Anthropic’s Alarming Mythos Findings Replicated With Off-the-Shelf AI, Researchers Say

When Anthropic revealed Claude Mythos previously this month, it locked the design behind a vetted union of tech giants and framed it as something too hazardous for the general public. Treasury Secretary Scott Bessent and Fed Chair Jerome Powell assembled an emergency situation conference with Wall Street CEOs. The word “vulnpocalypse” resurfaced in security circles.

And now a group of scientists has actually even more made complex that story.

Vidoc Security took Anthropic’s own patched public examples and attempted to replicate them utilizing GPT-5.4 and Claude Opus 4.6 inside an open-source coding representative called opencode. No Glasswing welcome. No personal API gain access to. No Anthropic internal stack.

” We reproduced Mythos findings in opencode utilizing public designs, not Anthropic’s personal stack,” Dawid Moczadło, among the scientists associated with the experiment, composed on X after releasing the outcomes. “A much better method to check out Anthropic’s Mythos release is not ‘one laboratory has a wonderful design.’ It is: the economics of vulnerability discovery are altering.”

The cases they targeted were the very same ones Anthropic highlighted in its public products: a server file-sharing procedure, the networking stack of a security-focused OS, the video-processing software application embedded in practically every media platform, and 2 cryptographic libraries utilized to confirm digital identities throughout the web.

Both GPT-5.4 and Claude Opus 4.6 recreated 2 bug cases in all 3 runs each. Claude Opus 4.6 likewise individually uncovered a bug in OpenBSD 3 times directly, while GPT-5.4 scored absolutely no on that one. Some bugs (one including the FFmpeg library to run videos and another including the processing of digital signatures with wolfSSL) returned partial– suggesting the designs discovered the best code surface area however didn’t nail the exact origin.

Every scan remained listed below $30 per file, suggesting scientists had the ability to discover the very same vulnerabilities as Anthropic while investing less than $30 to do it.

” AI designs are currently sufficient to narrow the search area, surface area genuine leads, and in some cases recuperate the complete origin in battle-tested code,” Moczadło stated on X.

The workflow they utilized wasn’t a one-shot timely. It mirrored what Anthropic itself explained openly: provide the design a codebase, let it check out, parallelize efforts, filter for signal. The Vidoc group constructed the very same architecture with open tooling. A preparation representative divided each file into pieces. A different detection representative operated on each portion, then examined other files in the repo to verify or eliminate findings.

The line varies inside each detection trigger– for instance, “concentrate on lines 1158-1215”– weren’t picked by the scientists by hand. They were outputs from the previous preparation action. The post makes this specific: “We wish to be specific about that since the chunking method shapes what each detection representative sees, and we do not wish to provide the workflow as more by hand curated than it was.”

The research study does not declare public designs match Mythos on whatever. Anthropic’s design went even more than simply finding the FreeBSD bug– it constructed a working attack plan, determining how an assailant might chain code pieces together throughout numerous network packages to take complete control of the device from another location. Vidoc’s designs discovered the defect. They didn’t develop the weapon. That’s where the genuine space sits: not in discovering the hole, however in understanding precisely how to stroll through it.

However Moczadło’s argument isn’t truly that public designs are similarly effective. It’s that the pricey part of the workflow is now offered to anybody with an API secret: “The moat is moving from design access to recognition: discovering vulnerability signal is getting less expensive; turning it into relied on security work is still tough.”

Anthropic’s own security report acknowledged that Cybench, the criteria utilized to determine whether a design positions severe cyber threat, “is no longer adequately helpful of existing frontier design abilities” since Mythos cleared it completely. The laboratory approximated similar abilities would spread out from other AI laboratories within 6 to 18 months.

The Vidoc research study recommends the discovery side of that formula is currently offered outside any gated program. Their complete timely excerpts, design outputs, and approach appendix are released at the laboratory’s main website.