DEV Community

Christopher Karatzinis
Christopher Karatzinis

Posted on

AI just found thousands of zero-days. Your firewall is still pattern-matching from 2014

#security #honeypot #ai #sysadmin

Anthropic just announced Claude Mythos, a LLModel so good at finding software vulnerabilities that they decided to keep it under lock and not release it publicly. While testing it, it unearthed thousands of high-severity zero-days across every major OS and browser. Some of them include a 27-year-old bug in OpenBSD (for some, the most secure OS out there), a 16-year-old flaw in FFmpeg and a memory corruption bug inside a memory-safe VMM. Some companies managed to get access (AWS, Apple, Google, Microsoft, NVIDIA, the Linux Foundation, JPMorgan, CrowdStrike, Palo Alto, Cisco, Broadcom) but not me or you! We have to wait for ... another life? (Full story: https://thehackernews.com/2026/04/anthropics-claude-mythos-finds.html)

It is natural to say "forget the press release", Anthropic is a responsible company but the interesting fact is the capability and the bugs exist and we only have to wait for the next LLM to reach the levels of Mythos without the safety brakes of Anthropic. Also certain nation states may already have something equivalent (or better) and obviously, they won't tell us.

Up to now, the economics of vulnerability discovery used to favor defenders: bugs were expensive to find, expensive to weaponize, and most attackers reused the same handful of public exploits. AI flips the curve. Discovery gets cheap, weaponization gets easy, the pool of "attackers using novel techniques" stops being a tiny elite and becomes the average Mirai operator with a GPU. Anyone with a basic knowledge of how to use claude code can become the next Project Zero researcher.

"But I have a firewall"

Most teams I talk about told me: probing for live services is just background noise (the most valuable resource is categorised as background noise???). I have super-configured a firewall, moved ssh to port 2222, I'm hidden behind cloudflare, I don't run anything on my server except a web project and ssh. Done, right?

That stack only works against threats that announce themselves on ports you're watching and more importantly with signatures you already know. It does nothing about:

  • A scanner hitting port 6379 with a Redis exploit you've never seen.
  • A new Confluence RCE landing 30 minutes after disclosure.
  • A pivoted attacker already inside your network probing your internal services.
  • A model driven scanner that doesn't brute force anything, it just walks straight to a real vulnerability on the first try, the way Mythos walked straight into 27-year-old OpenBSD code.

A firewall is a list of "no". It can't tell you who tried or what they tried or whether they came back from a different IP an hour later. It is an access control and not a detection system. This is the reason why sysadmins end up surprised in incident reports.

Detection is the missing half

What you actually want is two layers:

  1. A door that's locked (firewall, hardening, patching).
  2. A motion sensor on the lawn (something that sees the attacker before they reach the door, and tells you who they are).

The motion sensor is the half almost nobody has. It's the half that matters most when the attacker has new tools you've never seen. Because you don't need to recognize the exploit to recognize the behavior. Someone scanning your Redis port isn't your customer and will never be. Someone hitting fake SSH on a random VPS at 03:14 UTC isn't your sysadmin. You don't need a CVE to ban them but you still need to see them. This is what tarpits and honeypots are for and it's an embarrassingly old idea that most sysadmins still don't run.

Where TarPit.pro fits

Disclosure: I build TarPit.pro. It exists because I got tired of explaining this to people one server at a time. It's a single binary you drop on a server. It opens believable fake versions of the services attackers love — SSH, MySQL, Redis, Postgres, FTP, Telnet plus 70+ others (you can configure as many as you want) and does three things:

  • Catches anything that touches them. Real users have no reason to connect to a fake Redis on a server they don't manage. So every connection is hostile by definition. No false positives, no rule tuning.
  • Tarpits them. Holds the connection open, wastes their scanner budget and slows down whatever automated sweep they're running.
  • Bans them automatically — and on paid tiers, propagates that ban across every server in your fleet. One server catches a scanner, the rest of your fleet is already protected before the attacker gets there.

You get the data a firewall will never give you: who is hitting you, what they're trying, when, and where they're coming from. That's the half of security that turns "we got owned by a zero-day" into "we banned them at 03:14, here's the log."

Tarpit.pro runs on Linux, macOS and Windows. Free tier is a single binary + cloud dashboard, no Docker, no agent stack, no YAML safari. You can install it in about 60 seconds. Just visit https://tarpit.pro

Mythos is a glimpse of where attacker tooling is going. Cheap, fast, novel exploits at scale. The defenders who do fine in that world are the ones who stop relying purely on prevention and start running detection — actual eyes on the wire, not just a hardened door.

Firewalls are necessary. They are not sufficient. They have not been sufficient for years. AI just made the gap impossible to ignore.

Top comments (0)