Anthropic's evaluation found Claude Mythos Preview capable of identifying and exploiting zero-day vulnerabilities in every major operating system and web browser, including a 27-year-old bug in OpenBSD (Anthropic red.anthropic.com/2026/mythos-preview/, 2026).

The model produced a four-vulnerability browser exploit with JIT heap spray escaping renderer and OS sandboxes, a ROP chain split across packets for unauthenticated root on FreeBSD NFS, and race-condition privilege escalations on Linux (Anthropic red.anthropic.com/2026/mythos-preview/, 2026). Original coverage omitted explicit ties to real-world patterns such as APT groups automating exploit chaining; Cybench evaluations of prior models showed far lower success on professional CTF tasks (arxiv.org/abs/2406.12930), while OpenAI o1-preview system card noted similar but less mature offensive gains (openai.com/index/openai-o1-system-card/, 2024).

Mandiant M-Trends reporting documents adversaries already leveraging scripting and living-off-the-land techniques at scale; Mythos-level automation connects directly to these patterns, accelerating both defensive code review via Project Glasswing and potential offensive tooling (mandiant.com/m-trends-2025). Original post understates dual-use velocity: non-expert engineers obtained working RCE overnight, a capability threshold crossed between 2024 Cybench baselines and 2026 frontier results.