Mythos autonomously exploited vulnerabilities that survived 27 years of human review. Security teams need a new detection playbook

Anthropic, a leading AI cybersecurity company, made a groundbreaking discovery of a 27-year-old bug lurking within OpenBSD’s TCP stack. This bug had evaded detection despite rigorous audits, fuzzing, and OpenBSD’s reputation for security. With just two packets, an attacker could crash any server running OpenBSD. The cost of finding this bug through Anthropic’s Claude Mythos Preview campaign was approximately $20,000, with a specific model run costing less than $50.

Claude Mythos Preview, Anthropic’s AI model, autonomously discovered this critical vulnerability in OpenBSD. The impact of this discovery was significant, showcasing a 90x improvement in exploit success rates compared to previous models. Mythos was able to identify vulnerabilities in various systems, including Firefox, SWE-bench Pro, and CyberGym, with unprecedented accuracy and efficiency.

In response to this groundbreaking discovery, Anthropic launched Project Glasswing, a defensive coalition involving major cybersecurity companies like CrowdStrike, Cisco, and Microsoft. This initiative aimed to test Mythos against their infrastructure and collaborate on improving cybersecurity measures. The partners have been running Mythos against their systems for weeks, with a public findings report expected in early July 2026.

The speed and effectiveness of Mythos in identifying vulnerabilities have raised concerns among security directors. Traditional detection methods have limitations that AI models like Mythos can overcome. Mythos has successfully identified critical vulnerabilities across different platforms, including OpenBSD, FFmpeg, FreeBSD, Linux kernel, browsers, and cryptography libraries.

The urgency to address cybersecurity gaps has been further emphasized by the evolving threat landscape. Attackers are leveraging AI to launch faster and more sophisticated attacks, outpacing traditional defense mechanisms. The need for rapid patching and proactive security measures is crucial to stay ahead of cyber threats.

Security directors are advised to reassess their security strategies and adopt AI-assisted solutions to enhance threat detection and response capabilities. Mythos serves as a wake-up call for organizations to prioritize cybersecurity investments and adopt a proactive approach to safeguard their systems.

As the cybersecurity landscape continues to evolve, organizations must adapt to the changing dynamics and leverage innovative solutions like Mythos to mitigate cyber risks effectively. The upcoming Glasswing report will provide valuable insights into vulnerabilities across various systems, prompting organizations to take proactive measures to enhance their security posture.