AISLE matches Anthropic Mythos on FreeBSD zero-days

TL;DR: In April 2026, FreeBSD published 8 security advisories. Of these, three were found by Nicholas Carlini at Anthropic using Claude, and three were discovered by AISLE using our AI system. The codebase was the primary showcase target in Anthropic's Mythos Preview launch. On zero-day CVE count in FreeBSD, AISLE matches Anthropic three to three.

What AISLE found in April 2026

Using AISLE's AI system, our security researcher Joshua Rogers discovered three zero-day vulnerabilities in the FreeBSD base system and responsibly disclosed them to the FreeBSD security team. All three were patched in the April 29, 2026 security release, receiving CVEs.

The most interesting of these is CVE-2026-42511, a remote code execution vulnerability in dhclient, FreeBSD's default DHCP client. The BOOTP file field gets written to the lease file without escaping embedded double-quotes, which allows injection of arbitrary dhclient.conf directives. When the lease file is re-parsed after a system restart, attacker-controlled content is evaluated by dhclient-script. A rogue DHCP server on the same broadcast domain can execute arbitrary code as root.

The second dhclient vulnerability, CVE-2026-42512, is a heap buffer overrun in the code that builds environment variables to pass to dhclient-script. The array resizing logic incorrectly calculates the new size, and a specially crafted DHCP packet can trigger an out-of-bounds write. This is also remotely triggerable and potentially exploitable for code execution.

The third finding, CVE-2026-39457, targets libnv, FreeBSD's name-value pair library used for inter-process communication and kernel-userland data exchange. libnv uses select(2) to wait for data on a socket but never checks whether the socket descriptor fits within FD_SETSIZE (1024). If the target application is setuid-root, an attacker who can force it to allocate large file descriptors can corrupt the stack and escalate privileges.

In total: two remotely exploitable bugs and a stack-based buffer overflow, all in core base system components, all discovered by AISLE. In addition, we have more than 10 vulnerabilities in the disclosure and remediation pipeline with FreeBSD right now.

The full picture

Colin Percival, FreeBSD Release Engineering Team Lead, wrote on April 29:

"In April, FreeBSD issued eight security advisories. Six of them were for issues found by AI."

Here are all eight, with credits taken directly from the advisory text:

Carlini's third FreeBSD advisory, SA-26:08.rpcsec_gss (the NFS remote code execution that served as the centerpiece of Anthropic's Mythos Preview blog post) was published on March 26, technically just outside the April window, but we still count it to be fair. Without it, AISLE would actually be winning over Mythos in terms of FreeBSD CVEs in this release three to two.

Why FreeBSD matters here

On April 7, 2026, Anthropic published Assessing Claude Mythos Preview's cybersecurity capabilities, a detailed technical writeup of their new model's ability to autonomously find and exploit zero-day vulnerabilities.

Among many targets (OpenBSD, FFmpeg, Linux, web browsers, cryptography libraries) FreeBSD received the most detailed treatment. The fully autonomous discovery and exploitation of CVE-2026-4747, a 17-year-old remote code execution vulnerability in FreeBSD's NFS server via RPCSEC_GSS, was a zero-day exploit Anthropic discussed with full technical detail.

We are not claiming that AISLE matched Mythos on autonomous exploit generation, which is primarily an offensive capability. The significance here is narrower and, in some ways, more important if you are on the defensive side: on the FreeBSD target that Anthropic chose to showcase and likely had a very close look at with their most capable model, AISLE independently surfaced multiple externally validated vulnerabilities in the same release cycle, vulnerabilities that Anthropic did not find or report.

What this means

This is another major codebase where AISLE's AI system has produced results at scale. After 20 CVEs in OpenSSL (including 12 out of 12 in a single release) and 38 CVEs in OpenEMR medical software used by millions of patients, we now have 3 FreeBSD security advisories in the same release cycle that credited Anthropic with 3 AI-attributed FreeBSD advisories.

This shows that a small external team can produce a comparable volume and sophistication of externally validated findings in the same ecosystem where Anthropic chose to demonstrate Mythos.

Percival also asked researchers on April 14 to disclose when they use AI to find vulnerabilities. Not to filter out reports, but because "it's important for teams to be aware of the AI state of the art." Carlini's advisories explicitly credit "Nicholas Carlini using Claude, Anthropic." We appreciate this transparency and follow the same practice.

The FreeBSD security team has been professional and constructive throughout our disclosure process, and we're grateful for their responsiveness.

Looking ahead

We have more than ten additional FreeBSD findings in various stages of responsible disclosure. But the bigger picture here is not about any single team's CVE count. A year ago, the question was whether AI could find real vulnerabilities in well-audited critical infrastructure at all. That question is now settled. Multiple independent teams, e.g. Anthropic, AISLE, and others, are finding them consistently, across operating systems, cryptographic libraries, and core internet services.

The question that matters now is whether the ecosystem can absorb the results fast enough to stay ahead. We intend to do our part.

If your organization runs critical infrastructure and you want to find vulnerabilities before attackers do, reach out.