Claude Mythos: Rapid Exploit Creation, Turning N-Days

Research now indicates that advanced large language models (LLMs), specifically Anthropic’s Claude Mythos Preview, dramatically accelerate N-day exploit creation. This capability shrinks development timelines from weeks to mere hours, significantly intensifying risk during the critical patch gap.

Unlike zero-day vulnerabilities, N-day vulnerabilities are publicly disclosed flaws that remain unpatched across many systems.

These vulnerabilities are often easier to exploit because attackers can analyze security patches through a technique known as “patch diffing,” which reveals the exact code changes and helps reverse-engineer the flaw.

Historically, creating a working exploit from a patch required significant expertise and time. For example, the WannaCry ransomware attack occurred nearly two months after the MS17-010 patch, while other exploits typically took weeks.

Claude Mythos Speeds Up N-Day Exploits

However, new findings suggest that this timeline is collapsing rapidly. Anthropic tested its Claude Mythos Preview model across 18 recent Firefox vulnerabilities.

The model successfully generated proof-of-concept (PoC) exploits for 14 vulnerabilities, with the first PoC produced in just 12 minutes.

More notably, it created 8 fully functional code-execution exploits in approximately 12 hours. The testing environment provided the model with patch diffs, compiled builds, and limited context simulating real-world attacker conditions.

Despite these constraints, Mythos demonstrated a significant leap in capability compared to earlier models, which produced far fewer working exploits.

The research also extended to Microsoft Windows kernel vulnerabilities, for which the source code is not publicly available.

In this more complex scenario, Mythos Preview developed PoCs for 18 of 21 vulnerabilities. It successfully built 8 complete privilege-escalation exploit chains, enabling attackers to move from low-level access to full SYSTEM control.

Even vulnerabilities rated by Microsoft as “Exploitation Unlikely” were successfully exploited by the model, highlighting a growing mismatch between traditional risk assessments and AI-driven capabilities.

One key concern is the shrinking “patch gap,” the window between vulnerability disclosure and widespread patch deployment.

While modern systems like Windows Autopatch can take up to 11 days to fully enforce updates, Mythos was able to generate working exploits well before patches were broadly applied.

This shift means attackers no longer need advanced reverse-engineering skills or extended timelines. With access to capable AI models and modest resources, a single operator can weaponize multiple vulnerabilities in a matter of hours.

The implications are especially severe for environments with slow patch cycles, such as industrial control systems, healthcare devices, and IoT infrastructure.

These systems often rely on fixed update schedules or vendor-controlled firmware, making them particularly vulnerable to rapid exploitation.

The red.anthropic team warns that monthly patch cycles and phased rollouts can no longer keep pace with rapidly weaponized vulnerabilities.

Organizations must accelerate patch deployment and adopt additional defenses, including memory-safe programming languages like Rust and exploit mitigation technologies such as Control Flow Guard.

The emergence of AI-driven exploit development marks a fundamental shift in the threat landscape.

As tools like Claude Mythos continue to evolve, the concept of “N-day” vulnerabilities may soon become obsolete, replaced by a new reality where exploitation occurs within hours of disclosure.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.