{"id":535,"date":"2026-04-08T10:14:35","date_gmt":"2026-04-08T10:14:35","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=535"},"modified":"2026-04-08T10:14:35","modified_gmt":"2026-04-08T10:14:35","slug":"anthropics-claude-mythos-finds-thousands-of-zero-day-flaws-across-major-systems","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=535","title":{"rendered":"Anthropic’s Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems"},"content":{"rendered":"
\n

\ue804<\/i>Ravie Lakshmanan<\/span>\ue802<\/i>Apr 08, 2026<\/span><\/span>Artificial Intelligence \/ Secure Coding<\/span><\/p>\n<\/div>\n

\n
<\/a><\/div>\n

Artificial Intelligence (AI) company Anthropic announced a new cybersecurity initiative\u00a0called Project\u00a0Glasswing\u00a0<\/strong>that\u00a0will use a preview version of its new frontier model, Claude Mythos<\/b>,\u00a0to find and address security vulnerabilities.<\/p>\n

The model will\u00a0be used<\/a> by\u00a0a small\u00a0set of organizations, including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike,\u00a0Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto\u00a0Networks, along\u00a0with Anthropic, to secure critical\u00a0software.<\/p>\n

The company said it’s forming this initiative in response to capabilities observed in its general-purpose frontier model that demonstrate a \u00ablevel of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.\u00bb Because\u00a0of its cybersecurity capabilities and concerns\u00a0that they\u00a0could be\u00a0abused, Anthropic has opted not to\u00a0make the\u00a0model generally available.<\/p>\n

Mythos\u00a0Preview, Anthropic\u00a0claimed, has\u00a0already discovered<\/a> thousands of high-severity zero-day vulnerabilities in every major operating system and web browser. Some\u00a0of these include a now-patched 27-year-old bug in OpenBSD, a 16-year-old flaw in FFmpeg, and a memory-corrupting vulnerability in a memory-safe virtual machine\u00a0monitor.<\/p>\n

\n
\"Cybersecurity\"<\/a><\/div>\n<\/div>\n

In one instance highlighted by the company, Mython Preview is said to have autonomously come\u00a0with a web browser exploit that chained together four vulnerabilities to escape the renderer and operating system sandboxes. Anthropic\u00a0also noted<\/a> in the preview’s system card that the model solved a corporate network attack simulation that would have taken a human expert more than 10\u00a0hours.<\/p>\n

<\/p>\n

In perhaps what’s one of the most eyebrow-raising findings, Mythos Preview managed to follow instructions from a researcher running an evaluation to escape a secured \u00absandbox\u00bb\u00a0computer it was provided\u00a0with, indicating a \u00abpotentially dangerous capability\u00bb to bypass its own safeguards.<\/p>\n

The model did not stop there. It\u00a0further went on to perform a series of additional actions, including devising a multi-step exploit to gain broad internet access from the sandbox system and send an email message to the researcher, who was eating a sandwich in a\u00a0park.<\/p>\n

\u00abIn addition, in a concerning and unasked-for effort to demonstrate its success, it posted details about its exploit to multiple hard-to-find, but technically public-facing, websites,\u00bb Anthropic\u00a0said.<\/p>\n

\"\"<\/a><\/div>\n

The\u00a0company pointed\u00a0out that Project Glasswing<\/b> is an \u00aburgent attempt\u00bb\u00a0to employ frontier model capabilities for defensive purposes before those same capabilities are\u00a0adopted by hostile\u00a0actors. It’s also committing up to $100 million in usage credits for Mythos Preview across, as well as $4 million in direct donations to open-source security organizations.<\/p>\n

\u00abWe did not explicitly train Mythos Preview to have these capabilities,\u00bb Anthropic said. \u00abRather, they emerged as a downstream consequence of general improvements in code, reasoning, and autonomy. The\u00a0same improvements that make the model substantially more effective at patching vulnerabilities also make it substantially more effective at exploiting\u00a0them.\u00bb<\/p>\n

News of\u00a0Mythos leaked last month after details about the\u00a0model were inadvertently\u00a0stored in a publicly accessible data cache due to human error. The\u00a0draft material described it as the most powerful and capable AI model built to date. Days\u00a0later, Anthropic suffered a second security lapse that accidentally exposed nearly 2,000 source code files and over half a million lines of code associated with Claude Code for about three\u00a0hours.\u00a0<\/p>\n

\n
\"Cybersecurity\"<\/a><\/div>\n<\/div>\n

The leak also led to the discovery of a security issue that bypasses certain safeguards when the AI coding\u00a0agent is\u00a0presented with a command composed of more than 50 subcommands. The issue has since been formally addressed by\u00a0Anthropic in Claude\u00a0Code version\u00a02.1.90<\/a>, released last\u00a0week.<\/p>\n

\u00abClaude Code, Anthropic’s flagship AI coding agent that executes shell commands on developers’ machines, silently ignores user-configured security deny rules when a command contains more than 50 subcommands,\u00bb AI security company\u00a0Adversa said<\/a>. \u00abA developer who configures ‘never run rm’ will see rm blocked when run alone, but the same ‘rm’ runs without restriction if preceded by 50 harmless statements. The\u00a0security policy silently vanishes.\u00bb<\/p>\n

\u00abSecurity analysis costs\u00a0tokens. Anthropic’s\u00a0engineers hit a performance problem: checking every subcommand froze the UI\u00a0and burned\u00a0compute. Their fix: stop checking after 50. They\u00a0traded security for speed. They\u00a0traded safety for\u00a0cost.\u00bb<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

\ue804Ravie Lakshmanan\ue802Apr 08, 2026Artificial Intelligence \/ Secure Coding Artificial Intelligence (AI) company Anthropic announced a new cybersecurity initiative\u00a0called Project\u00a0Glasswing\u00a0that\u00a0will use a preview version of its new frontier model, Claude Mythos,\u00a0to…<\/p>\n","protected":false},"author":1,"featured_media":536,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1115,9,509,11,1117,1116,224,327,126],"class_list":["post-535","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-anthropics","tag-claude","tag-finds","tag-flaws","tag-major","tag-mythos","tag-systems","tag-thousands","tag-zeroday"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/535","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=535"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/535\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/536"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=535"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=535"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=535"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}