Discovering weaknesses and attack vectors using Claude Mythos Preview. In recent weeks, we’ve leveraged Claude Mythos Preview to uncover thousands of previously unknown zero-day vulnerabilities—many of them critical—across every major operating system, web browser, and a variety of other key software platforms. A new post on our Frontier Red Team blog shares technical details on a selection of these flaws that have now been patched, including, in some cases, the exploitation techniques that Mythos Preview discovered. It autonomously detected almost all of these vulnerabilities and generated numerous corresponding exploits, with no human guidance required. Here are three examples: Mythos Preview uncovered a 27-year-old vulnerability in OpenBSD, an operating system widely regarded as one of the most security-hardened in existence and commonly used for firewalls and other critical infrastructure. The flaw enabled an attacker to remotely crash any system running the OS simply by establishing a connection to it. It also uncovered a 16-year-old flaw in FFmpeg—a library used by countless applications for encoding and decoding video—that had been executed five million times by automated testing tools without ever being detected. The model independently discovered and combined multiple flaws in the Linux kernel—the core software powering the majority of global servers—enabling an attacker to escalate from standard user privileges to full system control. We disclosed these vulnerabilities to the maintainers of the affected software, and they have since been fixed.
Anthropic News