April 17, 2026
Mythos meets the mosh pit
We Reproduced Anthropic's Mythos Findings with Public Models
Public AIs crash Mythos’ party, commenters yell “not a fair fight”
TLDR: A new post says public chatbots can replicate parts of Anthropic’s Mythos bug-hunting, suggesting the real edge is process, not secret models. Comments split: some say “obvious and boring,” others argue the test was unfair because the public models were given hints, not left to discover solo.
Did someone just say the quiet part out loud? A new post claims public chatbots like GPT‑5.4 and Claude Opus 4.6 can recreate some of Anthropic’s flashy “Mythos” bug-finding wins, and the comment section immediately burst into sports‑bar energy. One side shrugged: “Exploits are software so… yah” — like, of course smart bots can find dumb mistakes in code. Another camp rolled its eyes at the hype and warned the real danger is boring but constant: doxxing, scams, and everyday security lapses, not sci‑fi robot chaos.
Then the fairness fight kicked off. Critics fumed that the reproduction wasn’t apples‑to‑apples: Mythos supposedly found issues with minimal guidance, while the public models were nudged toward specific files. “It’s frustrating to see these ‘reproductions’,” one commenter snapped, arguing you can’t claim a tie if the student got hints. Defenders shot back that Anthropic’s own write‑up describes a patient, tool‑using workflow — not a magic spell — and that the real moat is ops: validating results, prioritizing fixes, and shipping patches.
Meanwhile, the vibe check: some folks called the entire thing a repost; others joked these AIs are basically tireless interns who need a pointer but will file 100 tickets overnight. Bottom line from the bleachers? If public models can replicate parts of Mythos on FreeBSD/Botan/OpenBSD but stumble on FFmpeg/wolfSSL, the tech is already out here — the drama is over how much hand‑holding it needs to matter.
Key Points
- •Researchers attempted to reproduce Anthropic’s Mythos vulnerability findings using public models GPT-5.4 and Claude Opus 4.6 on patched, publicly documented cases.
- •Full replications were achieved for FreeBSD, Botan, and OpenBSD (the latter only by Claude Opus 4.6), while FFmpeg and wolfSSL yielded only partial results.
- •Model-by-model: both GPT-5.4 and Claude Opus 4.6 replicated Botan and FreeBSD in 3/3 runs; Claude Opus 4.6 succeeded on OpenBSD 3/3, GPT-5.4 failed 0/3.
- •Anthropic’s evidence spans: inspectable patched examples; benchmark gains over Claude Opus 4.6 (CyberGym, SWE-bench, Terminal-Bench); and an embargoed set of “thousands” of high-severity findings supported by commitment hashes.
- •The authors argue the real challenge is validating, prioritizing, and operationalizing findings, as public models can already perform effectively within Anthropic’s described workflow.