Claude Mythos surfaces thousands of zero-days in autonomous sweep

Anthropic’s Claude Mythos, an autonomous vulnerability-discovery agent built on the Claude model family, has reportedly identified thousands of previously unknown flaws across widely deployed systems. The run marks one of the largest claimed AI-driven zero-day harvests to date, spanning operating systems, network stacks, and common open-source dependencies that sit deep in enterprise supply chains.

The scale matters more than the headline number. A single agent triaging code at this volume compresses the discovery half of the vulnerability lifecycle from months to hours, which shifts the bottleneck onto coordinated disclosure, vendor patch capacity, and downstream package maintainers who are already saturated. Defenders gain a preview of attacker capability: the same loop, pointed at the same targets with fewer ethics, produces the same list.

The operational question is whether disclosure pipelines, CVE assignment, and patch distribution can absorb AI-paced findings without collapsing into noise. If Mythos-class agents become routine, the asymmetry favours whoever runs them first against unpatched fleets, not whoever publishes the cleanest advisory.