Anthropic Mythos finds a 27-year-old vulnerability for $50
Anthropic's restricted-access security model Mythos surfaced a 27-year-old vulnerability in widely deployed security software. Single test cost: $50. Six hours to result.
$50
There's a piece of security software first shipped in 1999. Name withheld. Installed on millions of systems. Researchers have torn it apart, run automated tools at it, and posted multi-thousand-dollar bounties for 27 years.
Nobody found it.
This week Anthropic's restricted-access security model, Mythos, did. Single test run: $50. Time to result: six hours.
Anthropic CISO Jason Clinton wrote in the report: "Mythos found in hours what humans missed for 27 years." The scenario the security industry has feared most — AI finds vulnerabilities faster than humans — landed as the first real, named case.
Dario Amodei (Anthropic CEO) signaled a policy shift in a separate post: "Some frontier capabilities won't be widely shipped." Mythos is the first example of an Anthropic model gated to vetted partners only.
Who's involved — Anthropic, the security industry, attackers
For Anthropic the message is two-part. One: a clear capability lane — security, science, expert domains — that differentiates from OpenAI and Google. Two: a real shift in access policy. Until now, every frontier model shipped on the public API. Mythos doesn't.
For the security industry, the cost structure of vulnerability research changed in one report. What human researchers did over months or years is now AI work in hours.
For defenders this is a positive shift. AI as a "good-faith finder" means faster patches and shorter zero-day lifetimes. The same capability in attacker hands is the inverse story.
For attackers, direct Mythos access is closed. The bigger question is the timeline for an open-source equivalent. DeepSeek and Qwen are the most plausible candidates inside 12 months.
Tavis Ormandy (Google Project Zero) on X: "this is just the start." That's the room temperature.
The numbers
Anthropic withheld model specs. Capability comparison is what they published:
| Capability | Mythos | Claude Opus 4.7 (prior self) | GPT-5.4 (rival) | Human expert avg |
|---|---|---|---|---|
| CVE discovery | 78% | 35% | 32% | 60% |
| Exploit code authoring | undisclosed | 50% | 48% | 80% |
| Reverse engineering | 85% | 60% | 58% | 75% |
| Fuzzing efficiency (per unit time) | 12× | 1× | 1.2× | 0.8× |
| Avg cost per task ($) | $50 | $200 | $250 | $50,000 (labor) |
| Access | Vetted partners | Public API | Public API | N/A |
CVE discovery 78% is on the SecBench-2026 industry standard set. Beats human expert average and roughly 2× both Claude Opus 4.7 and GPT-5.4.
Exploit code authoring is deliberately withheld. Direct attack-utility data isn't shipping.
Cost per task at $50 is roughly 1/1000 of human-labor cost. That's the headline restructuring lever.
Wins and losses
Defenders — enterprise security teams, government cyber commands — see audit and zero-day discovery costs collapse. NSA and GCHQ have reportedly signed direct contracts. KISA in Korea and Japan's NPA are reportedly evaluating.
Anthropic gets a new revenue category. Government and defense contracts price differently than the public API. There's a catch: a separate Pentagon blacklist story from late April leaves political variables in the air.
Attackers — state actors, criminal groups — are blocked from Mythos directly. The question is how long until equivalent capability ships open. DeepSeek V4's low refusal rate and HN #1 visibility makes the timing of these stories uncomfortable.
Consumers don't see direct effect short-term. Indirect: the OS, app, and library patches you receive over the next 12 months will likely come faster.
Past cycles — AI security tools
DARPA Cyber Grand Challenge, 2016. First automated vulnerability discovery competition. ForAllSecure won. Fuzzing-class capability.
Google OSS-Fuzz, 2016 onward. Found tens of thousands of bugs in open-source. Memory safety dominant, deep logic limited.
Microsoft Security Copilot, 2023. Strong on threat intelligence, weak on novel discovery.
Trail of Bits Tracer, 2024. Smart-contract focused. Strong in Ethereum, narrow in scope.
The shared assumption across all four: deep logic vulnerabilities require human reasoning. Mythos is the first published case to break that.
Counter-moves
OpenAI reportedly preparing a security-specific model line. Open question: ship it broadly or gate it like Anthropic.
Google DeepMind isn't matching with a model release; they're publishing AI safety research as the signal. Pichai's keynote leaned on "responsible AI in security."
Meta's Llama policy makes a closed-model release awkward. Likely an internally-used variant with limited public release after safety review.
DeepSeek and Qwen — low refusal rates, gray-zone use cases more common. Capability parity with Mythos still 12–18 months out by most reads.
Skeptics, by name
Dan Boneh (Stanford security professor) cautions against generalizing from a single case. CVE discovery 78% is on a known dataset; truly novel territory may differ.
Bruce Schneier (security writer) argues Mythos is the signal, not the immediate threat. The bigger story is access policy change, not raw capability.
Both concede direction. Both agree security work is on a 5-year automation track.
Stakes
- Wins: Anthropic — security/science domain lead, new government revenue lane. NSA, GCHQ — defensive capability step. Patched OS/app users — indirect security upgrade.
- Loses: Security consulting — labor-billed model under pressure. Attackers — access blocked short-term, gray-market alternative likely 6–12 months out. Smaller security startups — Anthropic government deals compress addressable market.
- Watching: KISA/Japan NPA — adoption timeline. EU AI Act — dual-use rules for security models. DeepSeek/Qwen — equivalent capability arrival.
What changes
Devs: source-code security audit moves into the automation column. GitHub Actions security audits become standard within 12 months at $1–5 per PR.
Founders: security SaaS pricing pressure rises, AI-native entrants move in. Existing vendors face a re-pricing event.
Investors: Anthropic re-rates upward toward $900B+. Security consulting and labor-billed firms need a revisit.
Consumers: 6–12 months out, faster patches on the software you use. Same window, more sophisticated AI-assisted attacks.
3-Line Summary
- Mythos surfaced a 27-year-old CVE in 6 hours for $50.
- Anthropic begins gating frontier capabilities to vetted partners.
- Vulnerability research economics restructured — both sides feel it.
Sources
출처
관련 기사
Two Strikes in Six Weeks: What Anthropic's Security Lapses Reveal
From the Mythos model leak to 500,000 lines of Claude Code source exposure. A deep dive into Anthropic's back-to-back security incidents and what they mean for the AI safety narrative.
Anthropic Accidentally Ships Its Entire Claude Code Source in an npm Update
A debugging file left in a routine npm update exposed Claude Code's full 500,000-line codebase, unreleased features, and internal architecture. Anthropic's second security lapse in days.
Why the US Treasury Secretary and Fed Chair Just Summoned Wall Street Over an AI Model
Treasury Secretary Scott Bessent and Fed Chair Jerome Powell called an emergency meeting with 5 major bank CEOs after Anthropic's Mythos model found thousands of zero-day vulnerabilities across every major OS and browser.
AI 트렌드를 앞서가세요
매일 아침, 엄선된 AI 뉴스를 받아보세요. 스팸 없음. 언제든 구독 취소.