Claude Mythos found thousands of critical vulnerabilities in just a few weeks, some of them 27 years old, with zero human intervention. Its first-attempt exploitation success rate: 83%. Which raises an uncomfortable question for our industry, because Mythos is not a story about AI serving cybersecurity. It is the signal that the fundamental model on which the entire industry has built its defenses for thirty years has just become obsolete.
What Mythos Actually Reveals
Claude Mythos Preview is an Anthropic model in a distinct category from anything that existed before, described by the company itself as superior to every other frontier system available today. How it works is simple to understand and hard to accept: give it source code, tell it to find a vulnerability, and it works alone. It reads, forms hypotheses, tests with debuggers, chains exploitation primitives, and delivers either a detailed report with a working exploit or the conclusion that no flaw exists.
The results published under Project Glasswing speak for themselves. Thousands of zero-day vulnerabilities identified across every major operating system and browser. A 27-year-old bug in OpenBSD. A 16-year-old flaw in FFmpeg that five million passes of automated testing tools had never caught. Chained vulnerabilities in the Linux kernel enabling privilege escalation from a standard user account to full machine control. All of it without a single human writing a line of exploit code.
That 83.1% first-attempt success rate deserves a moment of reflection. The best security researcher in the world does not hit 83% on the first try against unknown vulnerabilities.
Anthropic responded pragmatically by restricting access and forming Project Glasswing, a consortium of roughly forty critical companies including AWS, Apple, Microsoft, Cisco and JPMorgan Chase, giving vendors the chance to patch their own systems before these capabilities proliferate. That is responsible. But is it enough?
The Intelligent Attack: Far Beyond Vulnerability Discovery
What Mythos demonstrates on vulnerability discovery is spectacular. But the deepest threat of LLMs in an offensive context is not limited to finding flaws. It touches something more fundamental: the ability of malware to reason about its environment.
Imagine malware that, once implanted in a system, does not immediately launch its payload. Instead, it silently surveys the environment. What software is installed? Which versions? What security tools are running in the background? What are this user’s typical legitimate processes, at what time of day, with what frequency? What security reports are accessible on the network, and what limitations do they document?
This is no longer science fiction. It is the natural direction for an LLM embedded in an attack context. Living off the Land techniques, which use legitimate tools already present on the system to avoid detection, have always been feared precisely because they leave no signature. An LLM can take them to a level we have never seen: scanning every executable present, identifying those that match the target’s security posture, and building a perfectly tailored attack chain in real time, never touching a tool flagged as malicious.
The attacker’s own operational security becomes AI-assisted. Observe a user’s connection patterns for a few days and act only in the windows where anomalous activity will be buried in daily noise. Read the documented limitations of the EDR deployed on the target network and adapt exfiltration techniques accordingly. Produce behavior that looks like a slightly distracted user rather than an intrusion.
In November 2025, Anthropic disclosed that a Chinese state-sponsored group had used Claude Code to run complete attack chains, from reconnaissance to exfiltration, across roughly thirty organizations, before the company detected the operation. That was not a proof of concept. It was live, against real targets.
The Death of the Patch Cycle as We Knew It
There is an uncomfortable truth that nobody in the industry really wants to say out loud: the vulnerability management process, as it exists in the vast majority of organizations, is dead.
In 2018, the window between public vulnerability disclosure and active exploitation averaged 771 days. In 2026, it is under 24 hours. And two thirds of exploited vulnerabilities are weaponized on day zero, before a patch even exists.
The practical consequence is radical. A bank, a hospital, a critical infrastructure operator can no longer afford to run the model of “vulnerability disclosed Monday, patch tested Friday, deployed next Tuesday.” That model assumes a reaction window of several days. That window no longer exists.
Worse: in a Mythos context, we must now operate on the assumption that every disclosed vulnerability will have a working exploit within hours of disclosure. This is no longer a worst-case hypothesis. It is the default scenario.
This creates a structural problem for organizations running complex systems. Testing a patch before deploying it to production means verifying it does not break other critical functions. In a bank, updating one component touches entire dependency chains. In a hospital, a failed patch can interrupt a monitoring system. That validation work cannot be done in two hours. It never will be.
The answer cannot be “patch faster.” The answer must be a complete rethink of the resilience architecture: aggressive segmentation, isolation of critical systems, behavioral detection that does not depend on known signatures, and automated containment capacity that triggers before any human has been alerted.
End-of-Life Systems Are Now Time Bombs
If the exploitation window has collapsed to a matter of hours, end-of-life systems have taken on a new and alarming dimension. Until now, an unmaintained system was risky because its vulnerabilities accumulated without patches. Today it is critical because those same vulnerabilities are now exploitable at scale, without specialist expertise, by anyone with access to an offensive LLM.
Windows 10, abandoned versions of Android, industrial SCADA controllers that have not been updated in ten years, medical equipment running obsolete operating systems, internally developed business applications whose developer left the company three years ago: all of these represent an attack surface that was theoretically exploitable but required rare skills to actually exploit. That is no longer the case.
The democratization of offensive capabilities through LLMs means attackers who could never have developed an exploit against an obscure system now can. The scarcity of expertise was an imperfect but real safeguard. That safeguard is disappearing.
The Future of Software Development: LLM Review as a Prerequisite for Production
There is a deep irony in what Mythos has triggered. Anthropic built a tool powerful enough to find thousands of critical vulnerabilities in weeks. In doing so, Anthropic also demonstrated that such a tool is essential for auditing code before it is deployed. The creator of the problem is also the creator of the solution.
The direction the industry is heading is clear: every organization that writes code, whether a software vendor, a bank building its own tools, or a hospital maintaining its patient records system, will need to integrate LLM-assisted security review as a non-negotiable condition before any production deployment. This is what we call “VulnOps”: a permanent vulnerability operations function, automated like DevOps, capable of continuously scanning the entire software estate.
But that answer, as necessary as it is, does not solve the hardest problem: everything that already exists.
Technical Debt Is Now Existential Security Debt
Every organization that uses software, which means every organization, is sitting on a body of code that has never been audited with Mythos-class tools. Some of that software comes from commercial vendors who will maintain patches. Some is community open source. Some is internally developed, built by teams that have since been restructured, or by contractors whose engagement ended five years ago.
What do you do with an HR management application built in 2017 by a developer who left in 2021, whose source code nobody in the company understands anymore, running on a server in a corner of the datacenter? The honest answer is: nobody knows. And that is precisely the kind of target an attacker armed with an LLM will look for first.
Systems without active maintenance will not receive Glasswing patches. Proprietary solutions whose vendors have disappeared will not be covered by coordinated disclosure programs. Aging frameworks underpinning critical applications will keep accumulating flaws that nobody knows how to fix anymore.
The response to this problem is not primarily technical. It is strategic and organizational. Companies must treat their application inventory for what it is: a risk register. Every unmaintained application is an exposure. Every end-of-life component is an attack surface. Isolating, segmenting and decommissioning these systems is not an IT project. It is a survival priority.
What Organizations Must Do Now
The first priority is to reassess risk models. Many organizations are still using metrics built around exploitation windows that no longer exist. A bank estimating its residual risk on the basis of a weeks-long exploitation timeline is producing board reports that no longer reflect reality.
The second priority is to move away from exclusive dependence on reactive patching and invest in behavioral detection. A system that does not rely on known signatures to detect an intrusion is the only system that can function when the exploit being used against you was generated four hours ago and nobody in the world has seen it yet.
The third priority is to build a real application inventory, starting with internet-facing systems and working toward the full estate. AI agents make this work significantly faster. Without an inventory, it is impossible to know what you are defending.
Finally, the governance of internal AI tools must be treated as a security priority. Every organization deploying AI agents in its infrastructure is expanding its attack surface. Agents are privileged systems, not covered by existing security controls, and securing them cannot be an afterthought.
The Question That Actually Matters
When Steven Meyer appeared on RTS, the presenter asked whether we should be afraid. His answer: the right question is not “are we in danger?” but “who will get access to these capabilities first, the defenders or the attackers?”
There is an optimistic reading of Mythos that some experts defend with conviction, and it deserves to be taken seriously. For thirty years, we have accumulated security debt because we lacked the tools to audit all our code. For the first time, we can imagine a world where vulnerabilities stop accumulating indefinitely, where formal verification becomes accessible at scale, where software can be produced at a structurally higher level of security than was ever possible before. That is not a consolation; it is a technical reality the industry must seize.
But that opportunity is not automatic. It depends on who acts first, who invests now, who accepts that the rules of the game have changed. Organizations waiting for their vendors to send updates, maintaining end-of-life systems because replacement is complicated, operating without an up-to-date application inventory, depending on a patching model designed for a threat from another era: they are not simply exposed. They are moving in the open in an environment that has fundamentally changed.
Watch the full interview of Steven Meyer on Le Forum, RTS.
