Well before AI company Anthropic told the world that its new Mythos model was scarily good at finding dangerous flaws in computer code, people at cybersecurity company WolfSSL knew something was up.
Anthony Hu was on duty that week in late March, triaging bug reports for WolfSSL from his home-office desk in Kitchener, Ont. Eighty of them—a staggering number, far more than he’d ever had during his regular rotations minding the inbox.
Talking Points
AI tools are compressing the time and cost to find real cyber vulnerabilities, setting up a race between defenders scrambling to patch old bugs and bad actors looking to exploit them
Cybersecurity experts have seen the tools’ capabilities grow over the past year, but Anthropic’s Mythos and OpenAI’s GPT-5.5 appear to have taken big leaps forward
“It was quite a traumatic week for me,” he says.
Not every report was important, or even valid, but they just kept coming. Each needed to be checked out. Several proved to be high-risk vulnerabilities. Before long, as many as 10 WolfSSL engineers at once were assigned to work through them.
WolfSSL is headquartered in the United States but its team is distributed around the world. The company’s work is very nerdy and very important: its code secures connections between devices on the internet, especially in embedded systems like sensors, machinery, store checkout systems and home-automation devices.
Like most software companies, WolfSSL invites bug reports. In its line of business, finding and fixing flawed code is particularly important, because bugs in cybersecurity software are very likely to be security holes, too, with bigger consequences than a word-processor crash.
Related Articles
By
Laura Osman and Murad Hemmadi
Hu’s specialty is post-quantum cryptography, readying WolfSSL for the day a working quantum computer blows apart the foundations of traditional encryption.
One report he read that week was a monster, a critical vulnerability that could have let a cyberattacker pose as a legitimate user, prompting emergency meetings and fixes to an important part of WolfSSL’s codebase.
Who sent that terrifying vulnerability report? Nicholas Carlini, an American artificial intelligence researcher of some renown, particularly for work on breaking machine-learning models by feeding them poisoned inputs. Formerly of Google’s DeepMind AI skunkworks, he’s now at Anthropic. “He’s got quite the reputation,” Hu says.
Carlini’s bug report said he’d be happy to talk WolfSSL through what he’d found, an offer Hu and a lot of his colleagues jumped on.
They had heard rumours that Anthropic had a new model that was really good at cracking cyberdefences, though none of them had seen it themselves. They couldn’t wait to ask Carlini about the model, Hu recounts. “It was like, ‘Is this that?’ And he’s like, ‘Yep.’”
Once WolfSSL’s team knew about the flaw, writing a fix took just hours, but they eventually determined that it had been sitting in their code since 2017.
The tool Carlini used to find it was Mythos, which Anthropic would reveal publicly about 10 days later. It’s so good at breaking into other computer systems that Anthropic deemed it too dangerous to release publicly in its current form.
Along with that announcement, Anthropic published a detailed explanation of why the model is so worrisome; Carlini led the list of 26 authors.
Anthropic has restricted access to a handful of companies, so they can secure critical software before bad actors can break it, an effort it’s calling Project Glasswing. Some of this is surely a marketing effort by Mythos’s maker. But it freaked out the U.S. government enough that Treasury Secretary Scott Bessent and Federal Reserve chair Jerome Powell warned key financial-sector leaders to batten their virtual hatches and Project Glasswing participants like Microsoft said they were taking the risks seriously.
Hackers have been siccing large language models on computer code for years. If an LLM can write code, it can find problems in code. If your intent is to fix those problems, that’s useful. If your intent is to exploit them, it’s dangerous. The surprise isn’t that Mythos can do these things at all, but rather how good it is at them—a major leap forward from what anybody had seen any model do before.
WolfSSL discloses vulnerabilities it’s confirmed in its software. Unlike some software firms, it doesn’t pay cash bounties, but it does give public credit. A couple of years ago, according to the company’s internal figures, a typical update would fix one vulnerability of some kind. The numbers started increasing last year—from one to two, then eight, then 15. The main driver of that increase is AI assistance.
A new version released in April fixed 22. One of those was the Carlini report, which WolfSSL rated as critical. The other 21 were rated high—one notch less serious, but still urgent. Several of the recently published disclosures credit Anthropic for helping find them.
Hu’s employer, WolfSSL, invites reports from outsiders who find bugs in its computer coding. Photo: Nick Iwanyshyn for The Logic
“The thing that all [LLMs] are the best in the world at is programming. This is primarily what they’ve been tuned for,” said Ian L. Paterson, CEO of Canadian cybersecurity company Plurilock. “The way that you find a vulnerability that you can craft into an exploit is generally you start with a bug and you see what you can do with that bug.”
An LLM doesn’t care whether you’re tightening up your own work or breaking into somebody else’s system. Paterson said Plurilock uses AI tools when it’s looking for holes in systems it’s paid to secure.
That doesn’t mean the bugs that LLMs find are necessarily big deals—or even real. Firms that offer bounties for good reports have been inundated with AI slop.
One of Hu’s WolfSSL co-workers, Daniel Stenberg, wrote cURL, a ubiquitous behind-the-scenes tool for online file transfers, and had been steadily paying bug bounties since 2019. In January this year, after paying out more than US$100,000 for 87 worthy reports over the years, he stopped. The volume of reports had gone up while the quality collapsed. Essentially, Stenberg was being spammed. But unlike junk emails, these reports all had to be taken seriously.
“The never-ending slop submissions take a serious mental toll to manage and sometimes also a long time to debunk. Time and energy that is completely wasted while also hampering our will to live,” he wrote.
Even before Anthropic revealed Mythos’s existence, though, people in the business had been noticing AI tools getting better at breaking into things.
“We’ve seen somewhere between a 10 and 100x compression in both time and cost to find real vulnerabilities that’s been building for, certainly, the last six months in public and potentially longer,” says Paterson.
With Mythos, Anthropic appears to have made two significant leaps compared to previous models. One is that Mythos can find bugs with little guidance—it doesn’t need to be pointed at particular code and nudged toward what to try.
The other is that it can combine bugs and vulnerabilities. “It’s able to put multiple attacks together in a way that only advanced security researchers have previously been able to do,” said WolfSSL’s chief technology officer, Todd Ouska.
“I use the word ‘stunning’ not to be dramatic. I’m really in awe and surprised and incredulous at what I’m seeing.”
Mythos is not magical, though, or even uniquely powerful. With much less fanfare, OpenAI released a model update in April—GPT-5.5—that the U.K.’s AI Security Institute said is just about as good at cyber tasks. Mythos is impressive but not a one-off, the government-sponsored research institute concluded, and the curve of capabilities is going to keep rising.
“If cyber-offensive skill is emerging as a byproduct of more general improvements in long-horizon autonomy, reasoning, and coding, we should expect further increases in cyber capability from models in the near future, potentially in quick succession,” the institute said in a report on OpenAI’s new model.
“Some of the stuff I’ve seen is just stunning to me,” says Jonathan Schaeffer, a professor emeritus of computer science at the University of Alberta who left academe to found his own AI company, Synsira Software. “I use the word ‘stunning’ not to be dramatic, but I’m really in awe and surprised and incredulous at what I’m seeing.”
Schaeffer devoted much of his academic career to devising artificial intelligences that could play games, including a checkers-oriented model called Chinook. Chinook was very good. In 1992, it competed against the world-champion checkers player in London, having placed second to him in a previous major tournament.
Draws are the norm in top-level checkers. The human, Marion Tinsley, took the best-of-40 series by winning four games to Chinook’s two, with 33 ties. However, Tinsley’s win in Game 18 has an unofficial asterisk.
“In a drawn position, my program died, and we lost the game on forfeit with hundreds of media there,” Schaeffer says. “It was horrible. It was embarrassing.”
To this day, Schaeffer doesn’t know why it happened. He’s convinced that the problem stemmed from having multiple iterations of the checkers AI running at once to come up with optimal moves. The catastrophic bug appeared twice in one day, and then never again.
“There’s nothing wrong with the program when you run it by itself, but when you get 16 copies working together, all interacting, something happens,” he says.
This is the kind of bug that Mythos seems adept at finding, he says—subtle ones that might never cause problems on their own.
“I couldn’t do this,” Schaeffer says. “We’re talking about millions of lines of code, and you’re looking for needles in haystacks.”
People working directly in cybersecurity might have been a bit rattled by what Anthropic says Mythos can do, but it’s passing.
“There’s never not a crisis happening in cybersecurity,” says Matt Holland, a former federal cyberspy who’s now CEO of Field Effect, an Ottawa cybersecurity company. “People who spend a lot of time in the trenches of cybersecurity aren’t necessarily panicking about this.”
However good AI models get, they aren’t creative. “We will see a higher volume of what is already known in regards to attack styles and vulnerability types,” Holland said. “We’re not going to see this thing produce some unknown vulnerability class or attack vector, because that’s not how LLMs work.”
Matt Holland, CEO of Field Effect, said cybersecurity types aren’t panicking about systems like Mythos. Photo: Justin Tang for The Logic
It does seem very likely, though, that we’re starting a period in which Mythos and its equivalents find bugs that have been sitting unnoticed in software for a long time. Bad actors trying to abuse them will race against good ones trying to fix them. Eventually, we’ll reach a new normal in which programmers use these tools to go over code before it goes into the wider world.
Bigger companies with major cybersecurity teams will get to the end of the bumpy ride first, Paterson expects, because they’ll make best use of Mythos and its AI-model cousins. Small companies that use the big ones’ products will tag along.
“My concern is particularly in the mid-market, where organizations are big enough to write their own code, but they’re maybe not big enough to fully staff and empower vulnerability management teams,” Paterson says. “I’d be particularly concerned about them being at risk to the bad guys.”
Hu says standard cyber hygiene is the best response for people who are trying to use software rather than write it. Programmers can fix their code but that doesn’t help if users don’t download and install the patched versions.
“The appropriate message is: ‘Please, please update. Please update,’” Hu says.
If cybersecurity pros are taking the arrival of these models with trained equanimity, others, like Schaeffer, are watching the exponential increase in AI’s coding capabilities with more wonder.
Schaeffer has not hauled Chinook out of virtual storage to see whether a 2026 coding AI can find the problem in his 1992 checkers algorithm. He’s got a company to run. But he has not forgotten.
“The bug bothers me. I will definitely go back and find it just because it’s a part of my life, and I want to get closure on that,” he says. “One day, once I sell out my shares of the company for $1 billion, then I will return back to the checkers project and get AI to answer the question for me.”