By rssfeeds-admin 
That’s the conclusion of Cloudflare’s security team, which spent several weeks running Mythos Preview across more than 50 internal repositories as part of Anthropic’s invite-only Project Glasswing.
The results carry a stark signal for both defenders and threat actors: the gap between “we found a flaw” and “here is a working exploit” is rapidly closing.
Earlier frontier AI models tested by Cloudflare could identify individual vulnerabilities and write coherent descriptions of why they mattered.
Mythos Preview Automates PoC Exploited
What they consistently failed to do was finish the job; exploit chains remained incomplete, and exploitability stayed unproven. Mythos Preview changes that in two concrete ways.
Exploit chain construction enables the model to take multiple low-severity primitives, a use-after-free bug, an arbitrary read/write, a return-oriented programming (ROP) gadget, and reason through how they combine into a single, higher-severity working exploit.
Bugs that would have languished in a security backlog become actionable attack paths.
Proof generation means the model writes code to trigger a suspected bug, compiles it in a sandboxed environment, runs it, reads the failure output, adjusts its hypothesis, and iterates until it either confirms or rules out exploitability.
A confirmed finding arrives with a PoC attached, significantly compressing triage time. Two factors dominate false positive rates in AI-assisted vulnerability research: programming language and model bias.
C and C++ codebases generate significantly more noise than memory-safe languages like Rust, while models tuned to report speculatively flood triage queues with hedged language “possibly,” “potentially,” “could in theory.”
Mythos Preview noticeably reduces this problem. Its output features fewer hedged conclusions, clearer reproduction steps, and PoC code that sharpens the fix-or-dismiss decision considerably.
Cloudflare found that pointing any AI model directly at a repository produces poor coverage. Effective vulnerability research demands a custom execution harness built around several key principles:
- Narrow scope — scoping each agent task to a specific function, attack class, and trust boundary produces sharper findings than broad repository-wide prompts
- Adversarial review — a second independent agent using a different prompt and model reviews findings specifically to disprove them, catching a significant fraction of noise the first agent misses
- Chain splitting — treating “is this code buggy?” and “can an attacker reach this from outside?” as separate tasks produces better reasoning on both questions.
- Parallel narrow tasks — running approximately fifty concurrent agents on tightly scoped hypotheses, then deduplicating results, outperform any single exhaustive agent.
Their full pipeline covers recon, hunt, validate, gapfill, dedupe, trace, feedback, and report stages. A final trace stage determines whether attacker-controlled input can actually reach a confirmed bug from an external entry point.
Despite operating under reduced safeguards within Project Glasswing, Mythos Preview exhibited inconsistent organic refusals: in some cases, declining to write demonstration exploits, while completing equivalent tasks when framed differently.
Cloudflare flagged this directly: emergent guardrails alone are not a reliable safety boundary. The same capabilities that accelerate Cloudflare’s internal bug discovery will accelerate attacks against internet-facing applications.
Architectural defenses sitting in front of applications, limiting blast radius, and enabling simultaneous global patch rollout are increasingly urgent as the window between vulnerability disclosure and active exploitation continues to shrink.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post Mythos Preview Automates PoC Exploit Development for Research appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.