NGA911
Home
About
Solutions
Resources
Careers
Contact
FAQ
Privacy
Contact Us
© 2024. All rights reserved.

AI Can Now Find and Exploit Vulnerabilities in Hours. Legacy 911 Systems Aren't Ready.

Posted on May 06, 2026

Anthropic just dropped one of the most important cybersecurity disclosures in recent memory, and most businesses haven't heard about it yet.

Their latest AI model, Claude Mythos Preview, can find and exploit zero-day vulnerabilities (previously unknown security flaws) in every major operating system and every major web browser. Not theoretically. Not in a lab. In real, fully patched production software.

This isn't a future threat. It's happening now.

What Anthropic Found

In a detailed report published by Anthropic's red team, researchers revealed that Mythos Preview can:

  • Discover zero-day vulnerabilities in operating systems, browsers, media libraries, cryptography tools, and network protocols, many of which had gone undetected for over a decade
  • Autonomously build working exploits from those vulnerabilities, including full remote code execution attacks, without any human guidance after the initial prompt
  • Chain multiple vulnerabilities together to bypass layered security defenses like kernel address randomization, browser sandboxes, and privilege boundaries
  • Enable non-experts to develop sophisticated attacks far faster than was previously possible

One example: Mythos Preview found and exploited a 17-year-old vulnerability in FreeBSD's NFS server that grants full root access to an unauthenticated attacker, anywhere on the internet. The entire process, from discovery through working exploit, was fully autonomous.

Another: it identified a 27-year-old bug in OpenBSD's TCP implementation, an operating system built specifically for security. It also found a 16-year-old flaw in FFmpeg's H.264 codec that had survived every fuzzer and human code review for over a decade.

The model didn't just find bugs. It wrote browser exploits that chained four vulnerabilities together, escaping both renderer and OS sandboxes. It built Linux kernel privilege escalation chains using three and four separate vulnerabilities. It found weaknesses in production cryptography libraries affecting TLS, AES-GCM, and SSH.

Anthropic's own prior model had a near-zero success rate at autonomous exploit development. Mythos Preview succeeded 181 times on a benchmark where its predecessor managed two.

Why This Changes the Threat Landscape

The key takeaway: AI just made attackers dramatically faster.

Previously, finding and exploiting a zero-day vulnerability required deep expertise and weeks or months of manual work. Now, an AI model can do it overnight, at scale, for under $50 per vulnerability in some cases.

This doesn't just affect tech companies. It affects any organization running software, which is every organization. Critical infrastructure, healthcare, financial services, public safety systems, and government agencies are all in the crosshairs.

What the NGA911 CEO Says About It

Don Ferguson, CEO of NGA911, weighed in on what Mythos means for public safety infrastructure specifically. NGA911's NEXiS platform is a cloud-native Next Generation 911 system built on AWS, combining NEXiSCore for intelligent routing, ESInet for secure emergency network transport, and NEXiS Intelligence for AI-driven decision support.

His analysis is direct: legacy on-premises systems are structurally exposed to this new class of AI-driven threats, and cloud-native architecture is the strongest defensive posture available.

Legacy On-Prem Systems Are Sitting Ducks

"Legacy systems are disadvantaged because they are often older, hardware-bound, manually patched, and inconsistently monitored. Mythos-style attacks specifically increase the risk that long-dormant vulnerabilities in operating systems, network services, media libraries, SIP components, browsers, and remote access tools can be found and weaponized quickly."

In a fragmented on-prem environment, every site becomes its own perimeter to defend. Patching is slower, visibility is uneven, and a single weak node can become the entry point for an entire network compromise.

Cloud-Native Architecture Changes the Math

"AI makes attackers faster; cloud makes defenders faster."

NGA's platform, built around NEXiSCore and ESInet running on AWS, addresses the core problem: operational speed. When attackers are using AI to discover and exploit vulnerabilities faster than ever before, the only viable defense is the ability to respond just as fast.

Ferguson highlights how NGA's platform architecture strengthens the defensive posture:

  • NEXiSCore provides centralized visibility and patching across the entire platform, eliminating the fragmented site-by-site upgrade model
  • NEXiS Intelligence deploys AI agents across four tiers (interaction, operational, infrastructure, and governance) that continuously monitor for threats, optimize routing, and enforce compliance in real time
  • ESInet, NGA's private emergency network, provides a dedicated and resilient IP transport layer with built-in DDoS protection and hyperscale security through AWS Shield
  • Workload isolation through the AWS Nitro System limits lateral movement when attackers try to chain vulnerabilities across the NEXiS platform
  • Zero Trust architecture with segmentation, least-privilege access, encryption, and fault isolation reduces the blast radius of any single compromise

The Bottom Line From NGA911

"Mythos represents a new class of AI-amplified cyber risk. Legacy on-prem 911 systems are structurally exposed because they are fragmented, manually operated, slower to patch, and harder to monitor consistently. NGA's cloud-native AWS model is better positioned because it combines hyperscale infrastructure security, continuous monitoring, centralized control, automated response, encryption, identity-based access, and fault isolation. Exactly the capabilities needed when attackers are using AI to find and exploit vulnerabilities faster than traditional operating models can respond."

What This Means for Every Business

You don't have to be running 911 systems for this to matter. The same principles apply across every industry:

  1. Patch faster than ever. AI-driven exploit development means the window between vulnerability disclosure and active exploitation is shrinking from weeks to hours. Automated, centralized patch management is no longer optional.
  2. Assume breach, design for containment. Defense-in-depth strategies that create friction but not hard barriers are losing effectiveness against AI-assisted attackers. Focus on isolation, segmentation, and least-privilege access.
  3. Move critical workloads to managed cloud infrastructure. Hyperscale providers invest billions in security infrastructure that no individual organization can match. That gap is about to matter a lot more.
  4. Monitor continuously. Manual, periodic security reviews can't keep pace with AI-accelerated threats. Automated detection and response is essential.
  5. Audit your legacy systems. If you're running software that hasn't been updated in years, on hardware you manage yourself, with patching that depends on manual processes, you now have a significantly larger attack surface than you did a month ago.

The Silver Lining

Anthropic isn't releasing Mythos Preview broadly. They've launched Project Glasswing, providing the model to critical industry partners and open-source developers first, so defenders can start securing the most important systems before similar capabilities become widely available.

The long-term outlook is actually positive: AI will eventually benefit defenders more than attackers. But only for organizations that modernize their security posture now. The transitional period, where attackers get faster before defenders catch up, is the danger zone.

The organizations that will come through it strongest are the ones acting today.