Cloudflare安全团队使用Anthropic的Mythos Preview对50余个内部代码库进行测试后指出,该模型的突破性在于其自主“漏洞链”能力:能自动串联多个常被忽略的低危漏洞,独立编写、编译、运行并迭代出可工作的概念验证攻击代码,实现了从“扫描工具”到“安全研究员”的跨越。测试同时警示,应对更强大的攻击性AI,仅追求“更快打补丁”并非正确答案——若架构脆弱或回归测试不足,过快的修复反而可能引入新风险。关键在于重构漏洞周边的系统架构。
Cloudflare pointed Anthropic's Mythos Preview at 50+ of their own repos.
They call it a step-function forward "Mythos Preview is a real step forward, and it's worth saying that plainly before getting into anything else."
The big finding isn't the bugs it caught - It's that the model can take several low-severity vulnerabilities - the kind that sit invisible in backlogs - and chain them into a single working exploit. Write the proof-of-concept. Compile it. Run it. Adjust when it fails. Try again.
That loop is what separates a scanner from a researcher.
The other finding security teams should pay attention to: "patching faster" is the wrong response. If your regression testing takes a day, a two-hour SLA just means you ship broken fixes. The architecture around the vulnerability matters more than the speed of the patch.