Anthropic's Claude Mythos Brings Zero-Day Exploit Writing to Low-Skill Hackers

Anthropic's Claude Mythos model can find vulnerabilities in nearly any software it targets, researchers say, collapsing the skill floor for offensive hacking and confronting enterprise security teams with an attacker pool they never modeled.

The mechanics are no longer theoretical. At DARPA's Artificial Intelligence Cyber Challenge (AIxCC) in Las Vegas last August, competing teams scanned 54 million lines of code seeded with artificial flaws. The automated systems found most of the planted bugs — then surfaced more than a dozen vulnerabilities DARPA had never inserted. Dan Guido, CEO of Trail of Bits and an AIxCC runner-up, said there were already "10 to 20 different bug-finding systems that could find orders of multitude more bugs than we could patch." Mythos raises the ceiling on that baseline. Anthropic released Claude Opus 4.7 one week after Mythos, adding safeguards to block malicious cybersecurity requests for the first time; security professionals seeking legitimate defensive access must apply through the company's Cyber Verification Program.

The exploit-writing capability available to low-skill actors differs from anything a classic script kiddie possessed. Tim Becker, senior security researcher at Theori — an AIxCC finalist — is direct: "You can use AI tools and with very minimal human guidance, and in some cases no human guidance, find a zero day in widely used software." The old model required reusing known, public exploits. The new model enables real-time, bespoke exploitation. Guido illustrates: "During the middle of an intrusion into some hospital and there's a wall standing between you and what you want, you can just point an LLM at that wall and say, 'Figure out a flaw here,' and it can grind until it's successful… for a weakness that no one ever has before, and it'll do it with almost no effort on the part of the user."

For enterprise architects, the implication is direct: obscure internal software is no longer safe through obscurity. AI slashes the cost of targeting custom codebases that previously offered no worthwhile bounty to a skilled attacker. "Now, because effort is cheap, you can do things that are lower down the food chain. You can write exploits for software that only one company has. You can write exploits for software that exists in only one configuration that one company has. And you can do it on the fly," Guido said. Proprietary ERP customizations, internal tooling, single-tenant SaaS configurations — all become viable attack surface.

The open-weight model vector compounds the risk. Sophisticated threat actors will not query monitored API endpoints; they will run self-hosted deployments of open-weight models to avoid the telemetry commercial providers like Anthropic retain to detect abuse. The safeguards Anthropic built into Opus 4.7 are effective primarily against opportunistic actors, not organized groups. Enterprises relying on provider-side safety controls are operating on a false assumption.

The milestones have accumulated in plain sight. In June 2025, autonomous offensive security platform XBOW topped the HackerOne bug bounty leaderboard, beating human hackers outright — a benchmark showing AI-driven exploit discovery reached parity with skilled professionals months before Mythos arrived.

Industry consensus has converged on urgency. "2026 is the year when all security debt comes due," one researcher told The Verge. For CISOs, the action items are clear: assume any custom or legacy codebase is within the economic reach of unsophisticated attackers, accelerate patching cadences for internal software, and treat open-weight model proliferation as a boundary condition rather than an edge case in threat modeling. The threat Guido describes has a specific address: your unpatched backlog.