Recent research highlights that advanced large language models (LLMs), notably Anthropic’s Claude Mythos Preview, are drastically reducing the time required to develop N-day exploits—from weeks to mere hours—thereby intensifying risks during the patch gap.
N-day vulnerabilities are publicly disclosed flaws that remain unpatched in numerous systems. Traditionally, crafting a working exploit from a patch necessitated considerable expertise and time. For instance, the infamous WannaCry ransomware attack occurred nearly two months after the release of the MS17-010 patch, with other exploits typically taking weeks to materialize.
Claude Mythos Accelerates N-Day Exploits
However, recent findings indicate a significant acceleration in this timeline. Anthropic evaluated its Claude Mythos Preview model against 18 recent Firefox vulnerabilities. The model successfully generated proof-of-concept (PoC) exploits for 14 vulnerabilities, with the first PoC produced in just 12 minutes. Remarkably, it developed eight fully functional code-execution exploits in approximately 12 hours. The testing environment provided the model with patch diffs, compiled builds, and limited context to simulate real-world attacker conditions. Despite these constraints, Mythos demonstrated a substantial advancement over earlier models, which produced far fewer working exploits.
The research also extended to Microsoft Windows kernel vulnerabilities, for which the source code is not publicly available. In this more complex scenario, Mythos Preview developed PoCs for 18 of 21 vulnerabilities and successfully built eight complete privilege-escalation exploit chains, enabling attackers to escalate from low-level access to full SYSTEM control. Notably, even vulnerabilities rated by Microsoft as “Exploitation Unlikely” were successfully exploited by the model, underscoring a growing mismatch between traditional risk assessments and AI-driven capabilities.
A significant concern is the shrinking “patch gap,” the window between vulnerability disclosure and widespread patch deployment. While modern systems like Windows Autopatch can take up to 11 days to fully enforce updates, Mythos was able to generate working exploits well before patches were broadly applied. This shift implies that attackers no longer require advanced reverse-engineering skills or extended timelines. With access to capable AI models and modest resources, a single operator can weaponize multiple vulnerabilities in a matter of hours.
These developments underscore the urgent need for organizations to reassess their patch management strategies and adopt more agile security responses. The rapid exploitation capabilities enabled by AI models like Claude Mythos necessitate a proactive approach to vulnerability management, emphasizing the importance of timely patching and continuous monitoring to mitigate emerging threats.
Source: CyberSecurityNews.com
