Anthropic’s new Mythos model, a massive language engine, can generate functional exploits for Firefox’s JavaScript shell in 72.4% of trials, a jump from under 1% a few months ago. The model’s size rivals short‑lived GPT‑4.5, and its pricing sits at $125/MTok.

Sandboxing forms the core of mobile and web security, layering browser, JavaScript, and OS protections. Mythos’ success means a single LLM can now breach the innermost sandbox, potentially allowing malicious sites to escape and compromise user devices.

Even though the exploit targets only the SpiderMonkey shell, the trend signals a broader risk: cloud VMs, ad iframes, and multi‑tenant services rely on similar isolation. If attackers chain these weak points, they could seize control of millions of devices or cloud regions.

Anthropic has withheld a full public release, offering the model to a limited cybersecurity cohort. Yet the underlying threat remains, as smaller models may soon inherit Mythos’ capabilities, and newer hardware could scale the attack surface further. The industry must reassess sandbox assumptions now.