering at global cybersecurity firm Sophos, referring to AI-driven threat hunting and incident response workflows. Beyond operational workflows, experts warned that AI systems are also expanding the attack surface on older infrastructure that was never built to withstand this level of automated scrutiny. "Core banking infrastructure, payment rails, and grid controllers built in the 1980s and 1990s were protected less by formal security properties than by the sheer cost of effort required to probe them, and AI systems are rapidly eroding that protection," said Jaydeep Singh, general manager at cybersecurity solutions firm Kaspersky. Industry experts said the shift signals a broader change in enterprise AI where businesses are increasingly prioritising deployability, workflow integration and operational outcomes over access to the most advanced AI systems available. "The fact that enterprises are evaluating capable but accessible models rather than waiting for restricted frontier-grade ones only accelerates how quickly organisations must adapt,"Singh said.

Claude Mythos and GPT-5.5 have confirmed what researchers feared most about AI and cybersecurity

According to a report recently released by the AI Security Institute (AISI) in the UK, the autonomous cyber capability of frontier AI models has been progressing rapidly enough to outpace its measurement benchmarks. Also read: Figure AI's Helix-02 humanoid robots is pulling full 8-hour factory shifts without human help For their part, AISI had been assessing how fast AI models are able to accomplish cyber-related tasks on their own, gauging it against how long it would have taken a human expert to do the same. As per their findings, the cyber capabilities of frontier models were expected to double every eight months in November 2025, with this decreasing to every 4.7 months in February 2026. However, all of that went up in smoke with Claude Mythos Preview and GPT-5.5. As you can probably tell, the cyber capabilities displayed by the two models were too impressive for AISI's existing trend analysis to be able to keep up with. Whether this was an anomaly or something else is yet to be determined. AISI uses a narrow cyber suite where models perform tasks that test their ability to find and exploit cybersecurity vulnerabilities. Skills tested include web exploitation and reverse engineering. Each task is assigned an average human time, and the test calculates the reliability of AI models completing tasks of similar duration. When a success rate of 80 percent is used, the output from recent models has practically hit the ceiling of what the test suite can calculate. Also read: OpenAI wants to build the UN of AI: Good luck with that The Claude Mythos Preview solved both simulated ranges by AISI, where the models emulate cyberattacks on small undefended enterprise networks. It successfully solved The Last Ones in six of ten instances, and Cooling Tower range became the first to be cracked by the Claude Mythos Preview, which solved the range three out of ten times. GPT-5.5 solved The Last Ones range in three out of ten instances. They are not just benchmarks. As AISI is clear on this point, even though evaluations are imperfect estimates of the actual real-world implications, the pace of evolution in current time points toward growing capacity for artificial intelligence cyber tools to materialize in practical threats. It is also important to mention that AISI admits testing was conducted under conservative circumstances, which implies certain limitations on evaluations. Specifically, models are limited to 2.5 million tokens per task. Without these limitations, success rates rise so high that there is no way to determine time frames anymore. It means that the statistics published by AISI significantly underestimate the power of these models. As AISI says, it plans to introduce more advanced tests, including new cyber ranges and even active cyber defenses. The very need for such an approach reflects the future direction of this problem.