April 20, 2026
Credit or credit card swipe?
FreeBSD CVE-2026-4747 Log Suggests Mythos Is a Marketing Trick
Internet calls Mythos a PR stunt while defenders roll their eyes
TLDR: Anthropic’s Mythos touted a big security find that critics say an older model and others already nailed, sparking a brawl over credit and hype. Defenders call it normal disclosure timing, while memes about “sponsored vulnerabilities” and cheap open models matching the feat undercut the frontier‑only narrative.
The internet is losing it over Anthropic’s shiny Mythos launch — and not in a good way. Critics say the company hyped a “frontier” AI by taking credit for a 17‑year‑old FreeBSD bug that was already found, patched, and even exploited by others first. The 12‑day gap between the FreeBSD advisory naming “Claude” (not Mythos) and Anthropic’s blog boasting Mythos “fully autonomously identified and exploited” the bug had comment sections on fire. The vibe: “marketing first, receipts later.”
Fans and employees push back hard. One standout defense from user vessenes dismisses the outrage as “unbridled, blind distaste,” arguing disclosure timelines are messy and advisories rarely do brand‑name shout‑outs. The skeptics clap back: if Mythos really did it, why wasn’t it credited on March 26? And why no proof when the April 7 post went live?
Meanwhile, jokesters ran wild with the post’s snarky line about “what brand of keyboard and underwear” — spinning memes about “sponsored vulnerabilities” and Mythos being able to “find bugs 12 days in the past.” The real plot twist: testers say eight open models (including a tiny cheap one) also found the same bug, torpedoing the “only frontier AI can do this” pitch. Bottom line: the community is split between “normal PR polish” and “credit laundering,” with jokes doing record‑scratch levels of damage.
Key Points
- •CVE-2026-4747 is a 17-year-old stack buffer overflow in FreeBSD’s RPCSEC_GSS enabling remote kernel code execution and potential root on NFS systems.
- •FreeBSD’s March 26, 2026 advisory credits “Nicholas Carlini using Claude, Anthropic” and notes patches across supported branches.
- •Anthropic’s April 7, 2026 Mythos launch blog claims Mythos autonomously identified and exploited the same vulnerability, 12 days after the advisory.
- •On March 29, 2026, Calif.io’s MAD Bugs used Claude Opus 4.6 to build two working root shell exploits for the already-disclosed CVE in about four hours.
- •Between April 8–13, 2026, AISLE reported all eight tested open-weight models detected the CVE, including GPT-OSS-20b at $0.11 per million tokens.