Anthropic says its Claude Mythos Preview model can build working exploits targeting known vulnerabilities within hours, or even minutes.
Announced in early April and promoted as the most capable AI frontier model, Mythos right from the start raised fears regarding its ability to supercharge attacks.
In April and May, Anthropic touted its ability to find vulnerabilities, including 271 Firefox flaws and thousands of severe security defects across over 1,000 open source software (OSS) projects.
Now, the company says its most advanced model can also weaponize these discoveries, demonstrating that the surge in AI use in cyberattacks increases the threats faced by organizations in the patch gap.
Put to the test, Claude Mythos Preview delivered 16 working exploits targeting Firefox and Windows within hours.
Anthropic’s public models were also tested, with safeguards off. While they did not rise to Mythos’s level, they too delivered working exploits, proving that LLMs significantly increase the threat posed by N-days that have not been exploited in attacks before.
According to Anthropic, N-days are even more dangerous than zero-days, because attackers can patch diff and reverse-engineer them to build exploits.
This is exactly where LLMs become valuable weapons to attackers, as they significantly accelerate and automate the process of building N-day exploits.
“Exploit development is not the only step in a real N-day campaign (target discovery, delivering the exploit to the target, and detection evasion all take time and resources too), but historically it has been the step most bottlenecked by scarce reverse engineering expertise,” Anthropic explains.
PoC for Firefox vulnerability in 8 minutes
To validate the theory, the company tested Mythos Preview, Opus, and Sonnet’s ability to construct proof-of-concept (PoC) code targeting 18 security patches delivered for SpiderMonkey in Firefox 148 and 149.
They all delivered within minutes. Opus 4.8 created 11 PoCs, while Mythos Preview produced 14. Opus 4.8 delivered the first PoC in eight minutes, while Mythos Preview created it in 12.
Anthropic also tested the models’ ability to turn crashes into working exploits. Mythos Preview built eight of them, Opus 4.8 two, and Opus 4.6 and Sonnet 4.6 one each.
“This is where Mythos Preview really pulled ahead. Mythos Preview wrote its first working exploit in just under one hour, and ultimately created eight different exploits in roughly 12 hours,” Anthropic says.
8 Windows exploits in 18 hours
Next, the company tested the LLMs’ ability to build exploits for closed-source software, and chose Microsoft’s Windows platform for the task, looking at 21 kernel vulnerabilities disclosed between January and February 2026.
“This is substantially harder: with no source code available, the agent must work from compiled binaries and decompiler reconstructions that have been stripped of helpful context, like variable names, types, and structure,” Anthropic notes.
Sonnet 4.6 and Opus 4.7 built PoCs that triggered BSOD for 13 of the bugs, Opus 4.8 for 15, and Mythos Preview for 18. Mythos Preview delivered the first PoC in 31 minutes.
Mythos Preview was also able to create working exploits leading to privilege escalation for eight of the vulnerabilities, and delivered all of them within 18 hours.
According to Anthropic, because it typically takes seven days before Windows patches are pushed to 90% of enrolled devices in a fleet, and because they are typically force-rebooted only on day 11, the model makes exploitation viable within the patch gap.
Faster patching amid low exploit costs
“At this speed, Mythos Preview would have finished creating all eight full chain exploits before any of the Windows devices had received the patch as an update. Turning these exploits into a real campaign still requires further work, but Mythos Preview has now collapsed one of the most time-intensive steps into hours,” Anthropic notes.
The cost of building these exploits is not high either, the company says. Each model was given a three-million-token budget for creating the PoCs and exploits targeting Firefox. The cost of creating the full chain exploits targeting Windows was $15,700 in API credits, or around $2,000 per privilege escalation.
“The binding constraint to N-days is now just a few thousand dollars and API access, which expands the pool of capable N-day attackers dramatically,” Anthropic says.
The company calls for an updated patching playbook, which should rely on “N-hour” rather than “N-day”, and should no longer assume that weaponizing a patch takes weeks.
“N-days have historically caused most harm to systems that are slow or difficult to patch. Industrial control systems, medical devices, and ‘internet of things’ devices often run on fixed maintenance windows, vendor-locked firmware, or have uptime guarantees. As the cost of weaponizing any given patch falls toward zero, these devices and systems will become even more exposed. And even systems operating on an established, ‘responsible’ patch cadence are now far easier targets than before,” Anthropic notes.
Related: Anthropic Expanding Mythos Access to 150 New Organizations
Related: Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere
Related: Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means
Related: The Mythos Moment: Enterprises Must Fight Agents with Agents
