Cloudflare’s Claude Mythos Test: AI That Can Chain Bugs Into Working Exploits

That type of reasoning—connecting attack primitives into a full chain—is usually the work of experienced human security researchers.

Autonomous Proof‑of‑Concept Exploit Generation

Another key finding was Mythos’s ability to create proof‑of‑concept (PoC) exploits automatically.

According to Cloudflare’s observations, the model could:

• Write code designed to trigger a vulnerability
• Compile and run the exploit in a testing environment
• Inspect the output or failure
• Adjust its approach and retry

This iterative process allowed the model to move from vulnerability discovery to practical exploitation validation with minimal human intervention.

For security teams, generating PoC code is often the step that proves whether a bug is actually exploitable. Automating that stage significantly reduces the manual effort required to confirm and prioritize vulnerabilities.

Evidence of Advanced Exploit Reasoning

Anthropic’s own documentation about Mythos Preview also describes broader capabilities demonstrated during internal testing. These include:

• Identifying zero‑day vulnerabilities in real open‑source codebases
• Reverse‑engineering exploit techniques for closed‑source software
• Turning N‑day vulnerabilities (known but unpatched flaws) into working exploits

These claims reinforce the model’s focus on structured vulnerability analysis and exploit reasoning rather than general coding tasks.

Limitations: False Positives and Safety Inconsistencies

Despite its advanced capabilities, Cloudflare’s testing also revealed important weaknesses.

False positives

The model sometimes reported vulnerabilities that were not actually exploitable or were incorrectly classified. Projects written in memory‑unsafe languages, such as C or C++, tended to produce more of these false alarms, meaning human validation remains necessary.

Uneven refusal behavior

Cloudflare also observed inconsistent safety behavior. In some cases, the model would identify an exploit path but then refuse to demonstrate or complete it due to built‑in safety controls. In other cases, it proceeded further before stopping.

These inconsistencies highlight how difficult it is to balance useful security research capabilities with safeguards against misuse.

Why These Results Matter for Cybersecurity

The experiment underscores a broader shift in how AI may reshape vulnerability research.

For defenders, systems like Mythos could:

• Discover complex vulnerability chains that traditional scanners miss
• Rapidly validate exploitability
• Help prioritize which vulnerabilities need immediate fixes

However, the same capabilities create risks if they fall into the wrong hands. If models can automatically move from bug discovery to working exploit code, the barrier to launching sophisticated attacks could fall dramatically.

Cloudflare’s takeaway was that simply patching faster may not be enough in an AI‑accelerated security landscape. Organizations may need new approaches to vulnerability management that assume attackers will eventually have similar automated capabilities.

The Emerging Dual‑Use Problem

Claude Mythos Preview illustrates a classic dual‑use technology challenge.

• In defensive environments, it can help uncover vulnerabilities before attackers do.
• In offensive contexts, the same automation could accelerate exploit development.

Because of these concerns, Mythos Preview is currently not publicly released and is instead being shared with selected organizations for defensive testing through Project Glasswing.

The Cloudflare tests show why: AI models are beginning to move beyond simple code assistance toward full‑stack vulnerability discovery and exploitation reasoning—a capability that could transform both cyber defense and cyber offense in the years ahead.