Imagine a bridge that millions of people have crossed safely for nearly thirty years. Engineers inspected it again and again. Everyone agreed it was one of the safest bridges ever built. Then one day a new inspector walks up, looks for a few minutes, and points to a tiny crack everyone had missed - a crack that could have brought the whole thing down.
Something very much like that happened in the world of computers this year. Except the "bridge" was a piece of software, and the inspector was not a person at all. It was an artificial intelligence program called Mythos, built by the AI company Anthropic.
What It Found
Mythos was given a simple-sounding job: read through some of the world's most important software - the invisible code that quietly runs our phones, banks, hospitals and power supplies - and look for weak spots. In just a few weeks, it found thousands of them. Dangers nobody knew were there.
One discovery was remarkable. It was in a system trusted for decades to protect sensitive computers. The weak spot had been sitting there, unnoticed, since 1999. Someone who knew about it could have crashed those machines from anywhere in the world. Experts had checked that code for twenty-seven years and never spotted it. The machine found it on its own.
It also found a flaw in the software that plays videos on countless apps - a flaw that automatic safety checks had run past five million times without ever noticing.
Why This Matters to Ordinary People
We tend to assume the "boring" old software humming behind a banking app or a hospital's records must be safe, simply because it is old and has been used for years. Mythos showed that this assumption can be wrong. Age is not the same as safety.
The reassuring part: every weakness the machine found was quietly passed to the people who make that software, and fixed, before anyone could misuse it.
But the bigger lesson is hard to ignore. For the first time, a machine can find hidden dangers in software faster than humans can. Whether that turns out to be good news or bad news depends entirely on one thing - who is holding the machine. And that is a story in itself.
What Mythos Actually Found, and Where
We have covered the why. Now the what: the real, named discoveries the AI made, point by point, and why each one stopped experts in their tracks. Four headline findings - and every one was patched before the details were ever revealed.
Finding 01: A flaw hidden in OpenBSD since 1999
Where: OpenBSD, an operating system trusted to run firewalls and critical systems.
OpenBSD has a reputation as one of the most carefully hand-checked systems in the world. Mythos found a weakness in it that had gone unnoticed for 27 years. The danger was serious in the simplest way: an attacker could crash any machine running it just by connecting to it - no password, no trick, just a connection. Decades of expert eyes had missed it. The AI did not.
Finding 02: A 16-year-old bug in the world's video software
Where: FFmpeg, the engine that plays and processes video inside countless apps.
If you have watched a video online, FFmpeg was probably involved somewhere. Mythos found a flaw that had been sitting in it for 16 years - on a single line of code that automatic testing tools had run past roughly five million times without ever flagging. This is the example that unsettles engineers most: the safety nets we trust had checked that exact spot millions of times and saw nothing.
Finding 03: Breaking into Linux by joining small cracks together
Where: The Linux kernel, the core software running most of the world's servers.
This one shows a different kind of skill. Instead of one big flaw, Mythos found several smaller weaknesses and chained them together - using one to reach the next - to climb from an ordinary user account all the way up to complete control of the machine. It did this on its own, without a human guiding each step. Stringing separate bugs into a single break-in is exactly the kind of patient, creative work that used to require an expert human.
Finding 04: Thousands more, across everything
Where: Every major operating system and every major web browser.
The three cases above are the headline acts, but they sit on top of a much larger pile. In just a few weeks, Mythos surfaced thousands of previously unknown weaknesses - many of them serious - spread across every major operating system and web browser, plus a range of other important software. Not edge cases in forgotten code: the everyday tools billions of people rely on.
How Good Is That, Really?
On an industry test that measures finding and reproducing real security flaws, Mythos scored about 83 percent, against roughly 67 percent for Anthropic's next-best model. In plain terms: a clear jump, not a small nudge - which is precisely why the reaction has been less "neat demo" and more "we need to think carefully about this." The flaws were not in sloppy code. They were in some of the most reviewed, most tested software ever written.
The One Detail That Should Reassure You
Every weakness described here was quietly reported to the people who make that software and fixed before any of it was made public. For other findings not yet patched, Anthropic published only a sealed "fingerprint" proving the discovery, holding back the specifics until a repair is in place. Find it, fix it, then talk about it - in that order. That sequence is the whole reason these discoveries are a story about safety rather than a story about the next big breach.
It also points to where things are heading for every business that runs software. The same kind of AI that found a 27-year-old flaw can now be pointed at your own systems - by you, on your side, before someone less friendly gets there first. That is the shift worth paying attention to.
At Logic Providers, we build and maintain software with security treated as part of the job, not an afterthought - and we keep a close eye on how AI is changing both the threats and the defenses. If you want an honest review of where your own systems stand, we are happy to take a look.