AI exploit benchmarks put Mythos at the center of cyber startup strategy. New testing from Berkeley...
The AMW Read
Incremental update to known player (Anthropic) with new capability that shifts market dynamics in cybersecurity, a sub-segment of legal/compliance.
AI exploit benchmarks put Mythos at the center of cyber startup strategy. New testing from Berkeley RDI's ExploitGym benchmark shows Anthropic's Claude Mythos Preview succeeded on 157 of 898 real-world vulnerability instances, while OpenAI's GPT-5.5 succeeded on 120. The benchmark tested AI agents' ability to extend a crashing input into a working exploit across userspace programs, Google's V8 engine, and the Linux kernel. This marks a shift from vulnerability discovery to exploit generation.
Why it matters: The capability to turn bugs into working exploits changes the cybersecurity market from a bug-finding business to an exploit-production business. This updates the recurring pattern of context-engineering moat, where the value is not just model access but the validation, triage, liability, and patch workflows around it. For cybersecurity startups, the product opportunity is not a better model but the harness around it, as Palo Alto Networks' internal testing found models generating working exploits over 70% of the time with a 30% false-positive rate. The liability and disclosure questions remain open debates.
Grounded expert take: The benchmark data shows Claude Mythos Preview produced more than 10x the n-day exploits of GPT-5.5 (18 vs 1), though this figure requires verification. The broader signal is that frontier models can now reliably produce weaponizable exploits, which compresses the patch cycle and rewards startups that build trust-layer infrastructure. Enterprise buyers will prioritize vendors who can prove exploit paths, explain blast radius, and integrate into existing workflows without creating chaos.
