Anthropic’s Alarming Mythos Findings Replicated With Off-the-Shelf AI, Researchers Say – Decrypt

When Anthropic unveiled Claude Mythos earlier this month, it locked the mannequin behind a vetted coalition of tech giants and framed it as one thing too harmful for the general public. Treasury Secretary Scott Bessent and Fed Chair Jerome Powell convened an emergency assembly with Wall Road CEOs. The phrase “vulnpocalypse” resurfaced in safety circles.

And now a group of researchers has additional sophisticated that narrative.

Vidoc Safety took Anthropic’s personal patched public examples and tried to breed them utilizing GPT-5.4 and Claude Opus 4.6 inside an open-source coding agent referred to as opencode. No Glasswing invite. No personal API entry. No Anthropic inner stack.

“We replicated Mythos findings in opencode utilizing public fashions, not Anthropic’s personal stack,” Dawid Moczadło, one of many researchers concerned within the experiment, wrote on X after publishing the outcomes. “A greater approach to learn Anthropic’s Mythos launch just isn’t ‘one lab has a magical mannequin.’ It’s: the economics of vulnerability discovery are altering.”

The circumstances they focused have been the identical ones Anthropic highlighted in its public supplies: a server file-sharing protocol, the networking stack of a security-focused OS, the video-processing software program embedded in nearly each media platform, and two cryptographic libraries used to confirm digital identities throughout the net.

Each GPT-5.4 and Claude Opus 4.6 reproduced two bug circumstances in all three runs every. Claude Opus 4.6 additionally independently rediscovered a bug in OpenBSD 3 times straight, whereas GPT-5.4 scored zero on that one. Some bugs (one involving the FFmpeg library to run movies and one other involving the processing of digital signatures with wolfSSL) got here again partial—that means the fashions discovered the fitting code floor however did not nail the exact root trigger.

Each scan stayed under $30 per file, that means researchers have been capable of finding the identical vulnerabilities as Anthropic whereas spending lower than $30 to do it.

“AI fashions are already adequate to slim the search area, floor actual leads, and typically recuperate the total root trigger in battle-tested code,” Moczadło stated on X.

The workflow they used wasn’t a one-shot immediate. It mirrored what Anthropic itself described publicly: give the mannequin a codebase, let it discover, parallelize makes an attempt, filter for sign. The Vidoc group constructed the identical structure with open tooling. A planning agent cut up every file into chunks. A separate detection agent ran on every chunk, then inspected different recordsdata within the repo to verify or rule out findings.

The road ranges inside every detection immediate—for instance, “concentrate on strains 1158-1215″—weren’t chosen by the researchers manually. They have been outputs from the prior planning step. The weblog publish makes this specific: “We wish to be specific about that as a result of the chunking technique shapes what every detection agent sees, and we don’t wish to current the workflow as extra manually curated than it was.”

The examine does not declare public fashions match Mythos on every part. Anthropic’s mannequin went additional than simply recognizing the FreeBSD bug—it constructed a working assault blueprint, determining how an attacker may chain code fragments collectively throughout a number of community packets to grab full management of the machine remotely. Vidoc’s fashions discovered the flaw. They did not construct the weapon. That is the place the actual hole sits: not find the outlet, however in realizing precisely methods to stroll by way of it.

However Moczadło’s argument is not actually that public fashions are equally highly effective. It is that the costly a part of the workflow is now accessible to anybody with an API key: “The moat is transferring from mannequin entry to validation: discovering vulnerability sign is getting cheaper; turning it into trusted safety work remains to be exhausting.”

Anthropic’s personal security report acknowledged that Cybench, the benchmark used to measure whether or not a mannequin poses critical cyber danger, “is now not sufficiently informative of present frontier mannequin capabilities” as a result of Mythos cleared it completely. The lab estimated comparable capabilities would unfold from different AI labs inside six to 18 months.

The Vidoc examine suggests the invention aspect of that equation is already accessible exterior any gated program. Their full immediate excerpts, mannequin outputs, and methodology appendix are printed on the lab’s official website.