The math of cybersecurity vulnerability management has been stable for decades. A vulnerability gets disclosed. A patch ships. Attackers spend days or weeks developing an exploit. Defenders have a window — the “patch gap” — to deploy the fix before the weaponized version hits the wild.
Anthropic’s red team just rewrote that equation. In a research paper published June 8 on their red-team blog, they demonstrated that Claude Mythos Preview can turn N-day vulnerabilities into working exploits in under an hour — compressing a timeline that historically took human experts weeks or months into the span of a lunch break.
The Numbers That Should Worry Every CISO
The research team — Winnie Xiao, Tim Abbott, Nicholas Carlini, and five others — put Mythos Preview against two real-world targets: Windows and Firefox. They fed the model only publicly available patch information and asked it to build working exploits.
The results:
- First working exploit: under 1 hour. Mythos Preview produced a code-execution exploit against a freshly patched Windows vulnerability in less than 60 minutes.
- Eight distinct exploits in roughly 12 hours. Across 16 Windows security patches, Mythos built 8 working exploits, with the longest single exploit chain taking approximately 5.7 hours.
- Firefox: 8 for 18. Across 18 Firefox security patches, Mythos again produced 8 working code-execution exploits.
For context: Mandiant’s landmark 2020 analysis found that 16 of 25 real-world vulnerabilities took a month or more for human attackers to exploit. That was the benchmark. Mythos Preview just collapsed “a month or more” into “an hour or less.”
Not Zero-Days — Which Makes It Worse
Crucially, the research didn’t involve zero-days. Every vulnerability Mythos exploited had already been disclosed and patched by the vendor. These were N-days — known vulnerabilities with available fixes — the exact category where defenders have historically felt safest.
The distinction matters because N-days are everywhere. The average enterprise takes 60 to 90 days to fully deploy critical patches across its infrastructure. With Mythos-class models, the interval between patch publication and exploit availability shrinks from months to hours. An organization that hasn’t automated its patch cycle is now operating on borrowed time measured in coffee breaks.
The Model Generation Gap
The research also quantified the capability cliff between model generations:
| Model | Working Exploits Created (Windows) |
|---|---|
| Mythos Preview | 8 |
| Opus 4.8 | 2 |
| Opus 4.6 | 1 |
| Sonnet 4.6 | 1 |
| All other tested models | 0 |
The jump from Opus 4.8 (2 exploits) to Mythos Preview (8) isn’t incremental — it’s a phase change. And as Anthropic has repeatedly emphasized, Mythos is the model they’ve chosen not to release publicly. The genie isn’t fully out of the bottle yet — but the research demonstrates that capability barriers are falling faster than most security teams anticipated.
The Verizon DBIR Connection
The N-days paper arrives in a broader context. Anthropic partnered with Verizon to include some of its AI-vulnerability findings in the 2026 Verizon Data Breach Investigation Report (DBIR) — the cybersecurity industry’s most widely cited annual publication. The collaboration signals that AI-enabled exploitation is no longer a theoretical concern; it’s being tracked alongside ransomware, phishing, and supply chain attacks as a measurable threat vector.
What Changes for Defenders
The practical implications are not subtle:
-
Patch cycles measured in weeks are dead. If an N-day can be weaponized in under an hour, the “reasonable” window for deploying critical patches collapses. Continuous automated patching moves from best practice to survival requirement.
-
Vulnerability disclosure gets riskier. Coordinated disclosure depends on giving vendors time to patch before details go public. If AI models can reverse-engineer exploits from patch diffs alone, the disclosure window shrinks dramatically regardless of researcher intentions.
-
Defense-in-depth becomes non-negotiable. Organizations that rely on patch timing as their primary defense layer need compensating controls — network segmentation, runtime protection, zero-trust architectures — active yesterday.
-
AI-for-defense is the counterweight. The same Mythos capabilities that accelerate exploits also accelerate vulnerability discovery. Project Glasswing, now expanded to ~200 organizations across 15 countries, has already surfaced over 10,000 high-severity vulnerabilities in critical infrastructure codebases. The arms race is symmetric, but the speed at which it moves is now dictated by AI cycle times, not human ones.
The Bottom Line
Anthropic’s research isn’t alarmist — it’s empirical. The company measured what their most capable model can do and published the results. The finding is stark: the patch gap, the foundational assumption of vulnerability management for 30 years, is closing at an exponential rate.
For security teams, the message is: whatever your patch SLA says, it’s now too slow. For policymakers, it’s: the window between vulnerability disclosure and exploitation has shrunk to the point where disclosure policies designed in the 1990s need a rewrite. And for the AI industry, it’s confirmation that capability scaling in cybersecurity is not a smooth curve — it’s a staircase, and Mythos Preview just took a large, fast step up.
Sources: Anthropic Red Team — N-days (June 8, 2026); SecurityWeek — Claude Mythos Turns N-Days Into N-Hours; Axios — Anthropic’s Mythos can exploit new flaws in hours; Mandiant (2020) N-day analysis.