Measuring LLMs' Ability to Develop Exploits

· Source: Anthropic Frontier Red Team Blog · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Expert, long

Summary

Anthropic's Claude Mythos Preview model demonstrates a significant advancement in exploit development capabilities, outperforming previous frontier models. Released carefully through Project Glasswing, Mythos Preview can identify complex vulnerabilities, create exploit primitives, and combine them into full attack chains. New quantitative benchmarks, ExploitBench and ExploitGym, were developed to precisely measure these capabilities, as existing public benchmarks were insufficient. On ExploitBench, focusing on 41 V8 engine vulnerabilities, Mythos Preview achieved arbitrary code execution (ACE) on 21 CVEs, while no other model achieved even one. ExploitGym, covering 898 vulnerabilities across OSS-Fuzz, V8, and Linux kernel, saw Mythos Preview achieve 157 intended vulnerability exploits within two hours, significantly more than Opus 4.6's 15. Furthermore, an updated SCONE-bench for smart contract exploitation showed Mythos Preview exploiting \$35 million worth of contracts, a 75% increase over the next best model, and exploiting every tested vulnerability. This performance suggests exploit development expertise will become commoditized.

Key takeaway

For AI Security Engineers assessing LLM-driven threats, Claude Mythos Preview's advanced exploit capabilities mean you must re-evaluate your defense strategies. This model can achieve arbitrary code execution and exploit smart contracts worth millions, indicating a rapid commoditization of exploit development. You should prioritize developing more sophisticated, LLM-aware security measures and actively engage with new, high-quality benchmarks like ExploitBench and ExploitGym to understand evolving risks.

Key insights

Claude Mythos Preview significantly advances LLM exploit development, achieving end-to-end attacks and outperforming prior models on new benchmarks.

Principles

Method

ExploitBench decomposes exploit development into 16 programmatically verified capabilities across five tiers, testing against V8 engine vulnerabilities with a 300-turn budget and adaptive prompting.

In practice

Topics

Code references

Best for: CTO, VP of Engineering/Data, Research Scientist, AI Security Engineer, AI Scientist, Director of AI/ML

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Anthropic Frontier Red Team Blog.