The $50 Exploit: Why Every Leader Needs to Read This
In February I wrote about an early signal of AI’s potential to find security vulnerabilities, what happened last week makes that look like a preview. Steve Gibson, one of the most respected and longest-standing voices in cybersecurity, host of the Security Now podcast for over two decades, cleared his entire show schedule to talk about one thing.
Not a breach. Not a ransomware campaign. Not a nation-state attack.
He called it “the single biggest thing to ever happen in security.” What happened last week not only caught the attention of the security community where it landed like a thunderclap, but also raised concerns from Bank of England Governor Andrew Bailey who warned it could make it easier for bad actors to detect and exploit vulnerabilities in core IT systems.
I’ve been listening to Steve’s podcast for a few years now and know when he is concerned about something it really is serious. After listening to his analysis of what Anthropic has just demonstrated with their new AI system Claude Mythos, I think he’s right. And I think most IT leaders haven’t yet appreciated what has changed, or how fast they need to respond. This article is a brief summary of the main points with some suggested action points.
The Uncomfortable Truth About “Good Enough” Security
Here’s the honest story of how software security has worked for the past few decades. We’ve been protected not primarily by the quality of our code, but by the difficulty of finding its flaws. Discovering a critical vulnerability in a major operating system or widely deployed library required extraordinary expertise, months of painstaking work, and often a degree of luck. The barriers were high enough that most vulnerabilities simply went undiscovered — sitting quietly inside systems we trusted, waiting for someone patient and skilled enough to find them.
Gibson put it plainly: the industry has long shipped software that was “good enough” — and warned that in light of what Mythos can do, good enough “may prove to be fatal.”
That protection — the friction of difficulty — has just been stripped away.
A Glimpse of What AI Can Now Do
Anthropic’s Claude Mythos is a new AI system that was assessed as too powerful and too dangerous to release publicly. Instead, Anthropic launched Project Glasswing — a controlled access programme bringing together AWS, Google, Microsoft, Apple, Cisco, CrowdStrike, NVIDIA and others — to use Mythos defensively, scanning critical software infrastructure before adversaries can exploit what it finds.
Why the urgency? Because in internal testing, Mythos did things that have genuinely shaken the security community.
It found a 27-year-old vulnerability in OpenBSD — an operating system used specifically because of its security reputation, running firewalls and critical infrastructure for some of the world’s most security-conscious organisations. The flaw would allow any attacker to remotely crash any machine running it, simply by connecting to it. Mythos found it autonomously, without human guidance, for a total compute cost of under $50.
Read that again. Fifty dollars. A working exploit against firewalls protecting corporate networks and government infrastructure, discovered in an afternoon by an AI asked simply to “look for something.”
It found a 16-year-old vulnerability in FFmpeg — the media processing library used by virtually every major platform that handles video. This flaw had survived millions of automated testing runs and review by countless human experts. Mythos found it, along with several others, in a matter of hours.
It found a 17-year-old remote code execution vulnerability in FreeBSD — one that allows a complete takeover of a server by an unauthenticated attacker from anywhere on the internet. Mythos didn’t just find it. It built a working exploit from scratch, autonomously, start to finish, with no human involvement after the initial instruction to look for bugs.
And these are only the vulnerabilities Anthropic can currently talk about. Over 99% of what Mythos found remains under responsible disclosure — meaning the patches don’t yet exist. Gibson noted that Anthropic has cryptographically committed to thousands of additional critical findings, effectively proving they hold discoveries they cannot yet reveal.
The Moment That Should Stop Every Leader Cold
Gibson highlighted one finding above all others for its implications.
Mythos identified exploitable vulnerabilities in every major web browser. In one case, it chained together multiple flaws to create a webpage that — when visited by any unsuspecting user — gives an attacker the ability to write directly to the operating system kernel. Drive-by. No interaction required beyond loading a page.
Gibson’s response was unambiguous. He called it “a deliberately unreleasable AI system.” Not because of what it represents for Anthropic’s technology, but because of what it means for the internet as it currently exists.
The software protecting billions of people was written by humans doing their best. Mythos has demonstrated that their best, measured against a sufficiently capable AI, was not enough.
This Isn’t About One Company’s AI
Here is where the story moves from remarkable to urgent.
Anthropic was first. They are not acting as though they will be last. Notably, independent analysis suggests that even lightweight, low-cost AI models may be approaching similar capabilities, meaning this is not a barrier only frontier labs can cross.
Gibson, who has spent years watching the security landscape, was direct on this point: the lead that Western technology companies hold over adversaries like China and North Korea is real, but it is not permanent. The same capability Anthropic used responsibly — disclosing findings, patching vulnerabilities, building defensive partnerships — will eventually be in the hands of actors with no such intention.
The window between now and then is measured in months, not years.
What makes this especially unsettling is that the world cannot be made safe in time. Decades of deployed software — legacy systems, unmaintained libraries, closed-source firmware in routers and appliances and industrial controllers — cannot all be audited and patched before that window closes. Gibson put it starkly: we are not ready, but that is not going to matter.
So What Does a Responsible Leader Do Right Now?
The instinct in moments like this is to wait for more information, or to assume that enterprise security vendors will handle it. That instinct is now a liability.
Here is what the situation actually demands:
Treat your vulnerability backlog as a crisis, not a queue. Mythos has demonstrated that flaws once considered too obscure or too difficult to exploit are neither. Prioritisation models built on historical exploit likelihood need to be revisited urgently.
Assume your perimeter tools are compromised. OpenBSD-based firewalls, widely trusted VPN endpoints, DNS infrastructure — these were specifically targeted because of their security reputations. If these have unknown critical flaws, assume everything else does too.
Move patch cycles from months to days. The wolfSSL vulnerability Mythos discovered — affecting five billion devices including routers, medical equipment, industrial systems and military infrastructure — was rated a perfect 10 in severity by Red Hat. The time between disclosure and exploitation is collapsing.
Invest in AI-powered defence now, not next budget cycle. The only credible response to AI-assisted attack capability is AI-assisted defence. Gibson’s framing is instructive: the advantage in this new landscape will belong to whichever side gets more from these tools. Defenders have a structural advantage — they know their own systems. But only if they act.
Build your intelligence network. Project Glasswing exists because no single organisation can hold this line alone. Engagement with industry bodies, government cyber agencies, and peer organisations is no longer optional due diligence — it is the architecture of collective defence.
Invest in your people. Non-experts at Anthropic were able to generate working exploits overnight using Mythos. Your adversaries will have equivalent tools before long. Your team needs to understand what that means, and be equipped to respond.
The Question Every Leader Should Be Asking
Gibson closed his analysis with an observation that has stayed with me.
Computers already beat us at chess. They beat us at Go. We accepted those losses because the stakes were abstract. Software is different. Software is the infrastructure of modern civilisation — the nervous system of healthcare, finance, energy, communications and defence.
The question for every IT leader reading this is not whether their systems contain vulnerabilities that a Mythos-equivalent tool would find. They do. Every major operating system. Every major browser. The libraries your applications depend on. The firmware in your network equipment.
The question is whether a defender or an adversary finds them first.
Anthropic chose to act responsibly with what they built. They disclosed. They partnered. They invested $100 million in credits to help secure critical infrastructure. They gave defenders a head start.
That head start exists right now.
The leaders who treat this moment as the watershed it is — who accelerate patching, adopt AI-powered defence tools, deepen their intelligence partnerships, and invest in their teams — will be the ones who can look back and say they were ready.
The rest will be dealing with the consequences.
When I listened to Gibson work through this, I found myself taking notes not as a curious observer but as someone thinking about my organisation. The head start is real. The question is what we do with it.
