A new study has revealed that advanced large language models (LLMs), particularly Anthropic’s Claude Mythos Preview, are dramatically accelerating the development of N-day exploits, reducing timelines from weeks to just hours and significantly increasing risk during the patch gap.
Unlike zero-day vulnerabilities, N-day vulnerabilities are publicly disclosed flaws that remain unpatched across many systems.
These vulnerabilities are often easier to exploit because attackers can analyze security patches through a technique known as “patch diffing,” which reveals the exact code changes and helps reverse-engineer the flaw.
Historically, creating a working exploit from a patch required significant expertise and time. For example, the WannaCry ransomware attack occurred nearly two months after the MS17-010 patch, while other exploits typically took weeks.
Claude Mythos Speeds Up N-Day Exploits
However, new findings suggest that this timeline is collapsing rapidly. Anthropic tested its Claude Mythos Preview model across 18 recent Firefox vulnerabilities.
Time to Working Exploits for 18 SpiderMonkey CVEs Patched in Firefox 147–149 (Source: Anthropic)
The model successfully generated proof-of-concept (PoC) exploits for 14 vulnerabilities, with the first PoC produced in just 12 minutes.
More notably, it created 8 fully functional code-execution exploits in approximately 12 hours. The testing environment provided the model with patch diffs, compiled builds, and limited context simulating real-world attacker conditions.
Despite these constraints, Mythos demonstrated a significant leap in capability compared to earlier models, which produced far fewer working exploits.
The research also extended to Microsoft Windows kernel vulnerabilities, for which the source code is not publicly available.
Exploit Creation Time for 21 Windows Kernel CVEs (Source: Anthropic)
In this more complex scenario, Mythos Preview developed PoCs for 18 of 21 vulnerabilities. It successfully built 8 complete privilege-escalation exploit chains, enabling attackers to move from low-level access to full SYSTEM control.
Even vulnerabilities rated by Microsoft as “Exploitation Unlikely” were successfully exploited by the model, highlighting a growing mismatch between traditional risk assessments and AI-driven capabilities.
One key concern is the shrinking “patch gap,” the window between vulnerability disclosure and widespread patch deployment.
While modern systems like Windows Autopatch can take up to 11 days to fully enforce updates, Mythos was able to generate working exploits well before patches were broadly applied.
PoC Reproduction Time for 21 Windows Kernel CVEs (Source: Anthropic)
This shift means attackers no longer need advanced reverse-engineering skills or extended timelines. With access to capable AI models and modest resources, a single operator can weaponize multiple vulnerabilities in a matter of hours.
The implications are especially severe for environments with slow patch cycles, such as industrial control systems, healthcare devices, and IoT infrastructure.
These systems often rely on fixed update schedules or vendor-controlled firmware, making them particularly vulnerable to rapid exploitation.
The red.anthropic team warns that monthly patch cycles and phased rollouts can no longer keep pace with rapidly weaponized vulnerabilities.
Organizations must accelerate patch deployment and adopt additional defenses, including memory-safe programming languages like Rust and exploit mitigation technologies such as Control Flow Guard.
The emergence of AI-driven exploit development marks a fundamental shift in the threat landscape.
As tools like Claude Mythos continue to evolve, the concept of “N-day” vulnerabilities may soon become obsolete, replaced by a new reality where exploitation occurs within hours of disclosure.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post Claude Mythos Turning N-Days Into N-Hours With Rapid Working Exploit Creation appeared first on Cyber Security News.
