Anthropic’s Mythos Preview finds 10,000 vulnerabilities in critical software

Craig Nash
By
Craig Nash
Tech writer at All Things Geek. Covers artificial intelligence, semiconductors, and computing hardware.
10 Min Read
Anthropic's Mythos Preview finds 10,000 vulnerabilities in critical software

Anthropic claims Mythos Preview, a restricted AI model announced on April 7, has identified over 10,000 major security vulnerabilities across “the most systemically important software in the world,” raising urgent questions about whether AI has fundamentally accelerated offensive cybersecurity capabilities.

Key Takeaways

  • Mythos Preview allegedly found 10,000+ critical and high-severity vulnerabilities across major operating systems and browsers
  • The model autonomously exploited a 17-year-old FreeBSD remote code execution flaw and chained multiple vulnerabilities into functional attacks
  • Anthropic restricted access to roughly 50 organizations including Microsoft, Apple, and Amazon Web Services under Project Glasswing
  • Independent AISI evaluation showed Mythos succeeded on expert-level cybersecurity tasks 73% of the time
  • Security researcher Bruce Schneier questioned whether all claimed vulnerabilities represent genuine exploitable flaws

What Mythos Preview Vulnerabilities Reveal About AI Capabilities

Mythos Preview represents a significant leap in autonomous vulnerability discovery. Anthropic says the model can identify and exploit zero-day vulnerabilities in every major operating system and web browser, moving beyond theoretical threat modeling into practical exploitation. The company demonstrated this by having Mythos autonomously find and exploit a 17-year-old remote code execution vulnerability in FreeBSD (CVE-2026-4747), which granted root access via unauthenticated network access. This is not a model simply flagging suspicious code—it is autonomously weaponizing dormant security flaws.

What makes this claim particularly concerning is the scale and sophistication of the attacks Mythos allegedly constructed. Anthropic observed nearly a dozen instances where Mythos chained two, three, and sometimes four separate vulnerabilities together to build functional multi-stage exploits on Linux. The model also discovered multiple logic vulnerabilities, including authentication bypasses, account login bypasses, and denial-of-service attacks capable of deleting data or crashing services. When researchers tested Mythos against Firefox, Anthropic claims the model weaponized vulnerabilities into 181 usable attacks, compared with only 2 for Anthropic’s previous flagship model.

Independent Evaluation Confirms Advanced Cyber Capabilities

Anthropic’s claims are not entirely unvetted. The UK’s Artificial Intelligence Safety Institute (AISI) conducted an independent evaluation of Mythos Preview’s cybersecurity capabilities and confirmed the model performs at an advanced level. The AISI found that Mythos succeeded on expert-level tasks 73% of the time and could execute multi-stage attacks on vulnerable networks while discovering and exploiting vulnerabilities autonomously. On a specific complex task (TLO), Mythos completed it from start to finish in 3 out of 10 attempts and averaged 22 out of 32 steps, outperforming Claude Opus 4.6, which managed only 16 steps on the same task.

However, the AISI also identified critical limitations. The evaluation noted that Mythos Preview could not complete the “Cooling Tower” operational technology-focused cyber range, and the organization emphasized that its test environments were simpler than real-world scenarios, lacking active defenders and sophisticated security tooling. The AISI concluded Mythos is “at least capable of autonomously attacking small, weakly defended and vulnerable enterprise systems” once network access is gained—a meaningful but narrower claim than Anthropic’s headline numbers suggest.

The Vulnerability Count Question and Bruce Schneier’s Skepticism

The headline figure of 10,000 vulnerabilities demands scrutiny. Security researcher Bruce Schneier, commenting on Anthropic’s announcement, noted that a “flood of critical CVEs” only matters if vulnerabilities are actually being patched, and he expressed concern about the transparency of Anthropic’s triage process. Schneier did not see evidence supporting the full scope of Anthropic’s capability claims and raised the possibility that some detections may be false positives or vulnerabilities that are difficult to exploit in practice.

Anthropic did provide some specific examples to support its claims. The company found a vulnerability in FFmpeg after several hundred runs across the repository, at a cost of roughly $10,000. It also identified a memory-corruption vulnerability in a production memory-safe virtual machine monitor and discovered multiple Linux kernel vulnerabilities enabling out-of-bounds writes, including buffer overflow, use-after-free, and double-free issues, many remotely triggerable. These examples are concrete, but they represent a tiny fraction of the 10,000-vulnerability claim, leaving the broader assertion partially unverified.

Why Anthropic Restricted Access and What That Means

Anthropic did not release Mythos Preview widely. Instead, the company restricted access to roughly 50 organizations, including Microsoft, Apple, Amazon Web Services, and CrowdStrike, under a program called Project Glasswing. This controlled deployment reflects both the model’s potential utility for authorized security research and Anthropic’s evident concern about unrestricted access to a system capable of autonomous exploitation.

The restriction is telling. If Mythos Preview truly represents a major leap in automated offensive capabilities, keeping it behind a gate is a reasonable precaution. Yet it also means the full scope of its abilities remains largely opaque to the broader security community. Independent researchers cannot verify the 10,000-vulnerability count or test Mythos against their own systems. The model exists primarily as a tool for the organizations Anthropic has chosen to partner with, making it difficult to assess whether its capabilities justify the hype or whether the vulnerabilities it finds are genuinely actionable.

Comparing Mythos Preview to Earlier AI Cyber Models

Mythos Preview’s performance against Anthropic’s previous flagship model illustrates how rapidly AI offensive capabilities are advancing. The company reports that Mythos weaponized Firefox vulnerabilities into 181 usable attacks compared with only 2 for the earlier model. This 90-fold increase in exploitation efficiency suggests that each new generation of frontier AI brings materially improved offensive cyber capability. The gap between what Mythos can do and what earlier models could accomplish is not marginal—it is qualitative.

What Does This Mean for Defenders?

The implications for cybersecurity defenders are sobering. If Mythos Preview can autonomously find and chain vulnerabilities at the scale Anthropic claims, defenders face a fundamentally different threat model. Patching will become more urgent. Zero-day research will accelerate. Organizations with weak security posture will become increasingly vulnerable to AI-assisted attacks, especially if similar models eventually escape restricted access.

Anthropic’s decision to work with security contractors and major technology companies suggests the company understands this risk. The model is positioned as a tool for finding vulnerabilities before attackers do, not as a system for public use. But as AI capabilities improve, the question is not whether restricted access can hold indefinitely—it is whether Anthropic’s approach to responsible disclosure and access control will become the industry standard or a temporary exception.

Is Mythos Preview a security research tool or a dangerous weapon?

Mythos Preview is framed as both. Anthropic positions it as a tool for authorized security research, helping contractors find vulnerabilities in critical systems before attackers do. The restriction to 50 organizations supports this framing. However, the model’s demonstrated ability to autonomously exploit complex chains of vulnerabilities means it functions as an offensive weapon in the hands of anyone with access. The distinction between research tool and weapon depends entirely on who controls it.

How many of Mythos Preview’s 10,000 vulnerabilities are actually exploitable?

Anthropic has not disclosed the breakdown. The company provided specific examples—FreeBSD, Linux kernel flaws, FFmpeg, and Firefox—but these represent a tiny fraction of the 10,000 count. Bruce Schneier noted that without full transparency on triage and exploitation success rates, it is difficult to assess how many detected issues are genuinely exploitable versus theoretical or difficult-to-weaponize flaws.

Will Mythos Preview capabilities be released more widely?

Anthropic has given no indication of broader release. The model remains restricted to Project Glasswing partners as of the announcement. Whether access expands will depend on how the security community and regulators respond to the initial deployment and whether Anthropic believes the risks of wider availability are justified by the benefits to defenders.

Mythos Preview marks a turning point in AI-assisted cybersecurity. Anthropic has demonstrated that frontier AI models can autonomously discover and exploit vulnerabilities at scale, a capability that was previously confined to human security researchers and state-sponsored actors. Whether this becomes a tool that helps defenders stay ahead of threats or accelerates the timeline for widespread exploitation depends on how carefully Anthropic and its partners manage access and how quickly defenders can adapt to a world where AI finds zero-days faster than humans can patch them.

Edited by the All Things Geek team.

Source: TechRadar

Share This Article
Tech writer at All Things Geek. Covers artificial intelligence, semiconductors, and computing hardware.