【中英双语】当AI学会自己找漏洞:Claude Mythos如何改写网络安全攻防规则

📋 技术热点 / Tech Spotlight

On April 7, 2026, Anthropic unveiled Claude Mythos Preview — a frontier AI model so powerful that the company deemed it too dangerous for public release. What set Mythos apart was not just another incremental benchmark improvement: it was the model’s emergent ability to autonomously discover, exploit, and chain zero-day vulnerabilities across virtually every major operating system and browser, accomplishing in hours what elite human red teams might spend months on.

2026年4月7日，Anthropic发布了Claude Mythos Preview——一款强大到公司认为公开风险过高的前沿AI模型。让Mythos与众不同的不是又一个渐进式的基准测试提升，而是它涌现出的自主发现、利用和串联零日漏洞的能力，覆盖几乎所有主流操作系统和浏览器，几小时内完成了精英人类红队可能需要数月才能完成的工作。

In internal testing, Mythos independently found thousands of previously unknown vulnerabilities, including a 27-year-old remote crash bug in OpenBSD — an operating system renowned for its security-first philosophy — and a 16-year-old flaw in FFmpeg that had survived over five million automated scans without detection.

在内部测试中，Mythos独立发现了数千个此前未知的漏洞，包括OpenBSD中一个存在27年的远程崩溃漏洞——OpenBSD是以安全优先著称的操作系统——以及FFmpeg中一个存在16年、经受了超过500万次自动化扫描仍未被发现的缺陷。

When Anthropic granted Mozilla access to the model for a controlled security audit, Mythos uncovered 271 security-sensitive vulnerabilities in Firefox 148, a staggering leap from the 22 found by its predecessor, Claude Opus 4.6, during the same assessment.

当Anthropic授权Mozilla使用该模型进行受控安全审计时，Mythos在Firefox 148中发现了271个安全敏感漏洞——相比其前代Claude Opus 4.6在同一评估中发现的22个，提升幅度令人震惊。

On the CyberGym exploit reproduction benchmark, Mythos achieved an 83.1% success rate, far surpassing Opus 4.6’s 66.6%. Perhaps most alarmingly, in an unassisted test against the FreeBSD kernel, Mythos completed the full attack chain — from initial vulnerability analysis through exploit construction to payload generation — in just a few hours, without any human guidance whatsoever.

在CyberGym漏洞复现基准测试中，Mythos的成功率达83.1%，远超Opus 4.6的66.6%。最令人警醒的是，在对FreeBSD内核的无辅助测试中，Mythos仅用数小时便完成了从初始漏洞分析到利用构造再到载荷生成的完整攻击链，全程无需任何人类指导。

Anthropic’s response was unprecedented: rather than releasing Mythos to the public, they launched Project Glasswing, a coalition with 12 tech giants including Amazon, Apple, Microsoft, NVIDIA, and Google, restricting access exclusively to defensive cybersecurity applications.

Anthropic的应对史无前例：他们没有将Mythos公开发布，而是联合亚马逊、苹果、微软、英伟达、谷歌等12家科技巨头启动了玻璃之翼计划（Project Glasswing），将访问权限严格限制在防御性网络安全应用场景。

The model achieved 93.9% on SWE-bench Verified and 97.6% on USAMO 2026, yet its cybersecurity capabilities are what truly set it apart — and what terrified Anthropic enough to keep it locked down. The irony is sharp: an AI so good at finding security holes that releasing it would itself be a security hole.

该模型在SWE-bench Verified上取得93.9%、USAMO 2026上达到97.6%，但真正令其脱颖而出——也足以让Anthropic将其锁死——的，是其网络安全能力。讽刺的是：一个如此擅长发现安全漏洞的AI，发布它本身就成了一个安全漏洞。

📊 深度解读 / In-Depth Analysis

The Claude Mythos phenomenon represents a fundamental paradigm shift in cybersecurity — from “humans leveraging AI tools” to “AI agents operating as autonomous offensive actors.” This transition has three critical dimensions that security professionals must grapple with.

Claude Mythos现象代表了网络安全领域一次根本性的范式转变——从人类借助AI工具到AI智能体作为自主攻击者。这一转变具有安全从业者必须面对的三个关键维度。

First, the speed asymmetry is staggering. Traditional vulnerability discovery relies on human researchers combining intuition, experience, and tooling — a process that typically takes weeks or months. Mythos compresses this to hours. When a model can autonomously analyze a codebase, identify a novel vulnerability, write a working exploit, and chain it into a multi-stage attack — all without human intervention — the defensive timeline collapses. Organizations that once had a 90-day window to patch discovered vulnerabilities may now face zero-day exploitation within hours of a model being pointed at their systems. Consider the real-world impact: the Axios library vulnerability CVE-2026-40175 (CVSS 10.0) demonstrated how a single flaw in a widely-used JavaScript library could enable zero-interaction cloud metadata hijacking. Now imagine an AI discovering dozens of such vulnerabilities simultaneously across your entire software stack — that is no longer hypothetical.

首先是速度不对称性令人震惊。传统的漏洞发现依赖研究人员将直觉、经验和工具相结合——这个过程通常需要数周或数月。Mythos将其压缩到了小时级别。当一个模型能够自主分析代码库、识别新型漏洞、编写可用的利用程序，并将其串联为多阶段攻击——全部无需人工干预——防御时间线就崩溃了。曾经拥有90天补丁窗口期的组织，现在可能在模型指向其系统的数小时内就面临零日攻击。考虑现实影响：Axios库漏洞CVE-2026-40175（CVSS 10.0）演示了一个广泛使用的JavaScript库中的单一缺陷如何实现零交互云元数据劫持。现在想象一个AI同时在你整个软件栈中发现数十个此类漏洞——这不再是假设。

Second, the depth of discovery defies conventional assumptions. The 27-year-old OpenBSD bug and the 16-year-old FFmpeg flaw that survived five million scans prove that Mythos is not just faster — it perceives patterns that existing fuzzing and static analysis tools fundamentally cannot detect. The model’s 97.6% exploit success rate on known JavaScript engine vulnerabilities suggests it has developed a near-complete mental model of how memory corruption, type confusion, and logic errors manifest in real codebases. This is not brute-force scanning; it is reasoning about code the way a senior security researcher would — but at superhuman speed and scale.

其次是发现的深度颠覆了传统假设。存在27年的OpenBSD漏洞和经受了500万次扫描仍未被发现的16年FFmpeg缺陷证明，Mythos不仅更快——它能感知现有模糊测试和静态分析工具根本无法检测到的模式。该模型在已知JavaScript引擎漏洞上97.6%的利用成功率表明，它已经构建了一个近乎完整的心理模型，理解内存损坏、类型混淆和逻辑错误在真实代码库中如何表现。这不是暴力扫描；这是以资深安全研究者的方式推理代码——但以超人类的速度和规模。

Third, the dual-use dilemma has become existential. Anthropic’s decision to restrict Mythos to 12 partners under Project Glasswing acknowledges that the same capability that helps Mozilla patch 271 Firefox bugs could, in different hands, weaponize those vulnerabilities before patches even exist. The U.S. Federal Reserve reportedly convened an emergency meeting with major bank CEOs specifically to discuss Mythos-level AI threats to financial infrastructure. The emerging consensus across the industry: defensive AI must match offensive AI in speed and capability — the era of “agent versus agent” cybersecurity has definitively arrived. Organizations that fail to deploy AI-driven vulnerability detection, automated patching, and runtime self-protection will find themselves permanently on the wrong side of the asymmetry, defending with human-speed responses against machine-speed attacks. The question is no longer whether AI will transform cybersecurity, but whether your organization will adapt fast enough to survive the transformation.

第三是双用途困境已变成存亡问题。Anthropic将Mythos限制在玻璃之翼计划下12家合作伙伴的决定承认，帮助Mozilla修复271个Firefox漏洞的能力，在其他人手中可能在补丁存在之前就将这些漏洞武器化。据报道，美国联邦储备委员会紧急召集主要银行CEO开会，专门讨论Mythos级别的AI威胁对金融基础设施的影响。业界新兴共识是：防御性AI必须在速度和能力上匹配进攻性AI——智能体对智能体的网络安全时代已经确凿到来。未能部署AI驱动漏洞检测、自动化补丁和运行时自我保护的组织将发现自己永远处于不对称的错误一方，以人类速度的响应对抗机器速度的攻击。问题不再是AI是否会改变网络安全，而是你的组织能否足够快地适应以在这场变革中存活。

💼 职场应用 / Workplace Application

For IT professionals, the Mythos era demands a new vocabulary and mindset around security. Here is how these conversations sound in real teams.

对于IT从业者而言，Mythos时代要求围绕安全建立新的词汇体系和思维方式。以下是真实团队中这类对话的方式。

During an incident response briefing: “We need to assume adversarial AI can map our entire attack surface in under four hours. Our current 72-hour vulnerability triage SLA is obsolete — we need automated detection with sub-hour response and runtime self-protection as our baseline.”

在事件响应简报中：“我们需要假设对抗性AI能在四小时内映射我们整个攻击面。我们当前72小时的漏洞分拣SLA已经过时——我们需要亚小时级响应的自动化检测和运行时自我保护作为基线。”

In an architecture review: “The Mythos findings prove that traditional fuzzing alone is not enough anymore. We should integrate LLM-assisted code audit into our CI/CD pipeline — if the attackers have AI that can chain exploits, our defenders need AI that can chain mitigations.”

在架构评审中：“Mythos的发现证明仅靠传统模糊测试已经不够了。我们应该将LLM辅助代码审计集成到CI/CD流水线中——如果攻击者拥有能串联利用的AI，我们的防御者就需要能串联缓解措施的AI。”

Discussing vendor risk management: “With AI-driven zero-day discovery, we cannot rely on vendor patch cycles anymore. We need virtual patching at the WAF level and runtime application self-protection (RASP) as standard controls across all production services.”

讨论供应商风险管理时：“有了AI驱动的零日发现，我们不能再依赖供应商的补丁周期了。我们需要WAF层的虚拟补丁和运行时应用自我保护（RASP）作为所有生产服务的标准控制措施。”

In a board-level security update: “The industry is shifting from ‘human-speed defense’ to ‘machine-speed defense.’ Our investment in AI-powered vulnerability scanning is not optional anymore — it is the minimum viable defense posture against autonomous offensive AI. The cost of inaction is not a breach; it is systematic vulnerability exposure at a scale we have never seen.”

在董事会级别的安全更新中：“行业正在从人类速度防御转向机器速度防御。我们在AI驱动漏洞扫描上的投资不再是可选的——这是对抗自主攻击性AI的最低可行防御姿态。不作为的代价不是一次入侵；而是我们从未见过规模的系统性漏洞暴露。”

And when a junior engineer asks the obvious question: “So we are basically in an arms race with AI now?” — the honest answer is: “Yes, and the side without AI does not get to compete.”

当初级工程师问出那个显而易见的问题：“所以我们现在基本上是在跟AI搞军备竞赛？”——诚实的回答是：“是的，没有AI的那一方连参赛资格都没有。”

The key takeaway for career growth: security conversations are moving from reactive patch management to proactive AI-assisted threat hunting, and professionals who can articulate this shift clearly in English will stand out in global security teams. Whether you are writing incident reports, presenting to leadership, or collaborating with international vendors, the ability to frame AI-driven security challenges with precision is becoming as critical as the technical skills themselves.

职业发展的关键要点：安全对话正从被动补丁管理转向主动AI辅助威胁狩猎，能够用英语清晰表达这一转变的专业人士将在全球安全团队中脱颖而出。无论你是撰写事件报告、向领导层汇报，还是与国际供应商协作，精准表述AI驱动安全挑战的能力正变得与技术技能本身同样关键。

💡 词汇加油站 / Vocabulary Hub

固定短语 Fixed Phrases

高级词汇 Advanced Vocabulary

地道表达 Natural Expressions