Anthropic has restricted access to its Claude Mythos model after it identified critical vulnerabilities across major software systems. The findings highlight how advanced AI tools can expose systemic weaknesses faster than traditional security methods.
The company said the general-purpose model uncovered flaws in operating systems, cryptographic standards, and web applications. These included a 27-year-old bug in OpenBSD, a 16-year-old issue in FFmpeg, and a 17-year-old remote code execution flaw in FreeBSD. According to Anthropic, 99% of the vulnerabilities detected remain unpatched, limiting public disclosure.
Can AI-Driven Vulnerability Discovery Be Safely Scaled?
The scale of discovery reflects a broader shift in cybersecurity dynamics as AI accelerates both defense and attack capabilities. Industry data cited by Anthropic shows a 72% year-over-year increase in AI-powered cyberattacks, with 87% of global organizations reporting exposure to such incidents in 2025. By comparison, traditional vulnerability discovery cycles often take months or years to surface similar issues. Anthropic warned that rapid capability growth could outpace responsible deployment.
“Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely,” the company said.
It added that premature disclosure of unpatched vulnerabilities would increase the risk of exploitation.
The model also identified weaknesses in widely used cryptographic protocols, including TLS, AES-GCM, and SSH, alongside common web attack vectors such as SQL injection and cross-site scripting. These findings suggest that long-standing assumptions about software security may require reassessment as AI tools scale across codebases.
Anthropic described the current phase as transitional, with risks tied to both defensive lag and potential misuse.
“Work of defending the world’s cyber infrastructure might take years,” the company said, while expressing confidence that long-term outcomes could improve overall resilience.
The company is now limiting Mythos Preview to select partners while remediation efforts continue. The next catalyst will be whether coordinated patching and controlled deployment can keep pace with the accelerating capabilities of AI-driven security tools.
