The AI That Finds Bugs Can Now Weaponise Them

If you work in cybersecurity, you’ve been hearing about Anthropic’s Claude Mythos Preview for months. First, it was finding vulnerabilities in every major operating system. Then it was outpacing every benchmark. Now, Mythos Preview has crossed a threshold that changes the game entirely: it builds working proof-of-concept exploits autonomously.

Not just finding bugs. Not just reporting them. Chaining multiple low-severity primitives into complete, weaponised exploit chains. Writing privilege escalation exploits for Linux kernels. Crafting browser exploits at 90x the rate of its predecessor. And doing it all without human intervention.

Here’s what happened, why it matters, and what it means for defenders.

What Mythos Preview Can Now Do

Until now, AI-assisted vulnerability research followed a familiar pattern: the model identified potential bugs, maybe classified their severity, and handed them off to a human researcher to build a PoC. Mythos Preview changes that in two concrete ways:

1. Autonomous exploit chain construction — The model takes multiple low-severity primitives (e.g., use-after-free, arbitrary read/write, ROP gadgets) and chains them into a working privilege escalation exploit from kernel-level bugs.
2. Scale that humans cannot match — Given 100 Linux kernel CVEs, Mythos Preview identified the 40 most exploitable candidates and produced working privilege escalation exploits for more than half. On Firefox 147, it achieved 181 exploit-writing successes — compared to just 2 for Claude Opus 4.6. That’s a 90x improvement.

The Numbers That Matter

Anthropic’s red team published benchmarks that put the capability gap in stark relief:

• CyberGym benchmark: Mythos Preview scored 83.1% on vulnerability reproduction vs Opus 4.6’s 66.6%
• Cybench CTF: Mythos Preview saturated at 100% — the test wasn’t hard enough to differentiate
• Zero-day discovery: Mythos identified and exploited vulnerabilities in every major OS and every major web browser — many still unpatched

“The moat in AI cybersecurity is no longer just finding bugs — it’s finishing the job.” — Anonymous security researcher

How Exploit Chaining Works

Traditional vulnerability scanners operate on known signatures. Mythos Preview operates differently:

1. Crawl: Ingests CVE data, source code patches, and bug descriptions
2. Reason backwards: Analyses the fix to understand the underlying vulnerability
3. Write exploit code: Produces working exploit code — not proof of concept, but executable proof
4. Iterate and debug: When an exploit fails, Mythos adapts its approach using a multi-round protocol-aware exploitation

In one documented case, Mythos Preview split a complete exploit across 15 separate protocol requests, managed thread exhaustion on the target, and adapted when ROP gadgets failed — all autonomously.

Global Implications

The implications are reaching the highest levels of government and finance. On May 18, 2026, Anthropic briefed the Financial Stability Board (FSB) on cyber vulnerabilities in the global financial system identified by Mythos. The Guardian and Reuters both reported that Anthropic is sharing findings with the global finance watchdog — a sign that the threat is being taken seriously at the systemic level.

Mythos Preview access is currently restricted to 12 partners under Project Glasswing, including Apple, Google, Microsoft, AWS, and Cisco. But the dual-use dilemma is obvious: the same capabilities that help defenders patch faster also lower the barrier for offensive operations.

What Defenders Should Do

The emergence of autonomous exploit development doesn’t mean the sky is falling — but it does change the calculus:

• Patch faster: If a CVE gets a PoC in hours instead of weeks, your patch window just shrank. Prioritise critical-severity patches on internet-facing systems.
• Assume exploitation: Shift from “if this gets exploited” to “when this gets exploited.” Invest in detection and response, not just prevention.
• Use AI defensively: The same technology that powers Mythos can power your defence-in-depth. Tools like OpenAI Daybreak and Microsoft’s Security Copilot are the defensive analogues.
• Monitor AI-specific threat intel: Google’s Threat Intelligence Group (GTIG) recently reported that adversaries are already leveraging AI for zero-day exploits and autonomous operations.

The Bottom Line

Mythos Preview: Crossing the exploit-chaining threshold is a watershed moment for cybersecurity. The era of AI that only finds bugs is over. We’ve entered the era of AI that weaponises them — and the only viable response is to match that speed on the defensive side.

Follow CyberSlide for daily cybersecurity updates, threat analysis, and actionable security insights.