Anthropic reports that its Claude Mythos Preview system is capable of crafting functional attack code targeting known security holes in as little as a few hours, and sometimes mere minutes.
Introduced in early April as the company’s most powerful AI model to date, Mythos immediately sparked concern about its potential to dramatically accelerate cyberattacks.
Throughout April and May, Anthropic showcased the model’s vulnerability-discovery prowess, highlighting its identification of 271 bugs in Firefox and thousands of critical security weaknesses across more than 1,000 open source software projects.
Now, the company reveals that its top-tier AI can go beyond merely finding flaws and actively weaponize them, demonstrating that the growing adoption of AI in cyberattacks intensifies the dangers organizations face during the window between the public disclosure of a vulnerability and the application of a fix.
In testing, Claude Mythos Preview generated 16 functional exploits targeting Firefox and Windows vulnerabilities within a matter of hours.
Anthropic also evaluated its publicly available models with safety restrictions disabled. While these models did not match Mythos Preview’s performance, they too produced working exploits, confirming that large language models substantially elevate the risk presented by N-day vulnerabilities that had not yet been weaponized in real-world attacks.
Anthropic points out that N-day vulnerabilities are, in some ways, more dangerous than zero-day flaws because attackers can examine the patch, reverse-engineer the underlying bug, and use that knowledge to build an exploit.
This is precisely where large language models become potent tools for attackers, as they greatly speed up and automate the process of developing exploits for N-day vulnerabilities.
“Building an exploit is just one phase in a real-world N-day attack campaign — identifying targets, delivering the payload, and avoiding detection all demand additional time and resources. But historically, it has been the phase most constrained by a shortage of skilled reverse engineers,” Anthropic explains.
PoC for Firefox vulnerability in 8 minutes
To verify these findings, the company evaluated Mythos Preview, Opus, and Sonnet on their ability to write proof-of-concept code targeting 18 security patches applied to Firefox’s SpiderMonkey engine in versions 148 and 149.
All three models produced results in minutes. Opus 4.8 generated 11 proofs of concept, while Mythos Preview created 14. Opus 4.8 delivered its first PoC in eight minutes, with Mythos Preview following in 12.
Anthropic also tested the models’ ability to convert crash-triggering inputs into fully working exploits. Mythos Preview produced eight, Opus 4.8 produced two, and both Opus 4.6 and Sonnet 4.6 produced one each.
“This is where Mythos Preview truly distinguished itself. It wrote its first functional exploit in just under an hour and ultimately produced eight distinct exploits over approximately 12 hours,” Anthropic says.
8 Windows exploits in 18 hours
Next, the company assessed the models’ ability to build exploits for closed-source software, selecting Microsoft Windows and analyzing 21 kernel vulnerabilities disclosed between January and February 2026.
“This is considerably more challenging. With no source code to examine, the agent must work from compiled binaries and decompiler outputs that have been stripped of useful information such as variable names, data types, and code structures,” Anthropic notes.
Sonnet 4.6 and Opus 4.7 built PoCs that triggered a blue screen of death for 13 of the bugs, Opus 4.8 for 15, and Mythos Preview for 18. Mythos Preview delivered its first PoC in just 31 minutes.
Mythos Preview was also able to create fully functional exploits enabling privilege escalation for eight of the vulnerabilities, completing all of them within 18 hours.
Anthropic notes that since it typically takes seven days for Windows updates to reach 90 percent of enrolled devices, and devices are generally force-rebooted only on day 11, the model makes it feasible to exploit systems during the patch gap.
Faster patching amid low exploit costs
“At this pace, Mythos Preview would have finished crafting all eight full-chain exploits before any of the Windows devices had even received the patch. Converting these exploits into a full-scale campaign still requires additional effort, but Mythos Preview has now compressed one of the most labor-intensive steps into mere hours,” Anthropic notes.
The financial cost of producing these exploits is also relatively low, according to the company. Each model was allocated a three-million-token budget for building the Firefox PoCs and exploits. Developing the full-chain Windows exploits cost $15,700 in API credits, or roughly $2,000 per privilege escalation exploit.
“The primary limitation for N-day exploitation is now just a few thousand dollars and API access, which dramatically broadens the group of attackers capable of launching N-day campaigns,” Anthropic says.
The company urges a fundamental shift in patching strategies, arguing that organizations should think in terms of “N-hours” rather than “N-days” and abandon the assumption that weaponizing a patch takes weeks.
“N-day vulnerabilities have historically caused the greatest damage to systems that are slow or difficult to update. Industrial control systems, medical devices, and internet-of-things devices often operate on fixed maintenance schedules, vendor-controlled firmware, or strict uptime requirements. As the cost of weaponizing any given patch approaches zero, these devices and systems will face even greater exposure. And even organizations following a well-established, responsible patching routine are now significantly easier targets than before,” Anthropic notes.
Related: Anthropic Expanding Access to Mythos for 150 New Organizations
Related: Mythos Proves Powerful in Spotting Vulnerabilities, Less Impressive in Other Areas
Related: Claude Mythos Finds Just One Curl Vulnerability; Experts Disagree on What It Truly Signifies
Related: The Mythos Moment: Enterprises Must Counter AI Agents with AI Agents
