AI Cracks Security Patches in Hours, Not Weeks

Key Takeaways

• Anthropic's Mythos Preview model produced a working Firefox exploit within one hour of patch release
• A lone operator can generate exploits from a month's patches for about $2,000 in API costs
• The study challenges the N-day vulnerability model, suggesting N-hour is more accurate

The cybersecurity industry has operated on a comfortable assumption for years: when a software patch drops, defenders have days or weeks before attackers can reverse-engineer it into a working exploit. New research from Anthropic says that buffer has shrunk to hours.

Anthropic's security team systematically tested how fast their large language models could analyze patches and produce functional exploits. The results are stark. Their Mythos Preview model crashed 14 out of 18 Firefox vulnerabilities within three hours of seeing the patches. The first proof-of-concept appeared after just 12 minutes.

“A lone operator can now turn a month's worth of patches into working exploits in a single afternoon—for a few thousand dollars and with no specialized expertise.”

— Anthropic Security Research Team

How Patch Diffing Became a Machine-Speed Problem

Security patches contain an implicit confession: they reveal exactly where the bug was. Attackers have always known this. The technique is called patch diffing. You compare the old code with the new code, find what changed, and work backward to understand the vulnerability.

This used to require specialized skills and significant time. A 2020 Mandiant analysis found that 16 out of 25 vulnerabilities took a month or longer to be exploited after patches released. That gap gave organizations breathing room to update their systems.

Large language models compress this timeline dramatically. Anthropic tested six Claude models against 18 security patches for SpiderMonkey, Firefox's JavaScript engine. They chose Firefox deliberately. The browser auto-updates, and Mozilla recently moved from monthly to weekly minor releases. If any software should be resilient to this threat, Firefox should.

The Numbers That Should Worry Security Teams

Mythos Preview, Anthropic's unreleased model, outperformed every other version tested. It crashed 14 of 18 vulnerabilities, with 13 proofs-of-concept arriving within 40 minutes. The 14th took about three hours. For comparison, Opus 4.5 managed just 2, while Opus 4.8 hit 11.

Reliability mattered too. In tests with 50 runs per vulnerability, Mythos Preview reproduced seven out of 18 bugs on every single attempt. Opus 4.8 and Opus 4.6 achieved that consistency for only one vulnerability each.

But crashing a system is not the same as exploiting it. The more concerning metric is how many bugs the models could turn into actual code execution. Mythos Preview produced eight working exploits in about twelve hours. The first was ready within an hour of the patch going live. That was 18 days before Firefox 148 shipped to most users.

Windows Kernel: Even Faster

Firefox was not the only target. Anthropic also tested against Windows Kernel vulnerabilities, arguably a more valuable target for attackers. The results were similar or worse for defenders.

According to the research, one Windows Kernel proof-of-concept took just 31 minutes. The economics are equally accessible. Anthropic estimates a lone operator could process a month of patches into working exploits for roughly $2,000 in API credits.

From N-Day to N-Hour

The cybersecurity industry has long talked about N-day vulnerabilities. The term refers to the window between a patch's release and when attackers can weaponize it. Enterprise patching cycles often stretch to 30, 60, or 90 days. Many organizations assumed they were racing against human attackers who needed similar timeframes to reverse-engineer fixes.

“N-day has become dangerously misleading. N-hour is closer to the reality we now operate in.”

— Anonymous Cybersecurity Analyst

This assumption now looks dangerously outdated. According to Verizon's data breach report, N-day vulnerabilities cause a significant share of real-world breaches. If AI can compress exploitation timelines from weeks to hours, traditional patch management strategies become inadequate.

The Security Community Responds

Discussion on Hacker News and cybersecurity forums has been intense. Many senior engineers expressed alarm at how accessible these capabilities have become. A common theme: if AI can weaponize patches this quickly, companies need AI-driven defense systems to keep pace.

Some skeptics questioned whether Anthropic's test environment was representative. They argued that real-world exploitation often involves additional hurdles like memory layout randomization and sandboxing. But the consensus acknowledges this as a significant milestone, even if the models do not yet achieve 100% real-world reliability.

What This Means for Patch Strategy

The study does not offer easy solutions. It surfaces a problem that was always lurking: patching has been too slow for the threat environment. AI just removed the remaining buffer.

• Automated patching becomes essential, not optional. Manual approval workflows measured in days are now liabilities.
• Security teams need to assume zero-day-like urgency for all critical patches, not just high-profile vulnerabilities.
• Organizations should evaluate AI-assisted defense tools that can detect and respond to exploitation attempts in real time.
• Vendors may need to reconsider how much information patches reveal about underlying vulnerabilities.

Frequently Asked Questions

What is an N-day vulnerability?

An N-day vulnerability refers to a security flaw that has been publicly disclosed and patched, but not yet updated on all systems. The 'N' represents the number of days since the patch was released, during which unpatched systems remain vulnerable.

How fast can AI create exploits from patches?

According to Anthropic's research, their Mythos Preview model produced a working proof-of-concept exploit in as little as 12 minutes. A full arbitrary code execution exploit for Firefox was ready within one hour of the patch release.

What is patch diffing?

Patch diffing is the process of comparing old and new versions of software code to identify what changed. Attackers use this technique to reverse-engineer the vulnerability that a security patch was designed to fix.

How much does it cost to use AI for exploit generation?

Anthropic estimates that a single operator could process a month's worth of patches into working exploits for approximately $2,000 in API credits, requiring no specialized security expertise.

Which software did Anthropic test against?

Anthropic tested against 18 security patches for SpiderMonkey, Firefox's JavaScript engine, as well as Windows Kernel vulnerabilities. Firefox was chosen because its automatic updates represent a best-case scenario for defenders.

Source: The Decoder / Matthias Bastian