Anthropic's AI Discovers Thousands of Zero-Days. What That Means for Swiss Cybersecurity.

A vulnerability in OpenBSD, one of the most security-focused operating systems in the world, sits undetected for 27 years. What security experts call a zero-day vulnerability, a security flaw that the software vendor doesn’t know about yet, often requires a combination of security expertise and domain knowledge that rarely exists in one person or one team. In April 2026, Anthropic’s Claude Mythos model found it.

But it found far more than one. Mythos discovered thousands of zero-day vulnerabilities across every major operating system and browser, many of them a decade or two old. And Anthropic’s response to its own creation tells you everything about how seriously to take this. They refused to release it publicly.

This article breaks down what Mythos found, why it changes the threat landscape, and what it means for cybersecurity in Switzerland, where businesses know the risk but aren’t keeping up.

What Mythos found

Mythos is a general-purpose large language model (LLM), not a dedicated security tool. But during testing, Anthropic found it to be strikingly capable at computer security tasks, identifying vulnerabilities in every major operating system and every major web browser. Many of these flaws were 10 to 20 years old. The oldest was a 27-year-old bug in OpenBSD. Another was a 16-year-old vulnerability in FFmpeg, a video processing library used by most streaming platforms, media players, and video conferencing tools.

What sets this apart from a traditional security audit is the complexity of what Mythos can find and exploit. It autonomously identified use-after-free vulnerabilities, chained together heap spray exploits that escaped both renderer and OS sandboxes, and wrote a remote code execution exploit for FreeBSD’s NFS server that gained full root access across a chain of 20 packets. It even found a vulnerability in a production virtual machine monitor written in Rust, a programming language specifically designed to prevent the kind of memory corruption bugs that cause most security flaws.

These are not the kind of bugs a scanner picks up. They require understanding both how the target software works and how to subvert it, a combination that historically demanded years of specialized experience.

From hallucination to exploitation

Until recently, AI was more noise than signal in security research. LLMs hallucinated vulnerabilities, generated invalid exploits, and flooded bug bounty platforms with false reports. Many security researchers assumed that AI would not meaningfully contribute to vulnerability discovery any time soon.

Mythos broke that assumption. In Anthropic’s own benchmarks on Firefox exploit writing, the company’s publicly available models already show a steep progression. Sonnet 4.6 succeeded in 4.4% of trials. Opus 4.6, currently the top-ranked LLM, reached 14.4%. That alone is a significant jump. But Mythos operates on a different level entirely, succeeding in 72.4% of trials.

Why Anthropic locked it down

Anthropic chose not to release Mythos publicly, and the reasons go beyond standard caution. During testing, the model escaped its sandbox and emailed researchers. The capability it demonstrated creates a fundamental asymmetry. Defenders have to be right every time. Attackers only once. Giving everyone access to a tool that finds and exploits zero-days at scale would, in Anthropic’s assessment, benefit attackers disproportionately.

Instead, Anthropic launched Project Glasswing, a $100M defensive initiative providing Mythos access to roughly 50 partner organizations including Cisco, Nvidia, Microsoft, Palo Alto Networks, and Broadcom. These are the companies whose software runs most of the world’s critical infrastructure. The goal is to find and fix vulnerabilities before they are exploited in the wild.

The implications reached the highest levels. Federal Reserve Chair Powell and Treasury Secretary Bessent met with major bank CEOs specifically to discuss the cybersecurity risks Mythos represents.

But Mythos is not the only concern. Researchers point out that smaller, openly available models can already achieve comparable results with more manual effort. The trajectory is clear. What Mythos does today, widely available models will do soon. This is why the structural problems in cybersecurity need attention now, not once the next model drops.

The patch-speed gap

Even before AI entered the picture, the math was already bad. In 2023, the average time-to-exploit for newly disclosed vulnerabilities dropped to just 5 days, down from 32 days the year before. On the other side, organizations take an average of 60 days to patch critical vulnerabilities, and for lower-severity issues, 88 to 208 days.

The gap is widening. In 2025 alone, 48,196 CVEs were published, roughly 132 per day. And analysis of CISA’s Known Exploited Vulnerabilities catalog shows that 85% of entries remain unremediated at 30 days, and 50% are still unpatched at 55 days.

When an AI can find a zero-day in hours and a working exploit follows in the same session, a 60-day patch cycle becomes an open window for threat actors.

The Swiss reality

Switzerland is not immune, and the data tells a specific story.

BACS (the Federal Office for Cybersecurity) recorded 62,594 cyber incidents in 2024, a 28% increase over 2023. By October 2024, a new incident was being reported every 8.5 minutes. The first half of 2025 saw 35,727 reports, suggesting the trend is accelerating.

The SME Cybersecurity 2025 study (conducted by digitalswitzerland, Die Mobiliar, SATW, FHNW, and YouGov) reveals a paradox. 88% of Swiss SMEs recognize cybercrime as a serious threat, but only 42% feel well-protected. Only 20% conduct security audits. Only 30% have a security concept, staff training, or an emergency plan. And the willingness to invest is declining. Only 40% plan to increase spending, down from 48% the year before.

One in six Swiss SMEs has been hit by a cyberattack in the last five years. Only 56% of SME leaders feel well-informed about cyber risks. Swiss executives prioritize cyber risk mitigation at 65% (above the 57% global average), but that priority is not translating into action on the ground.

Since April 2025, critical infrastructure operators in Switzerland must report cyberattacks to BACS within 24 hours, aligning Switzerland with the EU’s NIS2 directive. And a March 2026 study by the National Test Institute for Cybersecurity (NTC) tested roughly 30 common office peripherals used across Swiss workplaces (keyboards, webcams, conferencing hardware) and found over 60 vulnerabilities, including 3 critical. The attack surface extends to devices most businesses never think to secure.

What you can do now

Mythos represents a capability shift at the top of the threat chain. Small businesses and individuals cannot match that capability, but they can close the gaps that have always existed and that AI-powered attacks will exploit first.

Keep everything updated. Operating systems, browsers, firmware, applications. Enable automatic updates wherever possible. If a device does not support auto-updates, treat that as a risk factor. Check whether your hardware has reached end-of-life: devices that no longer receive security patches will never be fixed.

Use a password manager. Not because it protects against zero-day exploits, but because it eliminates the credential-stuffing surface. The average person manages 255 passwords, and 78% reuse them across accounts. A single breach cascades. Worth noting, Gen X has the lowest password manager adoption at just 33%, and that is the demographic most likely to be leading a Swiss SME.

Enable two-factor authentication on every account that supports it. Prioritize email, banking, and cloud storage.

Use DNS-level filtering. Services like Quad9 or NextDNS block known malicious domains at the network level before a connection is even established. Not a substitute for endpoint protection, but a layer that covers every device on your network, including the ones you forget about.

Evaluate your vendors. How fast do they ship security updates? Do they have a public vulnerability disclosure policy? Do they support automatic firmware updates? These are buying criteria now, not nice-to-haves.

If you are building a security stack from scratch, our guide for founders and small teams overview cover the practical tooling in more detail.

The window in between

Long-term, AI-assisted vulnerability research will make software more secure. Models like Mythos, in the hands of defensive teams through initiatives like Project Glasswing, can find and fix decades-old flaws that human researchers missed. The trajectory points toward safer code.

But there is a window in between: a period where AI exploit capability is advancing faster than most organizations can respond. For Swiss SMEs, the threat is recognized, but the response is not matching.

The tools and practices to close these gaps exist today. The question is adoption, and the clock just got faster.