Claude Mythos raises Web3 security risk with AI RCE exploit chain

Claude Mythos (Anthropic) reportedly “broke the security model” for Web3 by enabling non-expert users to trigger a working remote code execution (RCE) exploit overnight. The article says Anthropic’s unreleased frontier model chained four vulnerabilities to escape a browser sandbox, including identifying a long-missed OpenBSD vulnerability (per an X post by “alicharts”). Key players and response: Anthropic’s Project Glasswing is presented as an emergency defence effort. A coalition including AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, NVIDIA, Palo Alto Networks, and the Linux Foundation reportedly received early access. Anthropic committed up to $100M in usage credits for defensive deployment, plus $4M to open-source security groups. Why this matters for traders: the piece argues that periodic human audits are becoming obsolete, because AI-assisted adversaries can now move faster than manual review cycles. It also links AI-assisted contract attacks to exploit revenue doubling roughly every 1.3 months (the trend is said to predate Claude Mythos being public). Related incidents cited: Moonwell DeFi reportedly lost about $1.78M in an AI-assisted coding incident; an auditor (pashov) flagged what was described as a possible first exploit tied to “vibe-coded Solidity,” where a human still signed off. Overall, Claude Mythos is framed as accelerating an AI-versus-defence race—potentially increasing near-term smart-contract risk premiums and headlines for major protocols, while pushing the market toward more automated security tooling.