Mythos has just been confirmed to convert disclosed vulnerabilities and software patches faster than any previous manual processes.

The controversial Mythos Preview model by Anthropic has just been announced to be capable of rapidly converting recently disclosed software vulnerabilities (and subsequent software patches) into functioning exploits within minutes — dramatically accelerating what has traditionally been a slow, manual process.

The firm’s internal red team has tested Mythos against security flaws in Mozilla Firefox and the Microsoft Windows kernel that had only been disclosed earlier this year — beyond the model’s training cutoff — to evaluate its real-world reverse engineering capability.

Subsequently, the model generated an initial proof-of-concept exploit for a Windows kernel flaw in just over half an hour. Across 21 kernel vulnerabilities, it successfully triggered system crashes in 18 instances and produced eight distinct privilege-escalation exploits, with the most advanced taking under six hours.

In parallel tests on Firefox, the model created eight working remote code execution exploits from 18 analyzed patches. The total cost of the Windows testing campaign was estimated at $15,700 in API usage, or roughly $2,000 per viable exploit.

These results carry serious implications for enterprise defense. The majority of cyberattacks already rely on vulnerabilities that are known but not yet patched, and organizations typically require days or weeks to safely deploy updates. Anthropic’s research suggests that this window is rapidly shrinking. What has traditionally been referred to as the “N-day” window may now be better understood in terms of hours rather than days, fundamentally changing the risk calculus for defenders. The concern is not limited to proprietary systems; some open-source models are approaching similar capability levels, and other advanced AI systems are reportedly demonstrating comparable performance.

Even before this latest capability, the model’s ability to identify decades-old flaws in operating systems and trusted codebases had prompted the US government to begin assessing the broader national security implications of such AI capabilities, with a new executive order under consideration to evaluate risks associated with ever-improving AI code-analysis capabilities.