There Are Zero-Day Exploits for Your Mind

Anthropic has unveiled a new model called Claude Mythos, and it has been reported that the system is astonishingly good at finding security flaws. According to published accounts, Mythos found thousands of previously undetected vulnerabilities in code that’s been running for decades, and it has been reported that the model posts a roughly 72.4% success rate at generating working exploits. It has been reported that Anthropic will not release Mythos publicly and has instead pushed a coordinated response to patch the bugs.

Move 37

Remember Move 37? That moment when AlphaGo made a play nobody expected and the room went still — Lee Sedol walked out for 15 minutes. It’s a nice metaphor. After centuries of assumed mastery, a machine showed humans a corner of the map we never knew existed. That gut-punch feeling — the sudden realization that your map was incomplete — is exactly what security teams are describing now as Mythos peels back new parts of the vulnerability landscape.

Claude Mythos and Project Glasswing

It has been reported that Mythos wrote a browser exploit chaining four separate flaws, and that it casually produced a remote-root server exploit in hours with little human guidance. It has been reported that one target was a 16-year-old FFmpeg bug that autonomous tools had missed despite millions of hits. In response, it has been reported that Anthropic announced Project Glasswing: a coalition with major vendors — AWS, Apple, Google, Microsoft, CrowdStrike, NVIDIA and others — aimed at emergency patching and mitigation.

This isn’t just a bug story. It’s a preview of a world where AI discovers attack paths humans never thought to look for — faster and at scale. So, are our patching cycles and governance frameworks up to the job? If Move 37 taught us anything, it’s that surprise comes for the things we’re sure we understand. Time to stop assuming the map is complete.

Sources: mikemorgenstern.substack.com, Hacker News