Claude Mythos Preview autonomously finds and exploits zero-day vulnerabilities
Anthropic's Claude Mythos Preview can autonomously discover and exploit zero-day vulnerabilities across major operating systems, browsers, and open source software — a capability the company is channeling defensively through Project Glasswing.
Score breakdown
Security and AI practitioners should monitor Project Glasswing closely, as Mythos Preview's ability to autonomously find and exploit zero-days at scale — including in closed-source software via reverse engineering — signals that AI-driven vulnerability research is shifting from theoretical concern to operational reality.
- 01Anthropic published a technical assessment of Claude Mythos Preview on April 7, 2026, alongside the announcement of Project Glasswing.
- 02Mythos Preview produced 181 working exploits against a Firefox 147 JavaScript engine vulnerability; predecessor Claude Opus 4.6 succeeded only twice out of several hundred attempts on the same task.
- 03The model achieved full control flow hijack on ten fully patched targets across roughly 7,000 open source entry points; previous models achieved zero at this level.
On April 7, 2026, Anthropic published a detailed technical assessment of Claude Mythos Preview, documenting autonomous cybersecurity capabilities that represent a significant leap over prior AI models. The model was tested by running it inside an isolated container pointed at source code with a simple instruction to find vulnerabilities; it would then read code, form hypotheses, test them, and produce proof-of-concept exploits — all without human involvement after the initial prompt. Crucially, these capabilities were not explicitly trained into the model but emerged as a downstream consequence of general improvements in code understanding, reasoning, and autonomous action.
Three illustrative findings from the public disclosure highlight the model's sophistication.
Three illustrative findings from the public disclosure highlight the model's sophistication. In one case, Mythos Preview identified an OpenBSD vulnerability by chaining two separate bugs — an inadequate boundary check and a signed integer overflow in TCP sequence number handling — to enable remote crashes, a multi-step reasoning task historically requiring expert human analysis. In a FreeBSD case, the model autonomously wrote a working 20-gadget Return Oriented Programming (ROP) chain split across multiple network packets, a result expert penetration testers said would have taken them weeks to develop manually; the entire automated run cost under $50. Across thousands of open source repositories, professional human validators agreed with the model's severity assessments in 89% of reviewed cases, and the model also demonstrated reverse-engineering capability against closed-source software, identifying authentication bypasses in TLS, AES-GCM, and SSH cryptography libraries and logic vulnerabilities granting administrator access without credentials.
Anthropic frames the development not as purely threatening but as a capability requiring careful navigation, drawing a parallel to software fuzzers, which initially raised attacker-enablement concerns before becoming a cornerstone of defensive security. Through Project Glasswing, Anthropic is initially restricting Mythos Preview to a limited group of critical industry partners and open source developers, aiming to give defenders a head start before models with comparable capabilities become broadly available.
Key facts
- 01Anthropic published a technical assessment of Claude Mythos Preview on April 7, 2026, alongside the announcement of Project Glasswing.
- 02Mythos Preview produced 181 working exploits against a Firefox 147 JavaScript engine vulnerability; predecessor Claude Opus 4.6 succeeded only twice out of several hundred attempts on the same task.