AI-Driven Cyber Attacks: The Rise of Autonomous Exploits

AI-Driven Cyber Attacks: The Rise of Autonomous Exploits

First seen 13 May 2026, 13:25 UTC ScworldBleepingcomputerhubs.lywww.picussecurity.com 83% similarity 71.0

Article Content

Browse articles
ThreatCluster

In April 2026, Anthropic's AI model Mythos autonomously discovered 181 exploits for Firefox and identified thousands of zero-day vulnerabilities across major operating systems and browsers, including a 27-year-old bug in OpenBSD. This model's capabilities have significantly outpaced traditional vulnerability management, with over 99% of its findings remaining unpatched. The speed of exploitation has drastically reduced, with a median time from CVE publication to active exploit now around 10 hours. The FortiGate campaign, executed by a low-skill operator using AI, demonstrated the effectiveness of known vulnerabilities and misconfigurations in launching attacks. Security teams are urged to adapt their defenses to match the rapid evolution of offensive capabilities. The situation highlights an urgent need for improved vulnerability management and response strategies in cybersecurity.

Key Points: • Anthropic's Mythos model found 181 exploits and thousands of zero-days in just 14 days. • Over 99% of vulnerabilities identified by Mythos remain unpatched, highlighting a critical gap in defense. • The speed of exploit development has decreased to a median of 10 hours from CVE publication to active exploitation.

ThreatCluster AI

Timeline

2026-04-01
Anthropic releases Mythos model
Anthropic launched its AI model Mythos to twelve partners, designed to autonomously find vulnerabilities.
Bleepingcomputer
2026-04-15
Mythos identifies 181 Firefox exploits
In its first 14 days, Mythos autonomously generated 181 working exploits for Firefox, showcasing advanced capabilities.
Bleepingcomputer
2026-04-15
Thousands of zero-days discovered
Mythos surfaced thousands of zero-day vulnerabilities across major OS and browser families, including a 27-year-old bug in OpenBSD.
Bleepingcomputer
2026-05-12
First AI-assisted zero-day exploited reported
Google confirmed the first instance of an AI-assisted zero-day exploit in the wild, indicating a new threat landscape.
Scworld
Recent
FortiGate campaign analysis published
AWS Threat Intelligence released a postmortem on a campaign that exploited known vulnerabilities across 2,516 devices globally.
Bleepingcomputer

Community

Browse all →