Mythos Preview Shows Leap in Automated Security Exploitation
A new artificial intelligence model from Anthropic, called Mythos Preview, has demonstrated the ability to automatically chain multiple software vulnerabilities into working exploits—a task that previously required senior human researchers.
The model was tested on more than fifty internal code repositories as part of a project known as Glasswing, according to security researchers who have been evaluating it for weeks.
“This is not an incremental step; it’s a fundamentally different capability,” said Dr. Elena Vasquez, lead security researcher on Project Glasswing. “Mythos Preview can reason about several small bugs and combine them into a proof-of-concept attack that looks like it was crafted by an expert.”
Exploit Chain Construction
A key finding is the model’s ability to construct exploit chains—sequences of bug primitives that escalate into full system control. For instance, it can take a use-after-free vulnerability, transform it into an arbitrary read/write primitive, hijack control flow, and deploy return-oriented programming (ROP) chains.
The reasoning process it exhibits along the way mirrors that of a senior security analyst, rather than an automated scanner, the researchers noted.
Proof Generation
Mythos Preview also automates the generation of working proofs. After identifying a suspected bug, it writes test code, compiles and runs it in a sandbox, and iteratively adjusts its approach if the exploit fails.
“Finding a bug and proving it’s exploitable are two different things,” said James Hart, a security engineer involved in the testing. “Mythos Preview closes that gap on its own, turning speculation into a verified exploit.”
While other frontier models could detect many of the same underlying issues, they consistently failed at the stitching step—combining isolated primitives into a coherent attack. Mythos Preview succeeded where others fell short.
Background: Project Glasswing
Project Glasswing is an internal initiative to evaluate security-focused large language models (LLMs) on proprietary infrastructure. The goal is both to harden the company’s own systems and to understand how attackers might weaponize such models in the future.
Prior to Mythos Preview, general-purpose frontier models required significant human guidance to produce exploitable chains. The new model changes the calculus by operating as a different kind of tool, the team said.
“We intentionally pointed it at our own codebase to see what it could do,” Vasquez added. “What we saw was a model that not only finds bugs but reasons about how to use them.”
What This Means
The capability demonstrated by Mythos Preview has profound implications for both defensive and offensive cybersecurity. Defenders can use such models to uncover exploit chains before they are weaponized in the wild, potentially reducing the window between vulnerability disclosure and exploitation.
On the flip side, the same technology could lower the barrier for attackers, enabling automated generation of zero-day exploits. “We’re entering a new era where AI can act as a junior-to-senior security researcher on demand,” Hart warned.
The research team is now working on integrating Mythos Preview into continuous security pipelines and developing safeguards to prevent misuse. They also emphasize that the model’s outputs are not final—human review remains essential.
“The jump we’ve seen is from a tool that augments a human to one that can work autonomously on parts of the chain,” Vasquez said. “That changes how we think about vulnerability management and adversarial capability.”