AI-Driven Cyber Attacks: The Rise of Autonomous Exploits

Severity: High (Score: 71.0)

Sources: hubs.ly, Bleepingcomputer, Scworld, www.picussecurity.com

Summary

In April 2026, Anthropic's AI model Mythos autonomously discovered 181 exploits for Firefox and identified thousands of zero-day vulnerabilities across major operating systems and browsers, including a 27-year-old bug in OpenBSD. This model's capabilities have significantly outpaced traditional vulnerability management, with over 99% of its findings remaining unpatched. The speed of exploitation has drastically reduced, with a median time from CVE publication to active exploit now around 10 hours. The FortiGate campaign, executed by a low-skill operator using AI, demonstrated the effectiveness of known vulnerabilities and misconfigurations in launching attacks. Security teams are urged to adapt their defenses to match the rapid evolution of offensive capabilities. The situation highlights an urgent need for improved vulnerability management and response strategies in cybersecurity. Key Points: • Anthropic's Mythos model found 181 exploits and thousands of zero-days in just 14 days. • Over 99% of vulnerabilities identified by Mythos remain unpatched, highlighting a critical gap in defense. • The speed of exploit development has decreased to a median of 10 hours from CVE publication to active exploitation.

Key Entities

• Data Breach (attack_type)
• Zero-day Exploit (attack_type)
• FortiGate Campaign (campaign)
• Mexico (country)
• T1003 - OS Credential Dumping (mitre_attack)
• T1505.003 - Web Shell (mitre_attack)
• AWS (company)
• Firefox (platform)
• Fortigate (platform)
• OpenBSD (platform)
• Mythos (tool)