Anthropic disclosed Mythos Preview, an advanced AI model it says can identify and exploit zero-day vulnerabilities at a far higher rate than its Claude Opus 4.6 model, generating working exploits in 72.4 percent of attempts. The company said the system can find and chain flaws across major operating systems and web browsers, including remote code execution, sandbox escapes, local privilege escalation, and multi-bug exploit paths. Anthropic did not release the model publicly, instead restricting access through Project Glasswing for selected partners and organizations to support defensive vulnerability research and responsible disclosure; it said the model has already uncovered thousands of additional high- and critical-severity flaws.
At Black Hat Asia, RunSybil CEO and former OpenAI security engineer Ari Herbert-Voss said open source AI models can match Mythos-level bug-finding performance when paired with the right orchestration or "scaffolding." He said combining multiple open models can improve coverage because different systems surface different classes of flaws, offering a form of defense in depth, while also addressing the cost and limited availability of proprietary tools like Mythos. Herbert-Voss added that human experts remain necessary to coordinate model workflows and validate large volumes of AI-generated findings, but said economic pressure and operational advantages are likely to drive broader adoption of AI-assisted vulnerability discovery across security teams.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
4 events from the most recent confirmed update back to the earliest known activity.
According to AISI, testing showed OpenAI's GPT-5.5 performed about as well as Anthropic's Mythos Preview on advanced cybersecurity tasks. The finding suggested Mythos' risk profile was not unique to one model but reflected broader gains in autonomy, reasoning, and coding across frontier AI systems.
Speaking at Black Hat Asia in Singapore, RunSybil CEO Ari Herbert-Voss said open-source AI models can find software bugs as effectively as Anthropic's restricted Mythos model when combined with suitable orchestration or scaffolding. He argued that combining multiple open-source models can improve defensive coverage while reducing dependence on costly, limited-access proprietary systems.
Rather than releasing Mythos publicly, Anthropic said it would limit access through Project Glasswing to selected industry partners and other organizations for defensive vulnerability research. The company also said it had already identified thousands of additional high- and critical-severity vulnerabilities and was responsibly disclosing them.
Anthropic disclosed Mythos Preview, an advanced AI model it says can identify and exploit zero-day vulnerabilities at a much higher success rate than its Claude Opus 4.6 model. The company said the model achieved a 72.4 percent working-exploit rate across major operating systems and browsers, including RCE, sandbox escape, local privilege escalation, and multi-bug exploit chains.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
9 references tracked. Mallory keeps watching after this page renders.
washingtonpost.com
Open sourcearstechnica.com
Open sourcego.theregister.com
Open sourcego.theregister.com
Open sourcestandard.net
Open sourcecbs12.com
Open sourceauto-post.io
Open sourcetheregister.com
Open sourcego.theregister.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.