Anthropic study shows AI needs hours, not weeks, to build exploits from security patches

2026-06-10 · Source: The Decoder · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Emerging Technologies & Innovation · Depth: Intermediate, medium

Summary

An Anthropic security research study, published June 10, 2026, demonstrates that large language models (LLMs) can rapidly develop exploits from software security patches. The study tested six Claude models, including the unreleased Mythos Preview, against Firefox's SpiderMonkey engine and Windows kernel vulnerabilities. Mythos Preview crashed 14 of 18 Firefox vulnerabilities within 40 minutes, generating 8 exploits in 12 hours. The first was ready within an hour, 18 days before Firefox 148 shipped. Against 21 Windows kernel vulnerabilities, Mythos Preview identified 18 in under six hours for about \$2,200. It built 8 full privilege escalation chains for roughly \$15,700, all before typical patch deployment. This capability, also present in public and open-source models, renders traditional "N-Day" patch strategies obsolete. It replaces them with an "N-Hour" reality, increasing risk for slow-to-update systems.

Key takeaway

For Security Engineers managing patch deployment, you must recognize that traditional "N-Day" vulnerability windows are now "N-Hour." Your patch management strategies, especially for critical systems, require immediate acceleration. You should prioritize rapid deployment, consider automated patching solutions like Windows Autopatch, and advocate for memory-safe language adoption in development. Re-evaluate your organization's vulnerability risk assessments, as LLMs can exploit flaws previously deemed "unlikely."

Key insights

LLMs can build software exploits from patches in hours, not weeks, fundamentally changing cybersecurity defense timelines.

Principles

• Security patches now serve as attacker roadmaps.
• Microsoft's vulnerability ratings need recalibration.
• Memory-safe languages reduce bug sources.

Method

LLMs analyze patch diffs, debug symbols, and public advisories to reverse-engineer vulnerabilities and generate working exploits, even without source code access.

In practice

• Prioritize patching critical systems immediately.
• Invest in memory-safe language adoption.
• Re-evaluate vulnerability risk assessments.

Topics

• Large Language Models
• N-Day Exploits
• Cybersecurity Patches
• Vulnerability Research
• Windows Kernel Security
• Firefox Security

Code references

• nationalsecurityagency/ghidra

Best for: CTO, VP of Engineering/Data, Executive, AI Security Engineer, Security Engineer, AI Scientist

Related on AIssential

• Measuring LLMs' Impact on N-day Exploits — LLMs, particularly Claude Mythos Preview, drastically accelerate N-day exploit creation, making patch gaps critically dangerous.
• AI turns patches into working exploits in 30 minutes, and the 90-day disclosure window is the casualty — AI language models accelerate vulnerability discovery and exploit generation, invalidating traditional 90-day disclosure policies.
• Over 80% of Organizations that Miss 24-Hour Patch Window Report Security Incidents Involving Known Vulnerabilities — Runtime protection and rapid mitigation are critical as AI shrinks vulnerability exploitation windows.
• Microsoft patches record 198 Windows bugs in June update - and 3 are zero days — AI-assisted analysis, exemplified by Claude Mythos, dramatically accelerates vulnerability discovery and patching in software.
• Given Enough Agents, All Bugs Become Shallow — AI agents are rapidly advancing offensive security capabilities, enabling faster vulnerability discovery and exploit generation.
• Context-Fractured Decomposition Attacks on Tool-Using LLM Agents: Exploiting Artifact Provenance Gaps — Context-Fractured Decomposition (CFD) attacks exploit untracked artifact provenance in LLM agents, enabling delayed, multi-step jailbreaks.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by The Decoder.