Claude Mythos Preview is no longer just a lab story. New testing shows AI models are starting to turn known software flaws into working exploits, and the business question is shifting from whether the capability exists to who can use it safely.
The latest evidence around Anthropic's Claude Mythos Preview gives cybersecurity founders and enterprise buyers a useful warning: this market is moving from vulnerability discovery into exploit production. That is a different business. Finding a bug creates a ticket. Building a working exploit changes how fast a company must patch, how carefully a vendor must validate model output, and how much trust a buyer can place in any AI security product that claims to work at machine speed.
The cleanest public evidence comes from ExploitGym, a benchmark posted by Berkeley RDI on May 11. The benchmark tested 898 real-world vulnerability instances across userspace programs, Google's V8 JavaScript engine, and the Linux kernel. Given a crashing input and a known vulnerability, AI agents had to extend that starting point into a working exploit. Claude Mythos Preview succeeded on 157 instances. OpenAI's GPT-5.5 succeeded on 120.
That does not mean Mythos can automatically break into anything. It does mean frontier models are getting better at the part of security work that used to separate a bug report from a serious incident. A vulnerability that cannot be exploited is often managed as technical debt. A vulnerability with a reliable exploit becomes a deadline.
The online discussion that pushed this story higher centered on a sharper claim: Mythos produced 18 out of 41 n-day exploits compared with one out of 41 for GPT-5.5, while open source or open weights models produced none. That may prove important, but it should be treated carefully unless the underlying benchmark artifact can be traced and checked. Reddit is useful for spotting what technical communities are paying attention to. It is not enough, by itself, to anchor a business decision.
The broader direction is still clear without leaning too heavily on that specific figure. ExploitGym already shows a meaningful gap between the strongest systems and everything below them. The Berkeley RDI team also reported that giving Mythos more time improved its results, with successful exploits rising from 127 to 204 when the task budget was extended from two hours to six. That matters because it suggests the frontier models are not merely producing lucky outputs. They can keep working through multi-step technical problems when given more runway.
This is where the open model discussion becomes more complicated. Open source models are often celebrated because they lower costs, increase transparency, and let startups build without waiting for a large lab's permission. Cyber capability changes that equation. If a model is good enough to create working exploits, access control becomes part of the product, not just a safety policy attached after launch.
Enterprise security is becoming an operations problem
Real-world testing is already showing how this capability lands inside large companies. According to Axios, Palo Alto Networks used models from Anthropic and OpenAI across more than 130 products and found 75 legitimate vulnerabilities, compared with its usual pace of roughly five to 10 per month. The company said the vulnerabilities were patched and were not being actively exploited in the wild.
The striking part was not just the number of bugs. Palo Alto Networks said the models generated working exploits more than 70% of the time during internal testing, while also producing a roughly 30% false-positive rate. That combination is exactly why this is an entrepreneurship story. The product opportunity is not simply a better model. It is the harness around the model: context, validation, triage, patch workflows, audit trails, and human review.
For a security startup, that means the winning pitch is unlikely to be a dashboard full of scary findings. Buyers already have too many alerts. They need systems that can tell them which findings matter, prove the exploit path, explain the blast radius, and fit into existing engineering workflows without creating chaos. A model that finds 10 times more issues can become a liability if the customer does not have the people or process to act on them.
There is also a liability question that the market has not answered. If an AI security vendor discovers a high-severity vulnerability in customer software, who is responsible for disclosure timing, evidence handling, and patch coordination? If a model produces an exploit during testing, how is that artifact stored, who can access it, and what happens if it leaks? These are not theoretical concerns. They are the terms of enterprise trust.
Government attention is rising for the same reason. House lawmakers have already pressed the White House to address AI cyber threats and expand trusted defensive access to advanced models. That tells founders something important. Cyber AI will not be a normal SaaS category where distribution is the only constraint. Regulation, procurement rules, national security concerns, and model access agreements will shape who can sell and who can scale.
The practical takeaway is simple. Mythos and GPT-5.5-Cyber are pushing the security industry toward a new layer of automation, but the advantage will go to companies that make powerful systems usable, reviewable, and defensible. The model is becoming the engine. The business is the workflow around it. Watch the startups that can reduce time to patch without flooding teams with noise, because that is where buyers will spend real money.
Also read: Monad and Rain are testing stablecoin cards as real payment rails • Pixal3D makes image to 3D feel closer to a working pipeline • Stealth clipping campaigns are making organic virality harder to trust
