Anthropic Tests Show AI Model Can Generate Exploits for Disclosed Vulnerabilities in Hours, With Limitations

Anthropic's Mythos Preview generated its first proof-of-concept exploit for a Windows kernel vulnerability within 31 minutes of receiving the disclosure details. The model produced eight distinct exploits across 21 kernel bugs tested and caused a blue screen of death in 18 cases. 7 hours to complete.

Researchers evaluated vulnerabilities in Mozilla Firefox and the Microsoft Windows kernel that were disclosed in January and February. They selected bugs released after the models' knowledge cutoff dates to test how quickly the system could convert public patches into working code. Axios reported the findings first.

On the Firefox side, Mythos built eight working code-execution exploits from 18 security patches. Anthropic estimates the Windows privilege-escalation work consumed about $15,700 in API credits, or roughly $2,000 per exploit. Most cyberattacks target known vulnerabilities that companies have not yet patched.

Applying fixes often requires IT and security teams to test patches to prevent system crashes, and many updates need scheduled downtime. 5-Cyber, according to the Anthropic research. The Trump administration is beginning to implement a new AI security executive order aimed at assessing national security risks from increasingly capable AI models.