Technical description
Analysis published by Help Net Security and the CSA Mythos-Ready briefing confirms that AI-driven vulnerability discovery has compressed the mean time from disclosure to confirmed exploitation to under 24 hours in 2026, down from 2.3 years in 2019. Claude Mythos Preview generated 181 working exploits against Firefox vulnerabilities where the previous best model succeeded only twice, achieving a 72% exploit success rate.
Attack vector
AI models autonomously discover vulnerabilities and generate working exploit chains without human guidance. The speed advantage eliminates the traditional patch window that defenders relied upon.
Affected systems
All internet-connected software. The briefing specifically highlights major operating systems, web browsers, and open-source libraries as demonstrated targets.
Mitigation
Adopt the CSA's priority actions: deploy LLM-based security review into CI/CD pipelines immediately, prepare infrastructure for simultaneous multi-vendor patch surges, update risk models to assume sub-24-hour exploit timelines, and formalise AI agent use across all security functions within 45 days.