Anthropic study shows AI can build working exploits from security patches in hours, not weeks

https://preview.redd.it/bj4cb914nm6h1.png?width=1376&format=png&auto=webp&s=503dba9ffad477c7e72f000305d9c59e2edb846a Anthropic's security team systematically measured how fast large language models can exploit known vulnerabilities in Firefox and Windows. The study revealed that a single operator can now turn a month's worth of patches into working exploits in an afternoon for a few thousand dollars with no expert knowledge. Testing 6 Claude models, the researchers targeted 18 SpiderMonkey patches in Firefox. Mythos Preview successfully cracked 14 vulnerabilities, producing 8 working exploits in roughly 12 hours. The first exploit was ready in an hour, 18 days before the patched Firefox 148 officially shipped. In a second test, the model targeted 21 Windows kernel vulnerabilities. Mythos Preview found 18 flaws in under 6 hours for $2,200 in API costs and built 8 complete privilege escalation chains for $15,700. In contrast, Windows Autopatch takes 7 days to deploy security updates to 90 percent of devices. Source: [https://the-decoder.com/anthropic-study-shows-ai-needs-hours-not-weeks-to-build-exploits-from-security-patches/](https://the-decoder.com/anthropic-study-shows-ai-needs-hours-not-weeks-to-build-exploits-from-security-patches/)