LIVE THREATS
HIGH AI Email Agent Susceptible to Classic Phishing Tactics, Leaks Credentials and CRM Data // MEDIUM Anthropic Mythos Threatens Bug Bounty Industry with Machine-Speed Vulnerability Discovery // MEDIUM Anthropic's Mythos-Class Claude Fable 5 Ships With Cybersecurity Fallback Guardrails // CRITICAL Claude Mythos Weaponises N-Day Vulnerabilities Into Working Exploits Within Hours // MEDIUM Microsoft Publishes Investigator Playbook for AI Telemetry and Incident Reconstruction // CRITICAL Self-Replicating AI Worm Uses Local LLM to Generate Exploits at Runtime // CRITICAL Miasma Worm Targets AI Coding Agents via Poisoned Microsoft Packages // MEDIUM AI Security M&A Surge: Agentic Identity, LLM Evaluation, and Browser Control Targeted // HIGH Claude Code GitHub Action Leaked CI/CD Secrets via Prompt Injection // HIGH Gartner Flags Deepfakes and Prompt Injection Among Top Attacker Advantages //
ATLAS OWASP CRITICAL Active exploitation · Immediate action required LLM Security Jailbreaks Agentic AI Research Industry News RELEVANCE ▲ 9.2

Claude Mythos Weaponises N-Day Vulnerabilities Into Working Exploits Within Hours

SOURCE SecurityWeek ↗
TL;DR CRITICAL
  • What happened: Claude Mythos Preview built 14 working Firefox/Windows exploits within hours, shrinking the patch-gap window.
  • Who's at risk: Any organisation running unpatched software is at heightened risk as LLMs dramatically reduce the time and expertise required to weaponise disclosed vulnerabilities.
  • Act now: Accelerate patch deployment cycles — treat N-days with the same urgency as zero-days · Monitor for exploit PoC activity immediately upon CVE disclosure, not just zero-day announcements · Audit internal AI tool access policies to prevent misuse of capable LLMs for offensive research
Claude Mythos Weaponises N-Day Vulnerabilities Into Working Exploits Within Hours

Overview

Anthropic’s Claude Mythos Preview model has demonstrated a capability that significantly alters the calculus of vulnerability risk: the ability to generate working exploit code targeting known, patched vulnerabilities — so-called N-days — within minutes to hours. In a controlled evaluation, Mythos Preview produced 14 functional proof-of-concept (PoC) exploits targeting SpiderMonkey vulnerabilities patched in Firefox 148 and 149, while the company’s Opus 4.8 model delivered 11. The first PoC arrived in just eight minutes. Across a broader test set, 16 working exploits targeting Firefox and Windows were produced within hours. Critically, Anthropic also tested public-facing models with safety guardrails disabled, which also produced working exploits — demonstrating that the offensive capability is not confined to frontier research models.

This matters because the traditional assumption that N-days are low-urgency threats relative to zero-days is breaking down. LLMs can now automate patch diffing and reverse engineering — historically the most expertise-intensive stage of exploit development — making weaponisation accessible to lower-skilled threat actors at scale.

Technical Analysis

The evaluation focused on 18 security patches shipped for the SpiderMonkey JavaScript engine across two Firefox releases. Mythos Preview and Opus 4.8 were tasked with constructing PoC code by analysing patch diffs and inferring exploitable pre-patch conditions — a technique known as patch-diffing.

Key findings:

  • Mythos Preview: 14/18 PoCs generated successfully
  • Opus 4.8: 11/18 PoCs generated; first PoC in ~8 minutes
  • Public models (safeguards off): Produced working exploits, though at lower rates
  • Broader test: 16 working exploits across Firefox and Windows in hours

The workflow mirrors real attacker tradecraft: ingest patch metadata, identify changed code paths, reconstruct the vulnerable state, and generate triggering input or shellcode. LLMs compress the expertise requirement by automating reasoning across these steps, which traditionally required seasoned vulnerability researchers.

Anthropically noted that exploit development is not the only campaign step, but it has historically been the primary bottleneck — one that Mythos effectively removes for a growing class of N-day vulnerabilities.

Framework Mapping

  • AML.T0047 (ML-Enabled Product or Service): Mythos is being used as an offensive capability enabler, directly augmenting attacker workflows.
  • AML.T0054 (LLM Jailbreak): Public models produced exploits with guardrails disabled, confirming that safety controls are bypassable in capability-relevant ways.
  • AML.T0043 (Craft Adversarial Data): The exploit generation process involves crafting precise inputs to trigger vulnerable code paths.
  • LLM02 (Insecure Output Handling): The models output functional exploit code — a class of dangerous output that downstream consumers or API users could operationalise without further sanitisation.
  • LLM08 (Excessive Agency): Agentic use of Mythos in automated exploit pipelines represents an excessive-agency risk if deployed in loosely governed environments.

Impact Assessment

The primary impact is a structural compression of the patch window. Organisations that previously had days or weeks to patch before N-days were weaponised may now have hours. This is especially acute for:

  • Enterprise IT teams managing large, heterogeneous software estates
  • OT/ICS environments where patching is slow or operationally disruptive
  • Software vendors whose patch releases can now be reverse-engineered at machine speed

The secondary impact is threat actor democratisation — lower-tier cybercriminal groups gain access to exploit development capabilities previously reserved for nation-state actors or elite researchers.

Mitigation & Recommendations

  1. Treat N-days as zero-days: Revise patch SLAs to assume exploit availability within hours of disclosure.
  2. Prioritise patch diffing intelligence: Monitor public repositories and LLM-assisted PoC activity immediately post-CVE.
  3. Deploy virtual patching: Use WAFs, IPS signatures, and runtime protections as compensating controls during patch lag.
  4. Restrict LLM access for offensive tasks: Implement organisational policies and technical controls limiting use of capable models for vulnerability research without governance oversight.
  5. Increase detection coverage: Instrument endpoints for exploitation indicators targeting recently patched CVEs with renewed urgency.

References

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.