TL;DR: Anthropic’s Claude Mythos autonomously found thousands of zero-day vulnerabilities, including bugs that survived 27 years of human review and millions of automated tests, according to Oasis Security. Exploitability-based prioritisation is no longer a safe assumption when AI can compress discovery and exploitation into hours.
NHIMG editorial — based on content published by Oasis Security: Claude Mythos and the End of 'Hard to Exploit' Claude Mythos and the End of 'Hard to Exploit'
By the numbers:
- In a Firefox JavaScript engine benchmark, Mythos converted known vulnerabilities into working shell exploits 72.4% of the time.
- One vulnerability persisted in OpenBSD for 27 years.
- Anthropic committed $100 million in usage credits and $4 million to open-source security organizations.
Questions worth separating out
A: The assumption that exploitability stays low long enough for normal remediation breaks first.
Q: Why do low-severity or long-standing bugs become more dangerous in AI-assisted attack scenarios?
A: Because age and prior testing no longer imply safety.
Q: How should teams prioritise patching when exploitability assumptions are no longer stable?
A: Prioritise by exposure, privilege, and business reach, not only by exploitability score.
Practitioner guidance
- Re-score low-exploitability findings against AI-assisted abuse scenarios Review exception queues for vulnerabilities that were downgraded because they were considered hard to exploit.
- Shorten patch approval paths for exposed systems Pre-approve compensating actions such as blocking public access, disabling vulnerable endpoints, or isolating affected services so teams are not waiting for the next change window before acting.
- Reduce reachable privilege on internet-facing assets Remove unnecessary secrets, administrative interfaces, and elevated permissions from systems that can be reached externally, because AI-assisted exploitation turns exposure into a faster path to impact.
What's in the full article
Oasis Security's full blog post covers the operational detail this post intentionally leaves for the source:
- The benchmark-by-benchmark exploit conversion results, including the Firefox JavaScript engine test methodology.
- The cost and run-count context behind the OpenBSD and FFmpeg findings, useful for evaluating attacker economics.
- The project coalition structure, access limits, and how Glasswing participation is being constrained.
- The article's step-by-step guidance on how Oasis expects teams to recalibrate vulnerability scoring and patch cadence.
👉 Read Oasis Security's analysis of Claude Mythos and exploitability collapse →
Claude Mythos and the exploitability gap teams are missing?
Explore further
Exploitability-based prioritisation is now a shrinking control premise. Vulnerability management programmes have long treated “hard to exploit” as a defensible reason to defer remediation. Mythos shows that this assumption is increasingly fragile when discovery and exploit construction can be machine-driven at scale. The implication is not simply faster patching, but a different risk model for finding, ranking, and accepting exceptions.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials, according to AI Agents: The New Attack Surface report.
- Only 44% of organisations have implemented policies to govern AI agents, even though 92% agree governance is critical to enterprise security.
A question worth separating out:
Q: Who is accountable when an accepted vulnerability exception later becomes exploitable through AI?
A: Accountability should sit with the owners of the risk decision, not the attacker model. If a team accepted a vulnerability because it was thought to be hard to exploit, that decision needs a documented review path, a revalidation trigger, and clear ownership for revisiting the exception when the threat model changes.
👉 Read our full editorial: Claude Mythos and the collapse of hard-to-exploit assumptions