Anthropic’s Claude Mythos Preview has identified numerous Mythos AI zero-day vulnerabilities and DeFi security risks, affecting major operating systems and browsers. This includes cryptography libraries vital for the security of decentralized finance (DeFi) systems. Notably, Mythos detected a 27-year-old bug in OpenBSD and a 16-year-old flaw in FFmpeg, both of which had gone unnoticed by conventional security tools. With approximately $200 billion at stake in DeFi smart contracts across platforms like Ethereum and Solana, these vulnerabilities pose significant security threats.
Mythos AI Zero-Day Vulnerabilities and DeFi Security Risk
Mythos AI has identified several critical software vulnerabilities impacting cryptography and DeFi systems. Among these, a 27-year-old bug was discovered in OpenBSD, unnoticed despite extensive use in various systems. This vulnerability could have been addressed for less than $50 in computational resources. Another significant issue lies in a 16-year-old flaw in FFmpeg, which had evaded detection by automated security tools scanned five million times. Mythos AI also demonstrated the capability to chain four separate browser vulnerabilities, effectively bypassing two layers of security using a crafted exploit.
In addition to these findings, Mythos AI converted a known Linux vulnerability into an operable attack in less than a day, at a modest cost of under $2,000, a task that typically requires weeks for skilled researchers. Critical cryptographic protocols, including TLS, AES-GCM, and SSH, were also found to have security flaws potentially threatening the broader cybersecurity landscape. These findings underscore the heightened risks to DeFi’s open-source protocols, particularly with $200 billion in smart contracts at stake, emphasizing the need for robust and proactive security measures.
Mythos AI zero-day vulnerabilities and DeFi security risk
Mythos Preview identified thousands of zero-day vulnerabilities across every major operating system and browser, including in cryptography libraries that DeFi infrastructure depends on. DeFi protocols are open source software; their code is publicly readable by anyone, including a model like Mythos. Mythos found security flaws in TLS, AES-GCM, and SSH. There is roughly $200 billion locked in smart contracts across Ethereum, Solana, and other chains.
Mythos operates beyond human auditors and automated scanners. It wrote a browser exploit that chained four separate vulnerabilities together to break through two layers of security. It turned a publicly known Linux vulnerability into a full working attack in under a day for under $2,000, a task that would normally take weeks for a skilled human researcher. Mitigations whose security value comes primarily from friction rather than hard barriers may become considerably weaker against model-assisted adversaries.
Multisig governance, timelocks, and audit reports are friction-based defenses. These defenses may become considerably weaker against model-assisted adversaries.
Mythos Preview identified thousands of zero-day vulnerabilities across major operating systems and browsers, including weaknesses in cryptography libraries that underpin decentralized finance, while there is roughly $200 billion locked in smart contracts across Ethereum, Solana, and other chains. Because DeFi protocols are open source and publicly readable, and because Mythos operates beyond human auditors and automated scanners, friction-based mitigations such as multisig governance, timelocks, and audit reports may become considerably weaker against model-assisted adversaries.
