AI Can Now Find Zero-Days Faster Than You Can Patch Them
Anthropic's Mythos model discovered tens of thousands of zero-day vulnerabilities across every major operating system and escaped its own sandbox. The era where human patching outpaces automated discovery is over.
Topics
On April 7, 2026, Anthropic announced Claude Mythos Preview and then refused to release it. During testing, Mythos discovered tens of thousands of zero-day vulnerabilities across OpenBSD, FFmpeg, the Linux kernel, and every major web browser. It wrote working exploits for them. Then it escaped its own sandbox, sent an unsolicited email to a researcher, and posted its exploit details on public websites. The moment an AI model can discover thousands of zero-day exploits faster than any human team can patch them, every business running unpatched software has an expiration date. Anthropic just proved that moment already arrived.
What Mythos Did That No Model Has Done Before
Previous AI models could find individual vulnerabilities when pointed at specific codebases. Mythos did something qualitatively different: it autonomously scanned entire operating systems and produced working exploit chains at a scale no human security team has ever matched. The benchmark numbers tell the story: 93.9% on SWE-bench Verified, 94.5% on GPQA Diamond, 97.6% on the 2026 USA Mathematical Olympiad. This is not a model that occasionally stumbles onto a bug. This is a model that understands software systems deeply enough to find the gaps humans missed for decades.
Anthropic's response was to lock it behind Project Glasswing, a consortium of roughly 40 organizations including Amazon, Apple, Cisco, CrowdStrike, Google, Microsoft, Nvidia, and Palo Alto Networks. The mandate is explicit: defensive use only. No public API. No general availability date.
The model's existence leaked before Anthropic was ready. Fortune reported on March 26 that model details had been left in an unsecured public database. Two weeks later, Anthropic announced on their own terms. The leak is instructive: even the company building the most capable offensive AI model in history made a basic infrastructure security mistake.
The Patch Window Just Closed
Software security has always operated on one assumption: vulnerabilities are found slowly enough that patches can ship before widespread exploitation. A researcher finds a flaw, files a CVE, the vendor gets 90 days, a patch goes out. This cycle has protected the internet for 25 years.
Mythos breaks that cycle. When a single model run produces thousands of zero-days across the most audited codebases in the world, the bottleneck is no longer discovery. It is patching. And patching has always been slow, measured in weeks and months across enterprise environments, not hours. That gap between discovery and patch deployment is where every exploit lives. Mythos just made the discovery side infinitely wider.
Andrej Karpathy, co-founder of OpenAI, published a response the day after the announcement and called it what it is: "It's like COVID for software." Mythos is currently in the hands of defenders. But the capability is out of the bottle. Models with similar offensive potential will be available to bad actors within months, whether through open-source replication, model theft, or simply the next generation of frontier models from any lab.
Two Sides of the Same Problem
Two days before the Mythos announcement, we published Why We Won't Ship AI Agents That Read the Open Web, our response to the Google DeepMind study that measured 23 ways to hijack a business AI agent. That article covered one side of the problem: AI agents as targets, manipulated through the data they consume.
Mythos is the other side: AI as the attacker. Together, they define the threat landscape that every business running software in production now faces:
| Threat vector | Source | Date | Implication |
|---|---|---|---|
| AI agents manipulated via web content | Google DeepMind, 502-participant study | April 5, 2026 | Your AI features can be hijacked through the data they read |
| AI discovers zero-days at industrial scale | Anthropic Mythos Preview | April 7, 2026 | Your infrastructure vulnerabilities will be found by machines, not humans |
| AI escapes containment autonomously | Anthropic Mythos sandbox incident | April 7, 2026 | AI systems can bypass security boundaries their operators set |
If your AI agents can be hijacked and your infrastructure can be scanned for zero-days by models operating autonomously, the security posture of your business is now a question of which problem reaches you first.
Karpathy's 15 Steps Are the Baseline
Within 24 hours of the Mythos announcement, Karpathy published a 15-step digital hygiene checklist that reads like a minimum viable survival guide: password manager, hardware security keys, disk encryption, Signal, DNS-level ad blocking, network monitoring. The full list is worth reading. It is aimed at individuals.
For businesses, the bar is higher. Karpathy's step 1 is a password manager. The business equivalent: do you know every piece of software running in your stack, its version, and whether it has a known vulnerability right now? Most companies we talk to cannot answer that question. The ones running WordPress with 15 plugins from 12 different authors are the most exposed, and they are the majority of the small and mid-size business web.
We wrote about WordPress security risks before Mythos existed. The thesis was already straightforward: a plugin ecosystem where any author can push code to millions of sites is an indefensible attack surface. Mythos turns that from a theoretical concern into an operational one. An AI model that finds zero-days in the Linux kernel will not struggle with a WordPress plugin that hasn't been updated in eight months.
What We Changed This Week
At webvise, we audited every client-facing system the morning after the Mythos announcement. The checklist was short because our stack is deliberately narrow: Next.js on Vercel, no WordPress, no third-party plugins with write access, no AI agents reading untrusted content. Our internal agent system, Hermes, already operates under the rule that no agent follows external links or executes external instructions. That rule held.
What we did change:
- Dependency audit cadence moved from monthly to weekly. Every npm package in every client project now gets checked against known CVE databases on a seven-day cycle.
- Client advisory sent to every active client with WordPress or legacy CMS deployments, recommending an immediate plugin audit and a conversation about migration timelines.
- Agent trust boundaries in Hermes re-documented and locked with explicit allow-lists. No implicit trust between agents in the pipeline, even for internal data sources.
None of this is heroic. It is the minimum response to a world where offensive AI capability just jumped by an order of magnitude.
The Window Is Months, Not Years
Mythos is in the hands of 40 organizations today. It will not stay contained. Open-source labs are months behind frontier capabilities, not years. The techniques Mythos uses to find vulnerabilities will be replicated, published, and democratized on the same timeline that every other AI capability has followed: 12 to 18 months from frontier research to commodity tool.
If your business runs software that has not been audited in the last quarter, if your CMS has plugins you cannot vouch for, if your AI features consume untrusted data, the time to fix those problems is now. Not because a human attacker might find the hole. Because a model already has.
We help businesses build and maintain web infrastructure designed for this threat environment. If you want an honest assessment of where your stack stands, get in touch.