VIDOC
|6 MIN READ

Reality Check on the Mythos Hype: AI Vulnerability Discovery Is Already Business as Usual

AI-assisted vulnerability discovery is already operational reality, not a futuristic breakthrough. The real shift is that exploit development and validation are becoming cheap enough to scale for both defenders and nation-state attackers.

Klaudia Kloc
Klaudia Kloc

Anthropic’s recent Claude Mythos Preview announcement1 has sparked a wave of excitement, with its reported discovery of a 27-year-old OpenBSD bug being hailed by some as a breakthrough moment for cybersecurity.

But let's be real: using Large Language Models (LLMs) to discover vulnerabilities is not a groundbreaking new phenomenon. The academic literature has been tracking LLM-based vulnerability detection for years.2 And at Vidoc Security Lab, we have been actively doing this for a while with both Anthropic and OpenAI models. The real story isn't that AI can finally spot bugs—it's that the broader industry is finally paying attention.

Finding Linux 0-days is not an exclusive superpower of Anthropic's newest controlled-release model. In fact, we recently used our own engine to actively discover novel vulnerabilities in the Linux Kernel—arguably some of the most secure software in the world. While we cannot publicly disclose the full exploit details of these zero-days just yet, they resulted in a series of direct patches from Linux kernel maintainer Greg Kroah-Hartman. What previously required hundreds of hours of manual labor to discover and validate was accomplished by our LLM in mere hours, with an entire batch of vulnerabilities found over just a 14-day span. If we are doing this, you have to imagine what state-sponsored threat actors in Russia or North Korea are already doing with these tools.

If you want more proof that AI vulnerability discovery is already a daily reality, look no further than our automated scans of major open-source projects. We recently tested top open-source repositories using a mix of frontier models, including OpenAI's o3, Google's Gemini 2.5 Pro, and Anthropic's Sonnet 4. The results were immediate and severe. Using these models, we uncovered a Server-Side Request Forgery (SSRF) vulnerability allowing internal network access in Firecrawl, a highly popular project. The bug was in the isIPv4Private function, which failed to classify the 172.16.0.0–172.31.255.255 range as private — allowing an attacker to point a domain to an internal IP and have Firecrawl fetch it:

1agent.on("connect", (_, targets) => { 2 const client: undici.Client = targets.slice(-1)[0] as undici.Client; 3 ... 4 if (socket.remoteAddress) { 5 if ( 6 socket.remoteFamily === "IPv4" 7 ? isIPv4Private(socket.remoteAddress!) 8 : isIPv6Private(socket.remoteAddress!) 9 ) { 10 socket.destroy(new InsecureConnectionError()); 11 } 12 } 13});

For an IP like 172.16.0.5, isIPv4Private() incorrectly returned false, so the HTTP request went through unchecked. In Daytona, we utilized these tools to find a critical authentication bypass that allowed users to easily access other users' sandboxes. The proxy was caching auth key validity using only the auth key as the cache key — without binding it to the sandbox ID. This meant a valid key for one sandbox would be accepted as valid for any other:

1// Before fix — cache key was just the auth key, shared across all sandboxes 2has, err := p.sandboxAuthKeyValidCache.Has(ctx, authKey) 3... 4return p.sandboxAuthKeyValidCache.Get(ctx, authKey) 5... 6err = p.sandboxAuthKeyValidCache.Set(ctx, authKey, isValid, 2*time.Minute) 7 8// After fix — cache key includes sandbox ID 9cacheKey := fmt.Sprintf("%s:%s", sandboxId, authKey) 10has, err := p.sandboxAuthKeyValidCache.Has(ctx, cacheKey)

The dangerous part of this AI evolution isn't that models have magically invented a new category of software vulnerabilities. The reality is that the influx of AI coding assistants is simply multiplying existing code security problems and increasing codebase complexity.

What makes these models a massive threat is purely economic. The tedious, expensive "annoying middle" of exploit development—like reproducing crashes, navigating dead ends, compiling primitives, and chaining exploits—is suddenly becoming cheap and automated. Security defenses that rely on the assumption that exploiting a bug is too time-consuming for a human are collapsing because an AI agent has infinite patience. So, before we treat the latest AI model as a sci-fi hacking novelty, we need to accept that AI-assisted vulnerability discovery is already a mature threat landscape, and we have been navigating it for quite some time.

Software Security Becomes a National Threat

We need to stop pretending this is just a developer tooling issue. Software security has rapidly escalated into a full-blown national security crisis. The latest data proves that the capabilities we are using to secure code are actively being weaponized by hostile nation-states to tear it apart.

According to the CrowdStrike 2026 Global Threat Report3, we are officially operating in the "agentic era" of cyber warfare, marked by an astonishing 89% year-over-year increase in attacks by AI-enabled adversaries. This is not hypothetical. State-sponsored threat actors are using AI to dramatically compress the time between when a vulnerability is disclosed and when it is exploited.

The CrowdStrike report highlights that China-nexus targeted intrusion activity increased by 38% overall in 2025, with these actors consistently prioritizing the exploitation of network perimeter devices like firewalls and VPNs. From a national security perspective, the threat is existential. The foundational premise of modern defense—that finding and exploiting complex vulnerabilities in critical infrastructure takes significant human time, giving defenders a window to patch—is dead. As AI eliminates the friction of exploit development, adversarial nation-states now have the infinite patience and automated capacity required to dismantle our digital perimeters.

What Bad Guys Do With Your Code

To understand the severity of this shift, look at what happens when corporate source code is compromised. Take the recent supply chain attack linked to the Trivy vulnerability scanner4, where threat actors breached Cisco's development environment and cloned over 300 GitHub repositories containing proprietary source code and AI-powered products.

What bad guys do with your code once they steal it is no longer a manual, labor-intensive review process. They immediately feed your proprietary repositories into Large Language Models to map your architecture, understand your trust boundaries, and automatically hunt for the hidden zero-days and business logic flaws you missed. Armed with AI acceleration, they are weaponizing newly disclosed vulnerabilities in mere days—in some cases, operationalizing exploits just two days after public proof-of-concept. Meanwhile, North Korean (DPRK-nexus) actors like FAMOUS CHOLLIMA are extensively using AI to scale fraudulent employment schemes and devastating supply chain attacks, resulting in billions of dollars in stolen assets.

Crucially, they are not relying on safety-filtered Western AI models to do this. Threat actors are actively leveraging Chinese LLMs to find security issues and automate their intrusions. We are already seeing this behavior documented in the wild. The CrowdStrike report reveals that the Russian-nexus adversary FANCY BEAR deployed a novel malware family called LAMEHUG that specifically leverages the Hugging Face API to interact with Qwen2.5-Coder-32B-Instruct—a highly capable Chinese LLM. They are using these models to dynamically generate commands, conduct automated reconnaissance, and process stolen data without triggering the safety guardrails built into commercial models like ChatGPT or Claude.

When state-sponsored hackers get their hands on your source code, they now possess the automated, AI-driven engines required to ingest it, find the exact primitives needed for an attack, and chain them together into weaponized exploits. The bad guys have industrialized vulnerability discovery using foreign AI—and if our defensive posture doesn't adapt to this reality immediately, we have already lost.

So, what can you actually do about it?

If security through friction is dead, defenders need to adapt to machine speed. The first and most crucial step is to aggressively scan your codebases and patch vulnerabilities before the adversaries do. Hard barriers like fast patching are among the few defensive strategies that will age well against attackers with infinite AI patience.

However, finding these complex flaws requires fighting AI with AI. To match the capabilities of state-sponsored actors, your defensive strategy must include many different types of models from different providers. Relying on a single tool or a single safety-filtered model is not enough; you need to leverage the diverse reasoning capabilities of multiple frontier models to cross-reference and validate findings.

Fortunately, you do not have to build this infrastructure from scratch: you can use VIDOC to do exactly that. At Vidoc Security Lab, our platform is specifically designed to use multiple LLMs to secure both human-written and AI-generated code. By understanding the broader system-wide context, VIDOC eliminates the overwhelming noise of false positives and provides the automated, multi-model engine you need to discover and fix complex vulnerabilities before they become a national security incident.

References

Footnotes

  1. Moczadło, D. (2026, April 7). Claude Mythos Is a Backlog Visibility Warning for Enterprise Security Teams. Vidoc Security Lab Blog. https://blog.vidocsecurity.com/blog/project-glasswing-is-the-real-claude-mythos-story

  2. Zhou, X., Cao, S., Sun, X., & Lo, D. (2024). Large Language Model for Vulnerability Detection and Repair: Literature Review and the Road Ahead. arXiv:2404.02525. https://arxiv.org/abs/2404.02525

  3. CrowdStrike. (2026). 2026 Global Threat Report. CrowdStrike Inc. https://go.crowdstrike.com/2026-global-threat-report.html

  4. Abrams, L. (2026, March 31). Cisco source code stolen in Trivy-linked dev environment breach. BleepingComputer. https://www.bleepingcomputer.com/news/security/cisco-source-code-stolen-in-trivy-linked-dev-environment-breach/

Share:

Ready to secure your application?

Vidoc finds and fixes vulnerabilities in real-time.
Ship secure applications faster.

Try VIDOC

More articles

Explore insights, trends, and tips to stay ahead in cybersecurity.

April 7, 2026 (3d ago)

Claude Mythos Is a Backlog Visibility Warning for Enterprise Security Teams

Vidoc's take on Claude Mythos: large software organizations already sit on more unknown issues than current AppSec workflows can realistically discover and validate.

April 2, 2026 (8d ago)

We Analyzed the Leaked Claude Code Source: Here's What Anthropic Secured (and What They Didn't)

Anthropic accidentally leaked Claude Code's source. We read it so you don't have to: strong controls around the agent itself, but the software it writes is mostly left to the model's judgment. Full breakdown.

October 24, 2025 (5mo ago)

How we helped make Lovable more secure

A technical deep-dive into exploiting Firebase Auth emulator configuration via cookie injection, mixed-content bypasses, and subdomain trust boundaries - and how VIDOC helped Lovable secure their platform.