Skip to main content
Hub365 AI
An AI Found a 27-Year-Old Bug 5 Million Fuzzers Missed - On Its Own (Claude Fable 5 and Mythos 5)
TechnicalJuly 3, 2026·11 min read

An AI Found a 27-Year-Old Bug 5 Million Fuzzers Missed - On Its Own (Claude Fable 5 and Mythos 5)

Fable 5 and Mythos 5 are the same model with different brakes. Here's the whole technical picture - what Mythos found on its own, how it differs from Fable, and why the real engineering lesson isn't the model, it's the harness.

T

Todd & Naty Ross

Share

Todd sent me the link on a Tuesday night with one line: "read this and tell me it isn't a before-and-after." It was the Anthropic Frontier Red Team post. I read it twice. An AI had found, on its own, a 27-year-old security flaw in OpenBSD - one of the most hardened systems on the planet - and written the exploit for it. Cost of the run that found it: under fifty dollars.

We've spent nearly three years building AI Systems for 220+ businesses, and we've learned to tell hype from real inflection points. This is the second kind. But the headline ("AI that hacks by itself") hides the part that actually matters if you build things. Let's get technical, no smoke.

01 · The staircase that led to Mythos

Mythos didn't come from nowhere. There were four clear steps, and each one has a name attached.

02 · What Mythos actually proved

Nearly all of these findings came with no human intervention after the initial prompt:

  • 27-year-old bug in OpenBSD (remote DoS via SACK): chained a range-start validation bypass with a signed 32-bit integer overflow that satisfies an "impossible" condition and triggers a NULL-pointer write.
  • 16-year-old bug in FFmpeg (H.264 codec): a memset(...,-1,...) creates a 65535 sentinel colliding with slice 65535. Introduced in 2010, hit by fuzzers five million times without detection.
  • Autonomous RCE in FreeBSD NFS (CVE-2026-4747): stack smash to ~20-gadget ROP chain split across six sequential RPC requests. Exploitable because the kernel uses -fstack-protector (not -strong) and the int32_t[32] buffer emits no canary.
  • Linux kernel exploit chains: chained up to four vulnerabilities (KASLR bypass + read + use-after-free + heap spray) to get root.
  • Firefox 147 benchmark: Opus 4.6 landed 2 working exploits out of several hundred attempts. Mythos: 181 working exploits + 29 with register control.

03 · Fable 5 vs Mythos 5: the technical difference almost nobody explains right

This is where most of the confusion lives, so be precise: Fable 5 and Mythos 5 are the same underlying model. Same weights, same capabilities, same price ($10 / $50 per million input / output tokens). The difference isn't the model. It's the guardrails.

If this "architecture wins, not the model" idea sounds familiar, it's because we live it. We break it down in Anthropic launches finance agents for SMBs: architecture wins.

04 · Why access is closed: Project Glasswing

Mythos isn't released to the public. Anthropic's reasoning is blunt: no lab - including Anthropic - has developed safeguards strong enough to prevent such models from being misused.

Hence Project Glasswing, a closed-access defensive coalition. It started with ~50 partners (AWS, Apple, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks) and grew to ~150 organizations across 15+ countries. Anthropic committed up to $100M in usage credits and $4M in donations to open-source foundations.

The logic is a race against the clock: if comparable capabilities will proliferate in 6-12 months anyway, better to give critical-infrastructure defenders an asymmetric edge first. One unique governance fact: the Frontier Red Team reports to policy (under co-founder Jack Clark), not technical security, with an explicit mandate to publish the risks it finds.

05 · The engineering lesson: the harness wins, not the model

If you build systems, this is the part you keep. Replicating Mythos's capability is impossible (it isn't released). Replicating its architectural discipline is not. The scaffolding that separates a mediocre system from a top-tier one:

We learned the hard way that separating always-on instruction from on-demand knowledge is what makes all of this scale - we tell that story in 3,000 agents in, we found out we were talking to Claude wrong.

06 · Where we are today: evolution and the export-control episode

Mythos 5 and Fable 5 hit general availability on June 9, 2026 at $10/$50 per million tokens, with a 30-day data-retention requirement for safety monitoring (not used for training).

And then something unprecedented happened.

The 5 experts to follow on this

1. Sean Heelan - independent researcher. Proved with o3 that an LLM could reason about kernel concurrency and find a real remote use-after-free. Honest about the hit rate (1/100) without downplaying the leap.

2. Nico Waisman - Head of Security at XBOW. His line: "For the first time in bug bounty history, an autonomous penetration tester has reached the top of the US leaderboard." Champions the hybrid model: the LLM explores, deterministic code verifies.

3. Bruce Schneier - security technologist. The essential skeptic. Called the announcement "very much a PR play" and warns that Mythos finds thousands of flaws but almost none have been patched; the "trust us" posture is a real problem.

4. Jack Clark - Anthropic co-founder, Head of Public Benefit. Leads the Anthropic Institute (which houses the Frontier Red Team). His team bets that 2026 is the year AI reaches expert - even superhuman - level in several cybersecurity domains.

5. The Big Sleep team (Google DeepMind + Project Zero). Proved first that an AI agent could foil a live, real-world attack. The reference point for pure defense.

A conversation from our kitchen


Building with AI and want it genuinely secure? Comment FABLE and our automation sends you the full technical guide + the scaffolding checklist instantly, free. Send FABLE on WhatsApp · EN · ES

Sources

July 3, 2026
Share

Related Articles

Ready to implement this for your business?

Hub365 AI handles GEO, SEO, AI tools, and automation - in English and Spanish.

Book a Free Strategy Call