Claude Mythos: Inside the Hype and Reality of Anthropic’s Zero-Day Hunting AI Model

Claude Mythos is on a lot of engineering and security teams’ minds. It’s the AI model that’s launched a thousand thinkpieces, although many of those writers and members of the security community have yet to access it. 

The AI model, known as Claude Mythos, was announced April 7 by Anthropic. During testing, according to Anthropic, Mythos autonomously identified zero-day vulnerabilities, many of which were difficult to detect, and decades old. The oldest was a 27-year-old bug in OpenBSD, which has since been patched. More concerning, Anthropic announced that Mythos is capable of chaining previously-unknown vulnerabilities into full attack paths, a capability that cybersecurity experts say could outpace current defensive practices. 

Anthropic’s announcement created twin waves of hype: excitement about the possibilities of AI in security, and anxiety about the sorts of attacks that might be perpetrated with help from Mythos.

“Mythos and some of these frontier models are really pushing the boundaries of what is achievable,” said Michael Lieberman, co-founder and CTO of Kusari. “It can seem scary at first. Bad actors getting their hands on this tech could potentially have catastrophic consequences, but I doubt it will. Good actors have access to these tools today and are hardening critical software.”

Those “good actors” include more than 50 tech companies that have been given access to Claude Mythos Preview in lieu of a public release. Called Project Glasswing, the preview includes companies like Amazon Web Services, Apple, Cisco, Google, and Microsoft. Those partners will use Claude Mythos to “find and fix vulnerabilities or weaknesses in their foundational systems—systems that represent a very large portion of the world’s shared cyberattack surface,” Anthropic announced.

Mythos Hype vs. Mythos Reality

Despite all the ink that’s been spilled about Mythos, and despite some recent testing by external groups, such as the UK’s AI Security Institute (AISI), there’s no independently-verified consensus about what exactly Mythos is capable of. 

“Mythos is clearly powerful, but it's hard to say how much is real and how much is hype when only a select few have access,” Lieberman said. “My feeling is this is another iterative bump, but it doesn't magically find zero days.”

Saif Aldeen Al-Kadhim, assistant professor and IoT researcher at the State Key Laboratory for Manufacturing Systems Engineering, agrees, noting that Mythos is unlikely to magically break everything. Rather, he said, it will lower the cost of finding flaws in legacy or poorly-maintained IoT fleets.

“The hype is full automation; the reality is asymmetric acceleration, where AI speeds up both defenders and attackers, and the systems most at risk are the ones with long lifecycles, weak patching, and limited observability,” he said.

While Anthropic announced that Mythos found thousands of vulnerabilities, most of those have not been translated into CVEs just yet. “From a disclosure timeline perspective I'm surprised we are not seeing more CVEs yet,” said Patrick Garrity, Security Researcher at VulnCheck. 

Garrity began documenting a CVE list of vulnerabilities discovered by Anthropic. “This could also be because they are being silently patched or the vulnerabilities are not being attributed to Project Glasswing. Time will tell,” Garrity said.

A Seismic Shift for Embedded Software?

For embedded software teams, the announcement of Mythos raises concerns about patch timelines, industry experts say.

“AI is accelerating vulnerability discovery and exploit development, breaking the assumption that finding a bug and fixing a bug can happen on roughly the same timeline,” said Joseph M. Saunders, founder and CEO of RunSafe Security. “That assumption has never panned out, and most definitely does not anymore.”

Embedded systems are difficult to update and often rely on legacy code. A device with embedded software can be in the field for years before it’s retired. That creates a problem: Mythos can scan, analyze, and exploit these systems much faster than organizations can patch them.

“Embedded security is where vulnerability discovery collides with physics and time,” says Gary Schwartz, a senior vice president at NetRise. “That is the real embedded problem: flaws can be found quickly, but fielded devices are much harder to patch, replace, or even take offline.”

The Hardware and Software Boundary

What sets Claude Mythos apart from previous AI models is a deeper understanding of the boundary where software meets hardware. By analyzing low-level code, compiled binaries, and firmware-like artifacts, Mythos has been able to reconstruct logic, map execution paths, and identify vulnerabilities that traditionally required specialized reverse engineering expertise. 

“AI like Claude Mythos changes vulnerability discovery by making embedded analysis faster and more system-aware, but the real value comes when it understands the hardware context, not just the firmware,” Al-Kadhim said.

Many modern exploits emerge from the interaction between bugs and the underlying system. For example, said Al-Kadhim, a flaw in an IoT sensor node might only be exploitable when combined with a parsing bug in the update logic with the device’s memory map, interrupted behavior, or an insecure OTA path.

“Embedded vulnerabilities are often device-specific; they depend on peripherals, DMA, interrupts, timing, and how firmware interacts with real sensors and actuators,” he said. Tools like Claude Mythos are accelerating this kind of cross-layer analysis, making it easier to turn minor issues into fully weaponized attack paths.

“In my view, AI is most powerful when it can reason across the sensor, firmware, and transport layers together, instead of treating the binary as an isolated artifact,” said Al-Kadhim.

How Embedded Teams Can Respond

For all the discussion of Claude Mythos, this AI model is just the starting point. More models are soon to follow, and CVEs along with it.

“Organizations should focus on the fundamentals of automated remediation, mitigating controls and understanding that the volume will continue to increase,” Garrity said. “It makes sense to pick up AI tooling to experiment with what it can find in your codebase today rather than just waiting for Glasswing to become publicly available. Other models appear to now be producing similar results.”

In MEMS and IoT systems, Al-Kadhim notes that it is no longer sufficient to treat security as a layer added after prototyping. Instead, mechanisms like secure boot, authenticated update pathways, defined trust boundaries between sensors and gateways, and continuous runtime verification need to be embedded into the architecture from the outset. 

The reason is timing: AI-assisted analysis is now capable of surfacing weak assumptions and architectural gaps much earlier in the development lifecycle, meaning design decisions that were once considered “late-stage fixes” are increasingly exposed as foundational risks.

And as for patching, Saunders sees this as an inflection point: “Security can’t be solely about patching every vulnerability. It has to include protecting systems while those vulnerabilities are still present.”