In January 2026, a seventeen-year-old remote code execution vulnerability sat undiscovered in FreeBSD's NFS implementation. CVE-2026-4747 required chaining six sequential RPC requests through a stack buffer overflow in the RPCSEC_GSS authentication protocol. It had survived every human security review for nearly two decades. An AI model found it in a single run, for under fifty dollars. That was one vulnerability in one target. Across roughly a thousand open-source repositories from the OSS-Fuzz corpus, Anthropic's Claude Mythos Preview found exploitable zero-day vulnerabilities in every major operating system and every major web browser. Against Firefox 147 alone, it produced 181 working exploits where its predecessor managed two. Against ten separate, fully patched targets, it achieved complete control flow hijack β the most severe outcome in vulnerability research.β¦