The Briefing RoomJune 10, 2026via The Decoder
Anthropic study shows AI needs hours, not weeks, to build exploits from security patches
Why it matters
Anthropic's research demonstrates that AI can weaponize security vulnerabilities faster than enterprises can deploy fixes, forcing a fundamental rethinking of cybersecurity patch management and creating an urgent policy/governance problem for CISOs and regulators.
Key signals
- Anthropic Mythos Preview AI built working exploits from Firefox and Windows kernel patches in hours
- Eight complete attack chains completed before Microsoft auto-updates reached any device
- Cost: thousands of dollars, no specialized knowledge required
- Implication: traditional patch cadence (weeks to months) is now obsolete
- Security governance gap identified between vulnerability disclosure and exploit development timeline
The hook
Anthropic's AI built 8 Windows exploits before Microsoft patches reached a single device. The 30-year-old patch cycle is dead.
Anthropic's security team found that its Mythos Preview AI model can turn security patches for Firefox and the Windows kernel into working exploits within hours, for a few thousand dollars and no specialized knowledge. Eight complete attack chains were finished before Microsoft's auto-updates had reached a single device. The old patch rhythm is obsolete, Anthropic argues.