Anthropic built a model that found a security flaw hiding in plain sight since 1998. Then it locked the model away.
The flaw was in OpenBSD, an operating system built around security that runs firewalls and network infrastructure worldwide. The vulnerability was in its TCP SACK implementation — a network filter driver component — and it sat undetected for 27 yearsAnthropic. Anthropic's model, Claude Mythos Preview, also found a 16-year-old bug in FFmpeg's H.264 codec that automated testing tools had hit five million times without ever catching the problemAnthropic. A third flaw in FreeBSD's NFS implementation had gone undetected for 17 yearsAnthropic Red Team.
All 20 vulnerabilities the model found in its formal evaluation were previously unknownAnthropic Red Team. Anthropic is not selling access to the model. Instead it announced Project Glasswing — a partnership with twelve companies including Amazon, Apple, Google, Microsoft, JPMorganChase, and the Linux Foundation — that controls who can use the model and for whatAnthropic. The company also committed up to $100 million in usage credits and $4 million in donations to open-source security projectsAnthropic. The partnership structure, not an open API, is the access point: a twelve-company consortium decides who gets to use a model that finds decade-old bugs in widely-deployed software.
The UK's AI Security Institute ran its own tests. Its conclusion: Mythos Preview is the first model to complete a full 32-step corporate network attack simulation end-to-end, succeeding in 3 out of 10 attempts and completing an average of 22 out of 32 stepsUK AI Security Institute. The previous best model, Claude Opus 4.6, averaged 16 steps. On expert-level capture-the-flag tasks where no model could complete a single challenge before April 2025, Mythos succeeded 73 percent of the timeUK AI Security Institute. The AISI broader assessment: frontier AI cyber capabilities are now doubling every four months, not the eight months previously estimatedUK Government.
The political reaction moved faster than the technical one. Bank of England Governor Andrew Bailey told the BBC that central banks and financial regulators must quickly understand the implications and that cyber has climbed the risk rankings faster than any other category in recent yearsBBC. Canadian Finance Minister Francois-Philippe Champagne raised Mythos at IMF meetings in Washington this week, describing it as the unknown unknownBBC. ECB supervisors are gathering information about the model with a view to asking banks about their preparednessReuters. Barclays CEO CS Venkatakrishnan said his team has to understand the vulnerabilities being exposed and fix them quickly. This is what the new world is going to be, he saidBBC.
The UK government issued a direct advisory to all UK businesses, signed by Tech Secretary Liz Kendall and Security Minister Dan Jarvis, citing the AISI finding that Mythos is substantially more capable at cyber offence than any model previously assessedUK Government.
The most pointed warning came from Richard Browne, director of the UK's National Cyber Security Centre. In five to six months, he told media outlets, it will be in the hands of an active state actorSilicon Republic. Governance is great, very important, but it does not stop criminal actorsSilicon Republic.
The race is already on to patch. Anthropic says it notified affected vendors before publishing and gave them 90 days to develop patchesAnthropic Red Team. The 27-year OpenBSD flaw and the FreeBSD NFS vulnerability are among those now in the process of being fixed.
Former UK NCSC head Ciaran Martin offered a more nuanced read. The collapse of the vulnerability discovery timeline from months to seconds or hours is challenging, he told AFP, but it also creates a real opportunity here to fix a lot of the internet's hidden bugsThe Next Web.
Independent researchers have begun testing how far this capability has spread. AISLE, an AI cybersecurity startup, ran the OpenBSD privilege escalation exploit against small open-weight modelsVentureBeat. An 11-cent-per-million-token model with 3.6 billion parameters detected the exploit. A 5.1-billion-parameter model recovered the core analysis chain of the 27-year-old bugVentureBeat.
That is the gap the story sits inside. Automated security tools missed these vulnerabilities for years, decades, in some cases since before many security engineers started their careers. One AI model, run in a research evaluation, found them in weeks. The model is not for sale. But smaller versions of its analytical capability are already accessible, and the clock Richard Browne described is running.
