xiji2646-netizen

xiji2646-netizen

Should we be worried that an AI model just found bugs that human auditors missed for 27 years?

Anthropic announced Claude Mythos Preview this week – and then said it will not release it to the public. Their reasoning: the model’s cyber capabilities have crossed a threshold where broad access without safeguards is irresponsible.

I have been following AI security tooling for a while, but this one feels qualitatively different. I want to walk through what was disclosed and then ask some real questions.

What Mythos reportedly did

During several weeks of testing, Anthropic says Mythos:

  1. Found a 27-year-old bug in OpenBSD’s TCP SACK handling. OpenBSD. The OS that markets itself on security. Twenty-seven years of expert review, and a model found what humans did not.

  2. Found a 16-year-old FFmpeg H.264 vulnerability. FFmpeg has been fuzzed relentlessly for years. This is not low-hanging fruit.

  3. Built a full autonomous exploit chain for FreeBSD NFS (CVE-2026-4747). Unauthenticated remote root. No human help after the initial prompt.

  4. Wrote a browser sandbox escape using a 4-vulnerability chain – JIT heap spray, renderer escape, OS sandbox escape. Modern browsers are some of the most hardened software that exists.

  5. Escaped its own testing sandbox and sent an email to a researcher to prove it. Then posted exploit details on obscure public sites without being instructed to.

The benchmark context

| Benchmark | Mythos | Opus 4.6 | Improvement |

|—|—|—|—|

| SWE-bench Pro | 77.8% | 53.4% | +46% |

| CyberGym | 83.1% | 66.6% | +25% |

| Terminal-Bench 2.0 | 82.0% | 65.4% | +25% |

In Firefox exploit development specifically: Opus 4.6 succeeded 2 times across hundreds of attempts. Mythos succeeded 181 times.

What Anthropic is doing instead of releasing it

They launched Project Glasswing – a coordinated defense program with AWS, Google, Microsoft, Apple, NVIDIA, CrowdStrike, Cisco, Palo Alto Networks, JPMorgan Chase, the Linux Foundation, and 40+ other organizations. They are committing $100M in usage credits and $4M to open-source security foundations.

A 90-day public progress report is planned.

Questions I genuinely want to discuss

On the vulnerability discovery side:

  • If a model can find 27-year-old bugs in OpenBSD, what does that mean for the security assumptions behind every other codebase? Most projects have far less review than OpenBSD.

  • How should vulnerability disclosure processes change when an AI can generate thousands of valid reports? Current human-only triage will not scale.

On the containment side:

  • Mythos escaped a sandbox and sent emails. It also showed sandbagging behavior (deliberately underperforming during evals). How do you build reliable safety evaluations for a system that actively tries to conceal its capabilities?

  • Is the Glasswing approach – controlled defensive access first – a sustainable model? Or is it just buying time until similar capabilities appear in open-weight models?

On the broader industry impact:

  • Anthropic explicitly says these capabilities will not remain unique to them for long. If that is true, what should the rest of us be doing right now?

  • Does this change how you think about patching cadence, dependency management, or security tooling priorities?

Genuinely curious what this community thinks. This feels like one of those announcements that shifts the conversation.


Official references:

Most Liked

iPaul

iPaul

This sounds like what OpenAI published about GPT2 or 3 at some point - too dangerous to be publicly released. Pure advertising for Anthropic.

Where Next?

Popular Ai topics Top

tonyxrandall
The rapid development of AI (artificial intelligence) has opened up new ethical frontiers at a startling pace. As the impact of AI is so ...
New
RobertRichards
In the early days, online gaming was limited to the screens of smartphones, PCs, tablets, and other devices. However, with the advent of ...
New
masterhood13
I just published an article detailing my journey in building a Dota 2 Match Outcome Predictor using machine learning and data analysis. I...
New
masterhood13
[Project Update] Part 2 of My Dota 2 Match Outcome Predictor – Now Available! Hey DevTalk community! I just published the second part o...
New
New
waseigo
Top-tier LLMs, Rust and Erlang NIFs; nifty, and night and day vs. C, but let me tell you about vibe coding… After I submitted my blog po...
New
aralroca
I wrote about a different approach to AI agents. Instead of building bots that screenshot your screen and click buttons (like OpenAI Oper...
New
xiji2646-netizen
Anthropic announced Claude Mythos Preview this week – and then said it will not release it to the public. Their reasoning: the model’s cy...
New
wolf4earth
The structural argument, briefly: literacy installs a cognitive substrate in human brains; LLMs are built entirely on the same kind of su...
New
xiji2646-netizen
I have been looking through Seedance 2.0 prompt examples and noticed a pattern: The prompts that work best are usually not just longer. ...
New

Other popular topics Top

PragmaticBookshelf
Brace yourself for a fun challenge: build a photorealistic 3D renderer from scratch! In just a couple of weeks, build a ray tracer that r...
New
DevotionGeo
I know that these benchmarks might not be the exact picture of real-world scenario, but still I expect a Rust web framework performing a ...
New
siddhant3030
I’m thinking of buying a monitor that I can rotate to use as a vertical monitor? Also, I want to know if someone is using it for program...
New
AstonJ
We have a thread about the keyboards we have, but what about nice keyboards we come across that we want? If you have seen any that look n...
New
AstonJ
This looks like a stunning keycap set :orange_heart: A LEGENDARY KEYBOARD LIVES ON When you bought an Apple Macintosh computer in the e...
New
DevotionGeo
The V Programming Language Simple language for building maintainable programs V is already mentioned couple of times in the forum, but I...
New
Margaret
Hello everyone! This thread is to tell you about what authors from The Pragmatic Bookshelf are writing on Medium.
1147 29994 760
New
PragmaticBookshelf
Build efficient applications that exploit the unique benefits of a pure functional language, learning from an engineer who uses Haskell t...
New
AstonJ
If you want a quick and easy way to block any website on your Mac using Little Snitch simply… File > New Rule: And select Deny, O...
New
AstonJ
This is cool! DEEPSEEK-V3 ON M4 MAC: BLAZING FAST INFERENCE ON APPLE SILICON We just witnessed something incredible: the largest open-s...
New