AI has got better at hacking—how big a risk is it?

TL;DR

Anthropic's Mythos AI autonomously finds and exploits software vulnerabilities, compressing the gap between discovery and attack to near zero.

Key Points

• 1.Anthropic's Mythos is a genuinely autonomous hacker, not just a coding assistant. Unlike earlier AI models that assisted experienced coders, Mythos can independently find and exploit vulnerabilities with minimal human oversight — Anthropic withheld it from public release because of this capability.
• 2.The window between vulnerability disclosure and active exploitation has collapsed from 2.3 years in 2018 to just 20 hours today. At the current rate, that gap is projected to reach one minute by 2028, making rapid automated exploitation the new norm.
• 3.Mythos found a 27-year-old vulnerability in the OpenBSD operating system among several thousand it has identified. The flaw allowed a single crafted internet message to trigger a kernel panic (full system crash) by exploiting two integer overflow bugs in TCP packet handling — fixed with one line of code.
• 4.Mythos is not a specialised cybersecurity model; it is simply a larger, more capable version of Claude Opus. Its hacking ability reflects scaling laws — more data and compute — combined with the deliberate removal of safety guardrails that prevent public models from writing exploits.
• 5.The open-source risk is the key long-term concern. If models with Mythos-level capabilities become widely available without safety restrictions, anyone could automate sophisticated cyberattacks — a prospect the hosts flag as the most alarming implication of this development.