Anthropic’s Alarming Mythos Findings Replicated With Off-the-Shelf AI, Researchers Say

When Anthropic unveiled Claude Mythos earlier this month, it locked the mannequin behind a vetted coalition of tech giants and framed it as one thing too harmful for the general public. Treasury Secretary Scott Bessent and Fed Chair Jerome Powell convened an emergency meeting with Wall Road CEOs. The phrase “vulnpocalypse” resurfaced in safety circles.

And now a group of researchers has additional sophisticated that narrative.

Vidoc Safety took Anthropic’s personal patched public examples and tried to breed them utilizing GPT-5.4 and Claude Opus 4.6 inside an open-source coding agent referred to as opencode. No Glasswing invite. No non-public API entry. No Anthropic inside stack.

“We replicated Mythos findings in opencode utilizing public fashions, not Anthropic’s non-public stack,” Dawid Moczadło, one of many researchers concerned within the experiment, wrote on X after publishing the outcomes. “A greater option to learn Anthropic’s Mythos launch will not be ‘one lab has a magical mannequin.’ It’s: the economics of vulnerability discovery are altering.”

The instances they focused had been the identical ones Anthropic highlighted in its public supplies: a server file-sharing protocol, the networking stack of a security-focused OS, the video-processing software program embedded in virtually each media platform, and two cryptographic libraries used to confirm digital identities throughout the net.

Each GPT-5.4 and Claude Opus 4.6 reproduced two bug instances in all three runs every. Claude Opus 4.6 additionally independently rediscovered a bug in OpenBSD 3 times straight, whereas GPT-5.4 scored zero on that one. Some bugs (one involving the FFmpeg library to run movies and one other involving the processing of digital signatures with wolfSSL) got here again partial—that means the fashions discovered the proper code floor however did not nail the exact root trigger.

Each scan stayed beneath $30 per file, that means researchers had been capable of finding the identical vulnerabilities as Anthropic whereas spending lower than $30 to do it.

“AI fashions are already adequate to slender the search house, floor actual leads, and typically get well the total root trigger in battle-tested code,” Moczadło mentioned on X.

The workflow they used wasn’t a one-shot immediate. It mirrored what Anthropic itself described publicly: give the mannequin a codebase, let it discover, parallelize makes an attempt, filter for sign. The Vidoc group constructed the identical structure with open tooling. A planning agent cut up every file into chunks. A separate detection agent ran on every chunk, then inspected different recordsdata within the repo to verify or rule out findings.

The road ranges inside every detection immediate—for instance, “deal with traces 1158-1215″—weren’t chosen by the researchers manually. They had been outputs from the prior planning step. The blog post makes this specific: “We need to be specific about that as a result of the chunking technique shapes what every detection agent sees, and we don’t need to current the workflow as extra manually curated than it was.”

The examine does not declare public fashions match Mythos on every little thing. Anthropic’s mannequin went additional than simply recognizing the FreeBSD bug—it constructed a working assault blueprint, determining how an attacker might chain code fragments collectively throughout a number of community packets to grab full management of the machine remotely. Vidoc’s fashions discovered the flaw. They did not construct the weapon. That is the place the true hole sits: not to find the opening, however in understanding precisely the best way to stroll by it.

However Moczadło’s argument is not actually that public fashions are equally highly effective. It is that the costly a part of the workflow is now obtainable to anybody with an API key: “The moat is shifting from mannequin entry to validation: discovering vulnerability sign is getting cheaper; turning it into trusted safety work remains to be exhausting.”

Anthropic’s personal security report acknowledged that Cybench, the benchmark used to measure whether or not a mannequin poses severe cyber threat, “is not sufficiently informative of present frontier mannequin capabilities” as a result of Mythos cleared it totally. The lab estimated comparable capabilities would unfold from different AI labs inside six to 18 months.

The Vidoc examine suggests the invention facet of that equation is already obtainable outdoors any gated program. Their full immediate excerpts, mannequin outputs, and methodology appendix are revealed on the lab’s official web site.