Overview
- Security researcher Bruce Schneier writes that Anthropic’s Claude Mythos Preview claims to autonomously find and turn software flaws into working exploits in major systems like operating systems and internet infrastructure, with access limited to select companies.
- Schneier calls the capability a real but incremental step in a years‑long trend and urges practical defenses such as continuous automated testing, AI‑driven “VulnOps,” strict least‑privilege design, and placing hard‑to‑patch devices behind tight network controls.
- Entrepreneur Steve Blank argues Mythos tilts the field toward attackers for now, saying the model surfaced zero‑days involving race conditions, KASLR bypasses, memory corruption, and flaws in cryptography libraries that affect TLS, AES‑GCM, and SSH.
- Blank contends some issues resemble tradecraft long used by nation‑states and warns the biggest risk sits with understaffed operators like small hospitals, utilities, schools, and local agencies that struggle to patch aging systems.
- Both analyses point to the same takeaway for defenders: ship fixes faster, measure how long changes take to reach production, set speed targets for new tools, and expect a period of rapid patching as AI raises the pace of both finding and fixing bugs.