AI Just Found Bugs That Humans Missed for 27 Years — And That Changes Everything
How Anthropic's new model is rewriting the rules of cybersecurity — explained simply.
On April 7, 2026, Anthropic quietly dropped one of the most important announcements in cybersecurity history. Their new model, Claude Mythos Preview, found and exploited security flaws in every major operating system and every major web browser — many of which had been hiding in plain sight for decades.
Let me break down what happened, why it matters, and what it means for all of us — no jargon, no hype, just the facts.
🧠 First, What Are "Vulnerabilities"?
Think of software like a house. A vulnerability is an unlocked window that nobody noticed. It's been there since the house was built, but because no one checked that particular window, burglars never found it either.
Now imagine an AI that can walk through every room of every house on the internet and check every window, every door, every crack — in hours, not years.
That's what Mythos Preview does for software.
🔍 What Did It Actually Find?
Here are three real examples — all confirmed and now patched:
1. A 27-Year-Old Bug in OpenBSD
What is OpenBSD? A super-secure operating system used to run firewalls and critical internet infrastructure. Its entire reputation is built on security.
The bug: When two computers talk over the internet using TCP (the basic protocol for web traffic), they send "acknowledgment" messages back and forth — "Hey, I got packets 1 through 10."
OpenBSD had a flaw in how it tracked these acknowledgments. By sending a carefully crafted message with a negative starting point, an attacker could trick the system into crashing.
How? Two small bugs combined:
- Bug 1: The code checked if the end of an acknowledgment was valid, but never checked the start. Usually harmless.
- Bug 2: Under a very specific condition, the code tried to write to a memory address that no longer existed (a "null pointer").
The trick was that reaching Bug 2 should have been impossible — except that by exploiting Bug 1 with a number roughly 2 billion away from the expected range, a math overflow fooled both safety checks simultaneously.
Impact: Anyone on the internet could remotely crash any OpenBSD machine. This bug existed since 1998.
📊 Cost to find it: Under $50 for that specific run
(within a $20,000 sweep of ~1,000 runs across the codebase)
2. A 16-Year-Old Bug in FFmpeg
What is FFmpeg? The video processing engine behind almost every app that plays or converts video. YouTube, VLC, Discord — they all rely on it. It's one of the most tested pieces of software on Earth.
The bug: When decoding H.264 video (the standard format for most video), FFmpeg tracks which "slice" each chunk of pixels belongs to using a table of 16-bit numbers (max value: 65,535).
The code uses the value 65535 as a special marker meaning "nobody owns this pixel yet." But if an attacker creates a video with exactly 65,536 slices, then slice number 65,535 collides with the marker. The decoder gets confused, thinks a nonexistent neighbor pixel is real, and writes data where it shouldn't.
Think of it like a hotel that uses room 9999 as
the code for "this room doesn't exist."
Now someone books exactly 10,000 rooms.
Guest 9999 checks in — and the system can't tell
the difference between a real guest and "doesn't exist."
Why did nobody catch this? Fuzzers (automated testing tools) had hit this code millions of times with random inputs. But they never tried a video with exactly 65,536 slices — because no real video would ever have that many. The AI understood the logic of the code, not just random inputs.
3. Full Remote Takeover of FreeBSD (CVE-2026-4747)
What is FreeBSD? Another widely-used operating system, especially for servers and networking equipment.
The bug: FreeBSD's file-sharing service (NFS) had a function that copied data from an incoming network packet into a 128-byte buffer — but the packet could be up to 400 bytes. Classic buffer overflow.
What Mythos Preview did with it:
| Step | What Happened |
|---|---|
| 1. Found the overflow | The AI read the FreeBSD kernel source and spotted the mismatch between buffer size (128 bytes) and input limit (400 bytes) |
| 2. Noticed the missing protections | The buffer was declared as int32_t[] instead of char[], so the compiler didn't add a security canary — a guard value that normally detects overflows |
| 3. Figured out how to authenticate | To reach the vulnerable code, you need a secret handle. The AI discovered you could get it by making one unauthenticated call that leaks the server's UUID |
| 4. Built a 20-step attack chain | The actual exploit needed ~1,000 bytes but only had 200 bytes of space. So the AI split it into 6 sequential network requests, each building a piece of the attack in memory |
| 5. Result | Unauthenticated root access — complete control of the machine, from anywhere on the internet |
This bug had been hiding in FreeBSD for 17 years.
📈 The Numbers Are Staggering
Here's the leap in capability compared to the previous best model (Opus 4.6):
| Task | Opus 4.6 | Mythos Preview |
|---|---|---|
| Firefox JS engine exploits (out of hundreds of attempts) | 2 | 181 ✅ |
| Full control-flow hijack on patched targets | 1 | 10 |
| CyberGym vulnerability benchmark | 66.6% | 83.1% |
| SWE-bench Verified (code tasks) | 80.8% | 93.9% |
And here's the part that should make you sit up:
Non-security-engineers at Anthropic asked Mythos Preview to find remote code execution bugs before going to bed. They woke up to complete, working exploits.
🤝 Project Glasswing — The Industry Response
Anthropic isn't releasing this model to the public. Instead, they launched Project Glasswing — named after a butterfly with transparent wings — bringing together 12 major partners:
🏢 AWS 🍎 Apple 📡 Broadcom
🌐 Cisco 🛡️ CrowdStrike 🔍 Google
🏦 JPMorganChase 🐧 Linux Foundation
💻 Microsoft 🎮 NVIDIA 🔒 Palo Alto Networks
🤖 Anthropic (leading the effort)
Plus 40+ additional organizations working on critical infrastructure.
The investment:
- 💰 $100M in model usage credits for partners
- 💰 $2.5M to open-source security foundations (OpenSSF, Alpha-Omega)
- 💰 $1.5M to the Apache Software Foundation
The idea is simple: let the defenders find the bugs before the attackers do.
🔗 What About Chaining Vulnerabilities?
This is where it gets really impressive. Many individual bugs aren't dangerous on their own. It's like having a key that opens one door — but the door leads to another locked door.
Mythos Preview can chain vulnerabilities together automatically:
Example from the Linux kernel:
Bug 1 → Bypass address randomization (figure out WHERE things are in memory)
↓
Bug 2 → Read contents of a protected data structure
↓
Bug 3 → Write to a previously-freed piece of memory
↓
Bug 4 → Place a malicious object exactly where the write lands
↓
🔓 Full root access
It did this across Linux, web browsers (building JIT heap sprays and sandbox escapes), and even closed-source software by reverse-engineering the binaries first.
💡 Why This Is Different From Everything Before
Traditional security testing works like this:
Old way (Fuzzing):
→ Generate millions of random inputs
→ Feed them to the program
→ See if anything crashes
→ Hope you got lucky
AI way (Mythos Preview):
→ Read and UNDERSTAND the code
→ Hypothesize where bugs might be
→ Test specific theories
→ Chain bugs together into real attacks
→ Produce a working exploit with a full report
The FFmpeg example is the perfect illustration. Fuzzers hit that code millions of times. They never thought to try exactly 65,536 slices because they don't understand what the code does. The AI did.
⚠️ The Scary Part
These capabilities weren't intentionally trained. They emerged naturally from making the model better at coding and reasoning. The same improvements that help it fix bugs also help it exploit them.
And here's the timeline that should concern everyone:
A few months ago → Models couldn't find non-trivial vulnerabilities
A few weeks ago → Models could find bugs but rarely exploit them
Today → Mythos Preview finds AND exploits zero-days autonomously
Tomorrow → ???
Anthropic has identified thousands of additional high-severity vulnerabilities that are still going through responsible disclosure. Only about 1% of what they've found has been patched so far.
🛡️ What Should Defenders Do Right Now?
Anthropic's advice, and I think it's sound:
1. Start Using AI for Security Today
You don't need Mythos Preview. Current models like Claude Opus 4.6 can already find hundreds of vulnerabilities. The point is to start building the muscle now.
2. Shorten Your Patch Cycles
The window between "vulnerability disclosed" and "exploit available" just collapsed from weeks to hours. Auto-update everything. Treat security patches as urgent, not routine.
3. Rethink "Defense in Depth"
Some security measures work by making exploitation tedious rather than impossible. AI doesn't get tired. Focus on hard barriers (like memory safety, address randomization) over friction-based defenses.
4. Automate Your Incident Response
More bugs found = more attacks attempted. You can't staff your way through the volume. Let models help with triage, investigation, and response.
🔮 The Big Picture
We're at an inflection point. For 20 years, cybersecurity has been in a relatively stable equilibrium — attacks evolved, but the shape of attacks stayed similar. That's about to change.
The good news: defense has the long-term advantage. Defenders can use these tools proactively to find and fix every bug. Attackers only need to find one — but defenders can now find them first, at scale.
The bad news: the transition will be rough. Until the security world adapts, attackers who get access to similar capabilities will have a field day.
Anthropic's bet with Project Glasswing is that by giving defenders a head start — even a few months — the industry can reach a new, more secure equilibrium before the storm hits.
Whether that bet pays off depends on how fast the rest of us move.
📚 Further Reading
- Anthropic's Technical Blog Post — Full technical details on every vulnerability discussed
- Project Glasswing Announcement — Partner quotes and initiative details
- Anthropic's Coordinated Vulnerability Disclosure Policy
If you found this useful, give it a 👏 and share it with your team. The cybersecurity landscape just changed — and everyone building software needs to understand how.
Top comments (0)