This AI Cracked a 27-Year-Old Secret

What happens when an AI model discovers vulnerabilities that survived 27 years of expert human review? Anthropic answered that question on April 7, 2026, when it announced Claude Mythos Preview alongside something unprecedented in the industry: a deliberate decision not to release its most capable model to the public. The reason was simple and alarming. Mythos could break into systems nobody knew were vulnerable, and it could do so entirely on its own.

The Vulnerability That Hid in Plain Sight for 17 Years

CVE-2026-4747: A Stack Overflow Nobody Caught

The headline finding was CVE-2026-4747, a stack buffer overflow in FreeBSD’s RPCSEC_GSS authentication handler. In concrete terms, an attacker-controlled network packet is copied into a 128-byte stack buffer with a length check that permits up to 400 bytes. Because the buffer is declared as an integer array, GCC’s stack protector does not instrument it. FreeBSD does not randomize the kernel load address, making return-oriented programming (ROP) gadget locations predictable. The result: complete remote root access from an unauthenticated position anywhere on the internet.

What makes the finding extraordinary is the method. Rather than brute-forcing the kernel host ID required to reach the vulnerable code path, Mythos Preview discovered that a single unauthenticated NFSv4 EXCHANGE_ID call returns the server’s UUID and NFS daemon start time, values sufficient to reconstruct the required credentials. This entire chain was assembled autonomously, without human prompting or guidance.

The 27-Year-Old OpenBSD Flaw

Even more striking, Mythos Preview identified a now-patched vulnerability in OpenBSD, an operating system built specifically around security and famous for its “Only two remote holes in the default install” claim. This flaw had survived 27 years of meticulous human code review. Anthropic stated that over 99% of the vulnerabilities Mythos found have not yet been patched, and that the scope extends to every major operating system and web browser currently in use.

Project Glasswing: A $100M Bet on Controlled Disclosure

Who Gets Access

Instead of a public release, Anthropic created Project Glasswing, a cybersecurity initiative that restricts Mythos Preview to a curated group of organizations. The launch partners include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Beyond these, over 40 additional organizations that build or maintain critical software infrastructure have been granted access to scan and secure both proprietary and open-source systems.

The Financial Commitment

Anthropic is backing the initiative with up to $100 million in Mythos Preview usage credits for participating organizations and $4 million in direct donations to open-source security organizations. The scale of this commitment suggests that Anthropic views vulnerability remediation as a long-term campaign rather than a one-time disclosure event.

Why Anthropic Chose Not to Release It

The Dual-Use Dilemma

Anthropic’s own assessment, published on its red-teaming site, frames the decision bluntly: AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities. Releasing Mythos publicly would hand that capability to anyone with an API key. The UK’s AI Safety Institute (AISI) independently evaluated Mythos Preview’s cyber capabilities and confirmed its offensive potential, while the Council on Foreign Relations called it “an inflection point for AI and global security.”

The Opus 4.7 Alternative

On April 16, just nine days after announcing Mythos, Anthropic released Claude Opus 4.7 publicly, a model CNBC described as “less risky than Mythos.” The timing is significant: Anthropic is maintaining its commercial presence and model release cadence while drawing a clear line between general-purpose AI and frontier-risk capabilities. This two-tier approach allows paying customers to access cutting-edge performance without putting autonomous offensive tools in the wild.

What Happens Next

The immediate concern for security teams is patching. With over 99% of the discovered vulnerabilities still unpatched and Anthropic working through responsible disclosure, the window of exposure is wide. The Register has noted that Project Glasswing’s CVE count is “still guesswork,” meaning the full scope of Mythos’ findings remains unknown even to the broader security community. Meanwhile, the Cloud Security Alliance warns that security teams need an entirely new detection playbook for a world where AI-driven offensive capabilities are no longer theoretical.

For the AI industry at large, Mythos Preview establishes that the frontier of AI capability now includes autonomous discovery and exploitation of zero-day vulnerabilities at scale. Whether competitors follow Anthropic’s restraint or race to deploy similar capabilities openly will define the next chapter of AI governance.

Related

• This Coding Tool Hit $2B Faster Than Slack Ever Did
• NVIDIA Just Open-Sourced the Key to Quantum Computing
• OpenAI Supercharges Codex Into an AI Super App
• 80% of Companies Already Lost the AI Race

Sources

1. Anthropic – Project Glasswing: Securing critical software for the AI era
2. Anthropic Red Team – Claude Mythos Preview
3. The Hacker News – Anthropic’s Claude Mythos Finds Thousands of Zero-Day Flaws
4. Council on Foreign Relations – Six Reasons Claude Mythos Is an Inflection Point
5. CNBC – Anthropic rolls out Claude Opus 4.7, less risky than Mythos