April 10, 2026
From sandbox to sand-blasted
Has Mythos just broken the deal that kept the internet safe?
Panic or patch? Commenters roast Mythos and the internet’s “safety deal”
TLDR: Anthropic’s Mythos preview reportedly cranks out a Firefox sandbox exploit 72% of the time, sparking a brawl between “patch-it, we’ve seen worse” skeptics, “we were never safe” realists, and “follow 90‑day disclosure” pragmatists. Big fear: even if Mythos is huge and pricey, smaller, cheaper models will catch up soon.
Anthropic’s new “Mythos” research preview claims it can auto-generate a working exploit for Firefox’s JavaScript shell 72.4% of the time—up from under 1% months ago. It’s reportedly massive, pricey ($125 per million tokens), and likely compute‑starved, but the comment section turned this into a street fight over whether the web’s “safety deal” is collapsing or just getting a loud stress test.
The loudest voice? The shrug squad. One user scoffed, “Why are AI people so dramatic?”—basically saying it’s just another bug that’ll get patched. Others mocked the hype, quipping that Anthropic “launched a card” more than a product. Meanwhile, security veterans rolled their eyes: you were never truly safe, said one, pointing to the constant stream of browser bugs and the “turn off JavaScript” crowd. A calmer middle lane emerged too: give defenders advance access and follow a 90‑day disclosure clock, like standard security practice.
Outside the brawl, a quieter worry hums: if a giant model can do this today, smaller models will copy it tomorrow—and cheaper hardware will spread it. For non‑tech readers: a “sandbox” is your device’s playpen that keeps websites from touching your stuff. The drama boils down to this: is Mythos a hype balloon, a real alarm bell, or both at once?
Key Points
- •Anthropic’s Mythos research preview reportedly achieved a 72.4% success rate generating working exploits against Firefox’s standalone JavaScript shell (SpiderMonkey).
- •An earlier evaluation showed Anthropic’s Opus 4.6 achieved under 1% success on similar exploit generation tasks.
- •The article characterizes Mythos as a very large model, rumored comparable in size to GPT‑4.5, with leaked pricing of about $125 per million output tokens, roughly five times Opus.
- •The piece argues that improvements in frontier models are rapidly translating to much smaller, open‑weights models (e.g., Gemma 4), implying these capabilities may soon be widely accessible.
- •The article explains browser and mobile security relies on layered sandboxes (JS engine, browser process, OS app sandbox) and warns LLM‑driven exploit discovery could undermine these defenses; the cited test targets the innermost layer, not a full browser chain.