// Alert

Claude threat report

// ClaudeMEDIUM

Anthropic disclosed on April 7, 2026 that Claude Mythos Preview autonomously discovered and exploited CVE-2026-4747, a stack buffer overflow in FreeBSD's NFS implementation allowing unauthenticated remote root access. The 17-year-old flaw was identified by the model between February and March 2026 and patched by FreeBSD on March 26, 2026 prior to disclosure. Independent researchers, including Nicholas Carlini, later reproduced the discovery using Claude Opus 4.6 and cheaper open-weight models, suggesting the capability is not unique to Mythos. The IMF and security vendors have flagged the broader risk that AI-scale vulnerability discovery may accelerate exploitation timelines and overwhelm traditional vulnerability management. The event is significant as a capability milestone for Claude rather than an active compromise of the service itself, and the underlying FreeBSD bug has been remediated.

// Get alerts for Claude