Anthropic researcher mass-produced security exploits with Mythos

An Anthropic researcher mass-produced zero-days with Mythos.

Nicholas Carlini found more bugs in two weeks than in the rest of his career combined. He shared the results at [un]prompted 2026 in a talk called "Black-hat LLMs," and if you lead a security team or manage engineering infrastructure, you should watch it.

Carlini's work is a live demonstration of what happens when vulnerability discovery becomes cheap, fast, and scalable. The implications land directly on your security posture, your patch cadence, and your staffing model.

Here's what that means for your security team.

Mythos found a class of Linux kernel vulnerability that humans couldn't

Carlini used Claude Code

to find remotely exploitable heap buffer overflows in the Linux kernel. For context: he'd never found a single one of these in his entire career. They're among the hardest vulnerabilities to discover. With AI models, he now has multiple.

One of them had been hiding in the Linux kernel since 2003 – over two decades of code reviews, security audits, and automated testing. Nobody caught it.

The methodology is almost offensively simple:

• A bash script iterates over every source file in the codebase
• Claude Code gets a prompt: "You're playing in a CTF. Find a vulnerability. Look at this file. Write the most serious one to the output directory."
• No custom tooling, no fancy scaffolding – a 10-line script and a Docker container

That simplicity is the point. If a researcher at Anthropic can mass-pr

oduce zero-days with a bash loop, the barrier to entry for offensive capability just collapsed.

Zero-day volume in Chrome and Firefox is already spiking

The volume spike is already showing up in the real world:

• Chrome vulnerability submissions in March 2026 already exceeded 2x February's total (confirmed by David Adrian from Chrome's security team on the Security Cryptography Whatever podcast – with the month only halfway done)
• Firefox: Carlini's team submitted roughly 25% of all bugs found in the prior year in a single batch
• Carlini has several hundred unvalidated Linux kernel crashes he hasn't had time to report – discovery scaled past researcher hours, and human review is now the bottleneck

The vulnerability pipeline has been industrialized. Discovery isn't gated by how many researchers you have. It's gated by how fast humans can triage what the models find.

AI exploit chaining turns minor vulnerabilities into serious attacks

What makes the Mythos-class models different is their ability to chain vulnerabilities into new attacks.

Carlini described models combining three, four, sometimes five vulnerabilities – each individually minor – into sophisticated exploit chains that produce serious outcomes. A privilege escalation alone doesn't get you much. Combined with a memory corruption bug and an information leak, it becomes a working remote exploit.

This is the kind of creative, multi-step reasoning that used to require an experienced offensive security researcher spending weeks on a target. The model does it autonomously.

Mythos vs. Opus 4.6: the cybersecurity capability gap

Carlini estimates the capability of these models roughly doubles every four months. What Opus 4.6 couldn't do a few months ago, the next generation handles comfortably.

• Opus 4.6 Firefox exploit success rate: 2 out of several hundred attempts
• Mythos: 181
• Capability doubling roughly every 4 months

That's a phase change and the trendline shows no signs of flattening.

What AI-driven vulnerability discovery means for your security team

Assume your attack surface is being scanned by AI-capable adversaries right now. Build your security posture from there.

• Patch cycles are too slow. If vulnerability discovery is happening at industrial scale, the window between disclosure and exploitation shrinks dramatically. Monthly patch cadence won't cut it for critical infrastructure.
• Staffing models don't account for this volume. Security teams built around human-speed discovery rates are going to drown in findings – whether from their own AI-assisted auditing or from external reports flooding in.
• Offense just got cheaper. A motivated attacker with API access and a weekend can now do what used to require a funded red team and months of work. The economics of attack have collapsed. Defense hasn't adjusted.
• AI-assisted defense isn't optional anymore. The same models finding these bugs can be pointed inward – at your own codebase, your own infrastructure, your dependencies. If you're not using AI for defensive security auditing, you're bringing a manual process to an automated fight.

Where to start

Pick your highest-risk surface – kernel dependencies, browser-facing code, anything with direct network exposure – and run an AI-assisted audit pass on it this quarter. 

What you find will tell you more about your actual patch cadence and triage capacity than any framework assessment.

And it'll give you something concrete to bring to leadership: here's what an attacker with API access and a weekend would find in our stack.

If you want help scoping that audit, let's talk.

Watch the talk yourself (it's worth it)

Carlini's [un]prompted presentation is 25 minutes and worth every one of them. Watch it here.

If you haven't read the first post in this series, start there: Anthropic's Mythos model just changed cybersecurity.