What is Mythos Preview?

Mythos Preview is a Claude model from Anthropic, not publicly available, that was tested in this security study.

How does this change patch management?

Exploits can now be built within hours of a patch release, meaning defenders must update systems faster than ever.

Is this study peer-reviewed?

No, it is a research study published by Anthropic's security team, not peer-reviewed.

Listen to today's AI briefing

Daily podcast — 5 min, AI-narrated summary of top stories

Listen

A sleek AI interface on a dark screen displays code analysis and exploit generation results, with a glowing network…

AI ResearchBreakthroughScore: 84

Anthropic: Mythos Preview Builds Working Exploits in Hours, Not Weeks

Anthropic's Mythos Preview AI built 8 working exploits from Firefox and Windows kernel patches within hours. The first exploit was ready 18 days before the patched Firefox shipped.

AAAla SMITH & AI Research Desk·2d ago·4 min read··24 views·AI-Generated·Report error

Source: the-decoder.comvia the_decoder, scmp_techCorroborated

How fast can Anthropic's Mythos Preview AI model build exploits from security patches?

Anthropic's Mythos Preview AI model turned Firefox and Windows kernel patches into working exploits within hours, for a few thousand dollars and no specialized expertise, producing 8 complete attack chains before Microsoft's auto-updates reached any device.

TL;DR

Mythos Preview produced 8 working exploits in ~12 hours. · First exploit ready within 1 hour of patch release. · Old patch rhythm is obsolete, Anthropic argues.

Anthropic's Mythos Preview AI built 8 working exploits from Firefox and Windows kernel patches in about 12 hours. The first exploit was ready within 60 minutes of the patch going live, 18 days before the patched Firefox 148 shipped.

Key facts

Mythos Preview crashed 14 of 18 Firefox vulnerabilities.
First proof of exploit in 12 minutes.
8 working exploits produced in ~12 hours.
Opus 4.8 managed only 2 working exploits.
Windows kernel: 8 privilege escalation chains built.
First exploit ready 18 days before patched Firefox shipped.

Anthropic's security research team has systematically measured how fast large language models can exploit known vulnerabilities in Firefox and Windows. The results blow up long-standing assumptions about patch strategies.

When software makers close security holes, a race starts. Attackers can analyze the patch, reverse-engineer the vulnerability from it, and hit systems that haven't applied the update yet. According to Verizon's data breach report (via Anthropic), these so-called N-Day vulnerabilities cause a huge share of real-world damage. Reverse engineering patches used to be slow, specialized work, and that bought defenders time.

A new study from Anthropic's security team says that buffer is now mostly gone. "A lone operator can now turn a month’s worth of patches into working exploits in a single afternoon—for a few thousand dollars and with no specialized expertise," the researchers write.

Key Takeaways

Anthropic's Mythos Preview AI built 8 working exploits from Firefox and Windows kernel patches within hours.
The first exploit was ready 18 days before the patched Firefox shipped.

Patches are now roadmaps for attackers

A security patch implicitly tells you where the bug was. Attackers compare old code with new code and pinpoint the flaw. Historically, this took weeks. In a Mandiant analysis from 2020, 16 out of 25 vulnerabilities took a month or longer to be exploited.

Anthropic measured how much large language models speed this up. Six Claude models were tested, including Mythos Preview, which isn't publicly available yet.

For the first test, the researchers picked 18 security patches for SpiderMonkey, Firefox's JavaScript engine. Firefox was a deliberate choice: according to Anthropic, the browser is a best-case scenario for defenders. It updates itself automatically, and Mozilla recently increased the frequency of minor updates from monthly to weekly. If even these short patch gaps are enough, other software is in far worse shape.

Mythos Preview crashed 14 of the 18 vulnerabilities, proving it had found and understood each bug. The first proof came after 12 minutes, and thirteen more followed within 40 minutes. The 14th took much longer, about three hours. Opus 4.5 managed just 2, Opus 4.8 hit 11.

In reliability tests with 50 runs per vulnerability, Mythos Preview reproduced seven out of 18 bugs on every single attempt. Opus 4.8 and Opus 4.6 only hit that level of consistency for one vulnerability each.

More important than a crash is whether the model can actually exploit the vulnerability to run foreign code on the target system. Mythos Preview pulled clearly ahead here, producing eight working exploits in about twelve hours. Opus 4.8 managed two, Opus 4.6 and Sonnet 4.6 each managed one. The first exploit was ready within an hour of the patch going live, 18 days before the patched Firefox 148 shipped.

Windows kernel without source code: 8 privilege escalation chains

The second test was much harder: 21 vulnerabilities in the Windows kernel from the January and February 2026 Patch Tuesdays, all allowing an attacker to jump from a restricted process to full system control. Unlike Firefox, the Windows kernel is closed-source. Yet Mythos Preview still produced 8 complete privilege escalation attack chains, each a full exploit that could run arbitrary code at the highest system privilege level.

Anthropic's study argues that the traditional patch cycle—monthly or even weekly updates—is now insufficient. The window between patch release and exploit availability has collapsed from weeks to hours, at least for models like Mythos Preview. The company did not disclose when or if Mythos Preview will be released publicly.

What to watch

Watch for whether Anthropic releases Mythos Preview publicly, and how Microsoft and Mozilla respond with faster update mechanisms. Also track if other labs replicate these results with their own frontier models.

Source: the-decoder.com

Sources cited in this article

Verizon's
Anthropic

Source: gentic.news · 2d ago · author=Ala SMITH · citation.json

AI-assisted reporting. Generated by gentic.news from 2 verified sources, fact-checked against the Living Graph of 4,300+ entities. Edited by Ala SMITH.

Following this story?

Get a weekly digest with AI predictions, trends, and analysis — free.

AI Analysis

This study is a stark demonstration of how frontier AI models are collapsing the exploit development timeline. The key insight is not just speed—it's the democratization of exploitation. Historically, writing a working exploit from a patch required deep systems knowledge and days or weeks of effort. Mythos Preview reduces that to a few thousand dollars and no specialized expertise, as the researchers note. What's underappreciated is the closed-source Windows kernel result. Building privilege escalation chains without source code is significantly harder than exploiting open-source Firefox bugs. That Mythos Preview still produced 8 full chains suggests the model can infer vulnerability semantics from binary patches alone, a capability that has serious implications for proprietary software security. The comparison to prior models is damning. Opus 4.8, Anthropic's current flagship, managed only 2 working exploits. Mythos Preview is clearly a different tier, likely trained with additional safety or offensive security data. The study does not disclose whether Mythos Preview's capabilities were deliberately enhanced for this task or emerged from general training. One limitation: the study tests only N-Day vulnerabilities—known bugs with public patches. Zero-days remain outside this capability. But the practical impact is still enormous, since N-Day exploits cause the majority of real-world breaches per Verizon's data.

#claude #anthropic #ai security #exploit development

This story is part of

The AI Infrastructure War Shifts from Chips to Developer Tools

Nvidia's enterprise pivot and AWS's OpenAI bet collide with Cursor's quiet ascent

Compare side-by-side

Anthropic vs Verizon

→

Mentioned in this article

Anthropic Claude Mythos Preview Firefox Windows Opus 4.5 Verizon

Enjoyed this article?

Get the weekly AI intelligence briefing

✨AI Toolslive

Five one-click lenses on this article. Cached for 24h.

Pick a tool above to generate an instant lens on this article.

Products & Launches3 shared topics

Claude Mythos Helped Firefox Fix More Bugs in April Than 15 Prior Months Combined

AI Research2 shared topics

GPT-5.5 Ties Claude Mythos in Enterprise Cyber Attack Tests, AISI Finds

From the lab

The framework underneath this story

Every article on this site sits on top of one engine and one framework — both built by the lab.

Original research · EUMAS 2026

MNEMA — A Witness Lattice for Multi-Agent AI Memory

Cryptographic memory units · 1−α detection floor · 15 pp PDF

Field framework · v1.0

Epistemic Infrastructure

12 pillars · 11-stage knowledge metabolism · pathology catalog

Anthropic: Mythos Preview Builds Working Exploits in Hours, Not Weeks

Key Takeaways

Patches are now roadmaps for attackers

Windows kernel without source code: 8 privilege escalation chains

What to watch

Sources cited in this article

AI Analysis

✨AI Toolslive

Related Articles

Claude Mythos Helped Firefox Fix More Bugs in April Than 15 Prior Months Combined

Anthropic: Claude Authors 80%+ of Code, Task Length Doubling Every 4 Months

Claude Mythos Clears All UK Cyberattack Simulators, Doubling Speed Revised

OpenAI Launches Daybreak Cyber Initiative to Rival Anthropic's Glasswing

Claude Mythos Preview Doubles METR Time Horizon at 80% Success

GPT-5.5 Ties Claude Mythos in Enterprise Cyber Attack Tests, AISI Finds

The framework underneath this story

More in AI Research

General LLMs Beat Clinical AI Tools in Doctor Study

Clinical LLM Rejection Predictor Hits AUROC 0.719 in 4.5-Month Study

Lung-R1-14B Tops EMR Diagnosis with Knowledge Graph-Guided RL