CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Claude Mythos uncovers thousands of zero-days across major systems via Project Glasswing

First reported
Last updated
4 unique sources, 4 articles

Summary

Hide ▲

Anthropic’s Claude Mythos Preview, under Project Glasswing, has autonomously discovered thousands of high-severity zero-day vulnerabilities across major operating systems, web browsers, and software libraries, including long-standing flaws such as a 27-year-old OpenBSD denial-of-service bug and a 16-year-old FFmpeg issue. The model’s agentic coding and reasoning capabilities enable it to autonomously craft complex exploits, such as a FreeBSD NFS server remote code execution chain and a multi-stage browser sandbox escape via JIT heap spray. Project Glasswing, a consortium involving AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and Anthropic, provides $100 million in Mythos Preview usage credits and $4 million in donations to secure critical software. However, as of May 2026, 99% of vulnerabilities identified by Mythos Preview remain unpatched, and the model has now autonomously chained four zero-days to bypass both browser renderer and OS sandboxes, demonstrating the escalating dual-use risks of AI-driven cybersecurity tools. Industry experts warn that the lack of independent verification and the pace of exploit development necessitate rapid patching cycles and enhanced detection mechanisms to mitigate emerging threats.

Timeline

  1. 08.04.2026 12:16 4 articles · 24d ago

    Claude Mythos autonomously uncovers thousands of zero-days across major software platforms

    Independent analysis confirms Mythos Preview’s dual-use capabilities, where improvements in code generation and reasoning inadvertently enhance exploit-writing prowess. The model autonomously crafted a remote code execution exploit for FreeBSD’s NFS server by splitting a 20-gadget ROP chain across multiple packets to achieve unauthenticated root access, and developed a sophisticated JIT heap spray to escape both renderer and OS sandboxes. Industry experts caution that while Project Glasswing aims to deploy Mythos Preview defensively, there is no guaranteed method to prevent threat actors from obtaining similar capabilities, necessitating rapid patching cycles, behavioral signature detection, and zero-trust architectures. Anthropic has claimed to identify "thousands" of high-risk and critical vulnerabilities but has not provided independent verification or statistics on false positives or error rates, limiting external validation. Updates from May 2026 indicate that 99% of discovered vulnerabilities remain unpatched, and Mythos Preview has autonomously chained four zero-days to bypass both browser renderer and OS sandboxes, highlighting the urgent dual-use risks and the need for accelerated remediation efforts.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Frontier AI dependency recommendations found to generate flawed upgrade and patch guidance

A study by Sonatype analyzing 258,000 AI-generated dependency upgrade recommendations across Maven Central, npm, PyPI, and NuGet from June to August 2025 revealed that frontier AI models—including GPT-5.2, Claude Sonnet 3.7/4.5, Claude Opus 4.6, and Gemini 2.5 Pro/3 Pro—frequently produce hallucinated or incorrect upgrade paths, security fixes, and version recommendations. Nearly 28% of recommendations from earlier models were hallucinations, while even improved frontier models introduced faulty advice, leaving critical and high-severity vulnerabilities unresolved in production environments. The issue stems from the models’ lack of real-time dependency, vulnerability, compatibility, and enterprise policy context, leading to wasted developer time, unresolved exposures, and increased technical debt. Notably, some recommendations introduced known vulnerabilities into AI tooling stacks themselves, exacerbating risk within the models’ own infrastructure.

Open in new tab

Emergence of AI-powered attack and defense techniques reshaping cyber threat landscape in 2026

At RSAC 2026, SANS Institute researchers unveiled five AI-driven attack techniques becoming mainstream in 2026, fundamentally altering the cyber threat landscape. Independent researchers demonstrated AI-generated zero-day exploits at minimal cost ($116 in AI token expenses), breaking historical barriers to zero-day development. Supply chain attacks continued to surge, with malicious packages like the Shai-Hulud worm exposing 14,000 credentials across 487 organizations and a China-affiliated group compromising Notepad++ update infrastructure for six months. Operational Technology (OT) environments face increasing accountability crises due to lack of visibility, where evidence evaporates post-compromise and critical infrastructure incidents result in catastrophic outcomes with unclear attribution. Irresponsible AI deployment in Digital Forensics & Incident Response (DFIR) is generating false confidence and undermining response outcomes. Meanwhile, defenders are adopting autonomous defense frameworks like Protocol SIFT to counter AI-driven attacks, achieving up to 47x faster response times in simulated incidents.

Open in new tab

Langflow unauthenticated RCE vulnerability (CVE-2026-33017) exploited within 20 hours of disclosure

CISA formally confirmed active exploitation of the Langflow unauthenticated RCE vulnerability (CVE-2026-33017) on March 26, 2026, adding it to the Known Exploited Vulnerabilities (KEV) catalog and mandating U.S. federal agencies to apply mitigations or stop using the product by April 8, 2026. Threat actors exploited the flaw within 20–24 hours of its March 17, 2026 disclosure, progressing from automated scanning to staged Python payload delivery and credential harvesting (including .env and .db files) despite the absence of public PoC code. The vulnerability, with a CVSS score of 9.3, affects all Langflow versions prior to and including 1.8.1 and stems from an unsandboxed exec() call in the /api/v1/build_public_tmp/{flow_id}/flow endpoint. CISA did not attribute exploitation to ransomware actors but emphasized the risk to AI workflows given Langflow’s widespread adoption, including 145,000 GitHub stars. Endor Labs reported that attackers likely reverse-engineered exploits from the advisory details, underscoring the accelerating weaponization timeline. Mitigation guidance includes upgrading to version 1.9.0+ or disabling the vulnerable endpoint, restricting internet exposure, monitoring outbound traffic, and rotating all associated credentials.

Open in new tab

AI-driven acceleration of exploitation timelines reduces window between vulnerability disclosure and active attacks

In 2025, threat actors leveraged AI and automation to compress the time between public vulnerability disclosure and exploitation from weeks to days or even minutes, significantly reducing the traditional "predictive window" for defenders. The median time between vulnerability publication and inclusion in CISA’s Known Exploited Vulnerabilities (KEV) catalog decreased from 8.5 days to 5 days, while the mean dropped from 61 days to 28.5 days. The use of AI accelerated reconnaissance, automated decision-making, and industrialized social engineering, enabling rapid weaponization of known weaknesses such as exposed services, weak identity controls, and unpatched edge infrastructure. Confirmed exploitation of high-severity CVEs (CVSS 7–10) rose 105% year-over-year, with deserialization, authentication bypass, and memory corruption flaws most frequently exploited—often against file transfer systems, edge appliances, and collaboration platforms.

Open in new tab

AI-Automated Exploitation Accelerates Threat Actor Capabilities

AI-driven automation is significantly reducing the cost and increasing the speed of cyber exploitation. Threat actors now use AI to accelerate reconnaissance, vulnerability discovery, exploit development, and operational tempo. This shift makes large vulnerability backlogs more dangerous, as attackers can exploit them faster. Boards and CISOs must address this by focusing on operational truth and reducing vulnerability exposure at the source. Regulatory pressures, such as the EU's Cyber Resilience Act (CRA) and Digital Operational Resilience Act (DORA), are increasing expectations for vulnerability handling and secure-by-design practices. Organizations must invest in reducing vulnerability backlogs to prevent operational disruption and legal liabilities.

Open in new tab