Security 6 min read

Claude Mythos Found Zero-Days Everywhere. Here's Your Playbook.

Anthropic's Mythos Preview discovered zero-days in every major OS and browser. Defenders have months, not years, to adapt. Here's what to do now.

#claude-mythos#zero-day#vulnerability-scanning#anthropic#security-scanner#ai-security#defenders

On April 7, Anthropic’s red team published a report on the cybersecurity capabilities of Claude Mythos Preview — a model not yet available to the public. The findings are stark: Mythos Preview discovered zero-day vulnerabilities in every major operating system and every major web browser it was pointed at. It developed working exploits autonomously, in hours, for vulnerabilities that had gone undetected for up to 27 years.

This is a capability shift, not an incremental improvement. And the window for defenders to prepare is closing.

What Mythos Preview Actually Did

The headline numbers are worth sitting with:

  • 27-year-old OpenBSD TCP vulnerability — a signed integer overflow in SACK handling that crashes any OpenBSD host via TCP. Discovery cost: under $50.
  • 16-year-old FFmpeg H.264 vulnerability — a slice counter mismatch (32-bit vs. 16-bit) triggering out-of-bounds write. Missed by years of fuzzing campaigns. Discovery cost: ~$10,000 across several hundred runs.
  • FreeBSD NFS remote root access (CVE-2026-4747) — a 17-year-old stack buffer overflow in RPCSEC_GSS authentication. Mythos built a full ROP chain exploit autonomously, appending an attacker SSH key to /root/.ssh/authorized_keys. Completed in hours.
  • Linux kernel privilege escalation — multiple exploit chains combining 2-4 vulnerabilities, including KASLR bypass, heap spray, and write-primitive exploitation.
  • Browser sandbox escape — four-vulnerability chains converting a webpage visit into OS kernel write access.

The OSS-Fuzz benchmark comparison tells the same story quantitatively. Against 7,000 entry points across 1,000 repositories, Sonnet 4.6 and Opus 4.6 found 150-175 tier-1 crashes each. Mythos Preview found 595 tier-1/2 crashes and 10 tier-5 full control-flow hijacks — the most severe category.

Anthropic’s manual review of 198 vulnerability reports found 89% exact agreement with model severity assessments and 98% agreement within one severity level. The model isn’t just finding bugs. It’s triaging them accurately.

Why This Matters Beyond Zero-Days

Zero-days make for dramatic reading, but the broader capability profile in the report is what defenders should focus on. Mythos Preview also demonstrated:

  • Reverse engineering of stripped closed-source binaries into plausible source code, then finding vulnerabilities in the reconstructed code
  • Cryptography library weaknesses in TLS, AES-GCM, and SSH implementations
  • Logic vulnerabilities including authentication bypasses and authorization flaws
  • Web application flaws — cross-site scripting, SQL injection, CSRF

The report projects over 1,000 critical-severity and thousands of high-severity vulnerabilities discovered, with over 99% still unpatched at the time of publication.

The cost profile is the quiet bombshell. A zero-day discovery campaign costs $50 to $10,000 in API credits. An n-day exploit chain — the kind that takes human experts weeks — costs under $2,000 and completes in under a day. These are not nation-state budgets. These are individual developer budgets.

What Defenders Should Do Now

Anthropic’s report includes a section of recommendations for defenders. They’re good. But they’re written for a broad audience — CISOs, security teams, infrastructure operators. If you’re a developer shipping code, here’s what’s immediately actionable.

1. Scan Your Code Like an Attacker Would

The vulnerability categories Mythos Preview excels at — memory corruption, authentication bypasses, injection flaws, cryptographic weaknesses — are exactly the categories that static analysis catches when the rules are specific enough. Generic “check for vulnerabilities” prompts don’t cut it. You need structured detection patterns mapped to real CWEs.

The @jeremie-strand/security-scanner skill on SkillSafe is purpose-built for this. It scans for known vulnerability patterns across your software stack, project dependencies, and containers. It works inside Claude Code, Cursor, and Windsurf — the same AI coding environments you already use. Install it and run it against your codebase:

install @jeremie-strand/security-scanner from skillsafe.ai

Then scan:

/security-scanner

The skill identifies CVEs in your dependencies, flags vulnerable code patterns, and surfaces security issues before they ship. In a world where an AI model can find and exploit a 27-year-old vulnerability for $50, manual-only security review is not a defensible strategy.

2. Patch Aggressively

The report’s recommendation to shorten patch deployment cycles deserves emphasis. Mythos Preview’s n-day exploitation capabilities mean the window between patch release and working exploit is collapsing. The FreeBSD NFS exploit targeted a 17-year-old vulnerability. The Linux kernel exploits targeted recently-patched issues.

Treat CVE-related dependency updates as urgent. Enable auto-updates where possible. If your patching process involves a two-week review cycle, that cycle is now your attack surface.

3. Audit Your Dependencies, Not Just Your Code

The Mythos report found vulnerabilities in widely-used cryptography libraries, codecs (FFmpeg), and system-level services (NFS, TCP stacks). Your application code might be clean. Your dependencies might not be.

Run security-scanner with a focus on dependency analysis. Know what’s in your stack. If a dependency hasn’t been updated in years, that’s no longer just tech debt — it’s a liability that can be discovered and exploited at API-credit prices.

4. Assume Your Exposed Services Will Be Probed

Mythos Preview found remote code execution in NFS. It found remotely-triggerable crashes in TCP implementations. If you’re running internet-facing services, especially on older infrastructure, assume that AI-powered vulnerability scanners will find what human auditors missed.

Minimize your attack surface. Disable services you don’t need. Segment your network. Monitor for anomalous access patterns. The cost of scanning every exposed service is about to drop by orders of magnitude — for defenders and attackers alike.

The Asymmetry Problem

The core tension in the Mythos report is asymmetry. Defenders need to secure every service, every dependency, every code path. An attacker — now potentially an AI model running for a few thousand dollars — only needs to find one exploitable flaw.

Anthropic’s Project Glasswing initiative is providing early Mythos Preview access to critical infrastructure operators and open-source developers. That helps at the top. But for the millions of developers shipping production code every day, the playbook is simpler: scan systematically, patch aggressively, and treat every dependency as part of your attack surface.

The tools exist. The security-scanner skill runs inside the same AI coding tools you already use. The friction is low. The cost of not scanning just went up dramatically.

Start today. The models that find these vulnerabilities are getting cheaper and more capable on a curve that isn’t slowing down.

Related Articles

Security

You're Using Claude Code Skills. Do You Know What's in Them?

Claude Code skills can read files, run commands, and access credentials. What the skill ecosystem gets wrong about security — and how to protect yourself.

 Security

ClawHavoc: 1,184 Malicious Skills and Why Pre-Install Verification Matters

Post-mortem of ClawHavoc — the largest AI skill supply chain attack on record — and what it reveals about the limits of reactive security models.

 Security

How Dual-Side Verification Protects Against Supply Chain Attacks

How SkillSafe dual-side verification works: publisher scans, consumer re-scans, and cryptographic tree hashes that detect tampering before install.