AI models are poking into code written decades ago. They're finding real, dangerous bugs.

How modern models dig through old code

Three recent developments show how quickly machine learning is getting better at understanding software at a very low level. Anthropic’s new Mythos Preview, Claude Opus 4.6 and other large language models have been used to inspect binaries, assembly and open-source libraries — not just modern source files.

These systems have moved beyond just scanning for obvious patterns. They can run scripts, call debuggers, use fuzzers and even trace commit histories to find the subtle places software breaks.

Mark Russinovich, Microsoft Azure CTO, put it plainly after feeding an Anthropic model assembly code he wrote in 1986 for the Apple II 6502 processor: the model didn’t just explain the code, it performed what he called a "security audit," surfacing dormant logic errors like missing carry-flag checks after arithmetic operations.

The key difference is that these models can reason about control flow and CPU flags, unlike classic static analyzers. Tools such as SpotBugs, CodeQL and Snyk Code still excel at catching well-known mistakes like null-pointer dereferences or injection patterns. But models that can execute small programs and reason about state are beginning to spot failures those tools miss.

What researchers actually found

Claude Opus 4.6 and Mythos Preview have each been credited with uncovering high-severity flaws that escaped usual testing. Anthropic said Mythos Preview "was able to find high-severity vulnerabilities, including some in every major operating system and web browser."

Separately, reporting on Claude shows the model autonomously uncovered more than 500 previously unknown high-severity vulnerabilities in open-source projects. The model reportedly switched between Python-based tooling, fuzzers and debuggers, and in some cases generated proof-of-concept exploits to demonstrate the flaws.

Claude went beyond finding single bugs. When fuzzing hit a dead end on a PDF processor, it pivoted to scouring a project’s Git commit history to reveal patterns that hinted at related flaws in other parts of the codebase. Logan Graham, head of Anthropic’s frontier red team, said, "The models are extremely good at this, and we expect them to get much better still."

Why defenders cheer — and attackers worry

The obvious benefit is that bugs get found and fixed. Linux Foundation CEO Jim Zemlin said maintainers of the Linux kernel — already pushed to the limit — have started experimenting with Anthropic’s tools and that the technology "just makes their lives a lot better." Those maintainers power Android, cloud servers, and the world’s top supercomputers; improved vetting could harden critical infrastructure.

Thing is, the same capabilities can be weaponized. Matthew Trifiro, a veteran go-to-market engineer, warned: "Oh, my, am I seeing this right? The attack surface just expanded to include every compiled binary ever shipped. When AI can reverse-engineer 40-year-old, obscure architectures this well, current obfuscation and security-through-obscurity approaches are essentially worthless."

Adedeji Olowe, founder of Lendsqr, added a darker spin: "This is scarier than we're letting on. Billions of legacy microcontrollers exist globally, many likely running fragile or poorly audited firmware like this." He continued, "The real implication is that bad actors can send models like Opus after them to systematically find vulnerabilities and exploit them, while many of these systems are effectively unpatchable."

Defenders now have to rush to deploy AI-powered auditing before attackers use the same methods to find exploits.

How companies are responding

Anthropic has chosen a cautious approach for its most powerful model. It announced Project Glasswing, a collaboration that limits Mythos Preview access to roughly 50 select companies and organizations. The company said it won’t release that specific model to the general public because the misuse risk is so high.

Anthropic also described engineering controls: the firm put in place six cybersecurity probes and real-time blocking to stop malicious activity during testing and red-team exercises. At the same time, Anthropic wrote that "Our eventual goal is to enable our users to safely deploy Mythos-class models at scale."

Security shops and open-source maintainers are already experimenting with controlled access. Jim Zemlin said a core group of Linux kernel maintainers are testing the new model to determine how best to leverage it — a sign that high-value projects may adopt AI-assisted reviews under strict rules.

What this means for the long tail of software

Not every piece of software is under active maintenance. That’s what makes the situation gnarly. A lot of critical systems still run on old microcontrollers or libraries that no one updates regularly. The ability of models to analyze binaries and old assembly means those systems can be probed automatically at scale.

Daniel Blackford, vice president of Threat Research at Proofpoint, tried to calm one audience: "I don't necessarily think that the average computer user needs to be fundamentally worried about this," he said. "They need to be way more worried about not giving their password away because that just happens like all day, every day."

But Blackford’s caveat doesn’t remove the supply-chain dimension. If AI helps find zero-days in widely reused libraries like PDF processors, cryptographic cards or image parsers, whole ecosystems get exposed at once.

Where responsibility will sit

Many parties now have a role: model builders, software maintainers, cloud providers and defenders. Anthropic is trying to tilt the balance toward defenders by bounding access and building safeguards. Other vendors may follow, either by restricting models or by offering hardened, monitored offerings for security teams.

Still, the choices are tricky. Restricting models slows both attackers and defenders. Open access speeds defensive research but also hands attackers powerful tools. The trade-offs are real — and fast-moving.

Practical next steps for teams

Security teams and maintainers are already doing what they can: prioritize critical components, adopt AI-assisted audits in controlled environments, and require strict operational controls around access to high-capability models. Projects that can't be patched should be inventoried and isolated where possible.

Bottom line: AI is amplifying human effort. For defenders, that’s an opportunity to fix old mistakes at scale. For attackers, it’s an accelerant.

Related Articles

"Our eventual goal is to enable our users to safely deploy Mythos-class models at scale," Anthropic wrote.