We Reproduced Anthropic's Mythos Findings with Public Models

What happened

Researchers at VidocSecurity say they reproduced key parts of Anthropic’s Mythos examples using only public models and open tooling. It has been reported that Anthropic framed Mythos and Project Glasswing as part of an argument for restricting advanced AI vulnerability research; the replication pushes back on that narrative by showing similar capabilities outside a single lab. Short version: you don't need a secret model to start finding serious bugs. You do need patience, tooling, and a good workflow.

How they did it

The team ran a chunked security-review workflow in opencode, using GPT-5.4 and Claude Opus 4.6 via public APIs. They attempted the patched examples Anthropic published across FreeBSD, OpenBSD, FFmpeg, Botan, and wolfSSL. Results were mixed but telling: both models reproduced Botan and FreeBSD in 3/3 runs; Claude Opus 4.6 reproduced the OpenBSD example in 3/3 runs while GPT-5.4 went 0/3; FFmpeg and wolfSSL only yielded partial results. It’s not a miracle prompt—it’s an agentic search process: feed code and runtime, inspect, iterate, rank, and validate.

Why it matters

Anthropic’s public materials combine inspectable examples, benchmark deltas, and — it has been reported that — an embargoed bucket of “thousands” of high‑severity findings. The replication underlines an important point: the concrete, inspectable part of Mythos is a workflow as much as a model. If public models can already get meaningful traction, the debate shifts. Should we lock everything down, or should defenders focus on validation, prioritization, and remediation? Tough question. But one thing’s clear: the moat is moving up the stack — access alone isn't the whole story. Defenders: prepare, don’t panic.

Sources: vidocsecurity.com, Hacker News