The Maritime Market Is No Exception to AI Hacking (1/3) : What Is Claude Mythos & How It Works
This Part 1 is written to be accessible without a security background. What is Anthropic, what are Claude tiers, what is an exploit — all explained within the text. Parts 2 and 3 build on this foundation to cover specific threats to maritime OT environments and practical response methodologies.
Prologue
The ship never saw it coming.
CrowdStrike's 2026 Global Threat Report documented an 89% year-over-year surge in AI-driven cyberattacks in 2025. Operation HookedWing ran for four years and compromised more than 500 organizations using nearly unchanged tactics throughout. Those attacks succeeded not through technical sophistication, but through patience and precision.
That was before Mythos. Mythos-class capability makes these attacks cheaper and faster — and extends them to organizations that already know about their vulnerabilities but have not acted on them.
This is not a 2030 threat scenario. This happened in April 2026.
No phishing email. No insider threat. No attack kit purchased from the dark web. Just a model — reading thousands of lines of code per second, chaining four vulnerabilities, and breaking through defenses that engineers had hardened over years. Without any additional human instruction.
1. What You Need to Know First — Anthropic and Claude
Anthropic is an AI safety research company founded in 2021 by former OpenAI researchers, headquartered in San Francisco and backed by Amazon and Google. If OpenAI is the company behind ChatGPT, Anthropic is the company behind Claude.
Claude is Anthropic's AI model brand, available in three tiers:
- Claude Haiku — fast and lightweight; optimized for simple, repetitive tasks
- Claude Sonnet — balanced speed and performance; the general-purpose workhorse
- Claude Opus — the strongest reasoning and coding capability; built for complex analysis and software development
Above all three tiers, a new model appeared on April 8, 2026: Claude Mythos. One tier above Opus — the most powerful frontier model Anthropic has ever built. A frontier model is the industry term for an AI at the absolute technical leading edge of what is currently possible.
2. Why Was Mythos Created?
Anthropic's original goal was not to build a cyberattack tool. The aim was the ultimate software engineer AI — capable of autonomous coding, long-running agent tasks, and cybersecurity analysis that would dramatically increase developer productivity.
The problem was that it worked too well. The very same breakthroughs engineered for productive software work also made Mythos a powerful engine for discovering and exploiting vulnerabilities.
A model capable of finding and fixing complex vulnerabilities is equally capable of finding and weaponizing them. There is no clean technical boundary between the two — it is the same underlying capability, applied in different directions.
Anthropic decided not to release Mythos through a public API. Instead, they structured Project Glasswing — restricted access only to verified partners. For the first time, an AI company publicly declared: "this model is too dangerous to release."
3. A Brief Glossary — What Is an Exploit?
Software contains design or implementation flaws called vulnerabilities. A vulnerability on its own is usually harmless — a hidden weakness in code, sometimes sitting undetected for years or decades.
An exploit is the code or technique that turns that weakness into a weapon. If a vulnerability is a flaw hidden in a lock, an exploit is the method — implemented in code — that uses that flaw to open the door.
Developing an exploit traditionally required highly skilled human security researchers. Finding a vulnerability, confirming it is exploitable, and completing a working attack was precision work that took days to weeks. Mythos performed this entire process autonomously, at scale.
Exists silently in code
for years — even decades.
Harmless on its own.
to open the door.
The weapon itself.
The attack in action.
4. How It Works — The Autonomous Attack Pipeline
How AI security tools worked before
Until 2024, AI security tools were strictly assistive. Every step required human guidance:
AI: "There is an unusual pattern here."
Researcher: "Can this actually be exploited?"
AI: "Possibly. These conditions would need to be met."
Researcher: "Write code that satisfies those conditions."
AI: "Here is a draft."
Researcher: "It didn't work in testing. Why?"
… [repeat 10–50 times over days]
The human was always in the loop. The AI answered each question; the human decided every next step.
What makes Mythos different — the concept of sub-goals
Mythos sets its own sub-goals, chains exploits, and when one path is blocked, pivots to another attack vector autonomously. Failure is not a stopping point — it becomes the starting point for the next attempt. The initial instruction given to Mythos is a single line:
From that, Mythos breaks the goal into sub-tasks without any further human input:
[Sub-goal 1] Map codebase structure
→ What language? Where does network input first arrive?
[Sub-goal 2] Identify vulnerability candidates
→ Unvalidated input handling? Unchecked memory bounds? Outdated libraries?
[Sub-goal 3] Validate exploitability
→ Can the trigger condition be created externally, without authentication?
[Sub-goal 4] Complete working exploit code
→ Build packet → design payload → test → analyze failure → retry
Critically — failure at any sub-goal does not stop the process. If one path is blocked, Mythos analyzes the failure and designs a new approach.
When attacking a FreeBSD NFS server, Mythos' initial approach failed. It self-analyzed: "this path is blocked because I don't know the kernel memory address." It then reverse-engineered NFSv4 protocol exchange calls to read the kernel address — a workaround it devised autonomously. The result was a 20-step Return-Oriented Programming (ROP) chain exploit.
A ROP chain strings together legitimate code fragments already present in the system to produce unintended malicious behavior — a technique traditionally achievable only by expert-level security researchers.
What makes this fundamentally different is scale. Thousands of Mythos instances can analyze different codebases simultaneously, 24 hours a day, without fatigue — with the same precision at 3am as at noon.
5. Performance in Numbers — Opus vs Mythos
The numbers tell this story most honestly.
success rate (AISI)
network simulation
for same simulation
Using the Firefox JavaScript engine as a benchmark, Anthropic compared both models under identical conditions. Claude Opus 4.6 produced approximately 2 autonomous exploits across hundreds of attempts — effectively zero. Mythos produced 181 working exploits in the same conditions, including a 20-step ROP chain targeting FreeBSD and a browser sandbox escape chaining four vulnerabilities.
In an independent evaluation by the UK AI Security Institute (AISI), Mythos Preview solved expert-level CTF challenges at a 73% success rate — a threshold no previous model had reached. It also became the first AI to complete a 32-step enterprise network penetration simulation from start to finish; a task that takes human experts approximately 20 hours.
CTF (Capture the Flag) is a security competition format where participants attack intentionally vulnerable systems to extract hidden information — one of the most reliable benchmarks of real-world offensive security skill.
6. Vulnerabilities Discovered
These are representative findings from Mythos' autonomous analysis:
A 17-year-old unauthenticated remote code execution vulnerability. Anyone with network access could gain full administrative control of the system with no credentials required.
A 27-year-old flaw in OpenBSD's TCP implementation — an operating system widely regarded as one of the most security-hardened in existence.
A chain of four separate vulnerabilities that escapes both the renderer sandbox and the OS sandbox simultaneously — built and completed autonomously without human direction.
All had been sitting silently in code for years, reviewed countless times by experts without detection. According to analysis by ArmorCode, more than 99% of the vulnerabilities Mythos discovered remain unpatched, most have not been publicly disclosed, and none are listed in any CVE database.
CVE (Common Vulnerabilities and Exposures) is the global registry of officially identified software vulnerabilities — the standard reference for deciding what to patch first. Mythos' findings are not in it. They are, by definition, outside the reach of conventional defense tooling.
7. The Economics Have Collapsed
For a long time, the security world operated with a functional equilibrium: finding a zero-day and weaponizing it required expert personnel, significant time, and the willingness to bear the cost. That constraint defined the economics of attack and gave defenders a narrow but real window to respond.
The cost figures disclosed alongside Mythos prove that equilibrium is gone.
It is now access and budget. The paradigm has shifted.
At these cost levels, the bottleneck of attack is no longer a researcher's expertise. Access to the model and budget have become the new line of defense. The problem has moved from a technical barrier to an access control problem — and that is a fundamentally different threat landscape.
8. Project Glasswing — The Logic of Restricted Release
Instead of a standard API release, Anthropic announced Project Glasswing — a consortium of 11 major technology companies — with $100 million in usage credits and $4 million in open-source security donations. Access is exclusively for defensive purposes, to verified partners only.
The structure of the announcement is itself significant: an AI company publicly declaring a model can only be provided for defensive use, under controlled access. This is unprecedented.
Mythos does not create new vulnerabilities. It reveals what was already there. Years of underinvestment in security — vulnerabilities left unpatched, systems left unaudited — are converted by Mythos-class capability from deferred maintenance into immediate, quantifiable business risk.
9. Is the Maritime Sector an Exception?
Some may think: "This is a story about IT companies. Ships and port systems are different." They are not different enough.
- Ships are increasingly connected: ECDIS, satellite communications, remote monitoring, cargo management platforms — all running on software with code that contains vulnerabilities
- Patch cycles are tied to drydock schedules, not to when vulnerabilities are discovered
- Most vessels operate without dedicated cybersecurity personnel onboard
- The vulnerabilities Mythos finds are not in CVE databases — conventional defense tooling has no visibility into them
In an environment where AI discovers unlisted vulnerabilities in real time, defense postures built around annual inspection cycles are no longer sufficient. The next article in this series addresses exactly that.
"What Mythos demonstrates is not just a technical leap — it is a structural shift in who can threaten what, and at what cost."
Until now, the cost and complexity of developing working exploits acted as a natural barrier. Nation-state actors and well-funded groups could cross it; most could not. That barrier is now substantially lower — and in some cases, the limiting factor is simply access to the right model and a budget.
For maritime — an industry where systems remain unpatched between drydock cycles and cybersecurity headcount is often zero — the exposure is real and specific. Parts 2 and 3 of this series will address what that means in practice.
When the attack economics created by Mythos meet ship OT systems, what happens? We examine the actual attack surfaces — ECDIS, propulsion control, satellite communication gateways, cargo management — and what recent AI-based threat cases mean for the shipping industry.
Read Part 2 →
Captain Paul
Writing on the intersection of maritime operations and emerging cyber threats, with a focus on helping the shipping industry understand and respond to the AI security landscape.
Comments
Post a Comment