The "patch gap" is shrinking to hours
We used to have a luxury in cybersecurity: time. When a vendor released a security patch, defenders typically had weeks or even months to roll it out before attackers could weaponize the fix.
That buffer is evaporating.
Most real-world damage comes from "N-day" vulnerabilities—bugs that are publicly known but remain unpatched on many systems. Traditionally, finding these required slow, specialized reverse-engineering to "patch diff" the code and find the vulnerability.
New research from Anthropic suggests that frontier models have effectively broken that bottleneck. Using their Claude Mythos Preview model, researchers found it could autonomously turn patches into weapons with startling speed.
In testing, the model built 8 working code-execution exploits from 18 recent Firefox security patches. It was even more effective against closed-source targets: on 21 Windows kernel patches, it produced 8 full exploit chains that escalated low-privilege users to full `SYSTEM` control.
The most unsettling part isn't just the capability, but the economics. An attacker can now potentially turn a month’s worth of patches into working exploits in a single afternoon for a few thousand dollars in API credits. We are moving from an era of "N-days" to one of "N-hours."
The window for manual patching is closing; security now depends entirely on the speed of automated deployment and a shift toward memory-safe architectures.