Artificial Intelligence Discovers Zero-Day Vulnerabilities in Major Operating Systems and Browsers

Post Views: 7

Artificial Intelligence Model Discovers and Exploits Zero-Day Vulnerabilities Across Major Operating Systems and Web Browsers

In a groundbreaking achievement, a new artificial intelligence model developed by Anthropic has demonstrated the ability to autonomously identify and exploit zero-day vulnerabilities across every major operating system and web browser.

According to the report, the model, dubbed Claude Mythos Preview, was tested internally by Anthropic’s security research team for approximately one month, during which time it documented the model’s capabilities, showcasing its effectiveness in discovering and exploiting vulnerabilities at scale.

The results demonstrate a substantial narrowing of the gap between identifying a bug and constructing a working exploit.

Claude Mythos Preview Outperforms Its Predecessor

Compared to its predecessor, Opus 4.6, Claude Mythos Preview showed marked improvement in its ability to produce working shell exploits, achieving success 181 times in the same test.
The model achieved tier 5 (complete control flow hijack) on ten separate, fully patched targets, compared to only once for Opus 4.6.

Vulnerabilities Identified and Exploited

A 27-year-old denial-of-service vulnerability in OpenBSD’s TCP SACK implementation.
A 16-year-old vulnerability in FFmpeg’s H.264 codec.
A 17-year-old remote code execution flaw (CVE-2026-4747) in the NFS server.

Claude Mythos Preview also demonstrated its ability to chain multiple flaws to produce JIT heap spray exploits that bypass renderer and OS sandboxes, highlighting the potential for sophisticated attacks.

Project Glasswing Initiative Launched

Anthropics’ response to the findings, Project Glasswing, aims to direct the model’s capabilities towards securing critical software by collaborating with select partners and open-source developers.

The team recommends that organizations consider integrating language models into their vulnerability management workflows, shortening patch cycles, enabling auto-updates, treating CVE-tagged dependency updates as urgent, and revisiting vulnerability disclosure policies to address the increased pace of model-assisted discovery.

Ultimately, the emergence of Claude Mythos Preview highlights the evolving nature of the cybersecurity landscape and underscores the importance of proactive measures to stay ahead of emerging threats.

As the use of artificial intelligence continues to grow, it is essential for organizations to prioritize collaboration, innovation, and continuous learning to ensure the development of effective solutions to counter emerging risks.