I'll share the first-hand account I recently got from someone else.

> We've used it at work

> it is... not as hype as everyone is concerned about

> I'd argue the framework around it for security scanning is the arguably more useful side of the tool, definitely doesnt take a huge model to get all the issues it flagged on our systems

> For us, it absolutely flooded us with noise

> I mean hundreds if not thousands of false positives or minor issues or not applicable

> For every one reasonable issue

> The biggest issue it created was the execs treated every issue it produced like it was a drop everything and fix the issue type deal

> I'm talking company wide drop all things "we need to patch nginx because this module that no one uses and is disabled by default has this RCE vulnerability™

> Or "all ec2 AMIs need to be upgraded because it flagged a a version specific docker vulnerability", it flagged every single machine with docker regardless of if the actual vulnerability was relevant

> Vulnerability was with a very specific Auth plugin configuration you could enable with docker and specifically the Mosley docker compatible tool, but it is clear it only knew there was a vulnerability in docker, not if it was applicable or not

> Meanwhile dirtyfrag and friends not a single peep from btw despite it allowing for container escape

> Idk, I was underwhelmed with the quality of the reporting it gave really. If the company allowed me to get information about all the infrastructure in our entire organisation to run Claude over it repeatedly looking for recent CVEs I'm sure I could produce the same results...

It’s clear that Anthropic has run out of the compute capacity needed to serve Mythos publicly.

They’re using security concerns to mask their inability to deliver the model at scale, while still trying to maintain their lead over OpenAI. As a result, they’ve chosen to release it privately under the banner of an “ethical” rollout.

In case the topic of memory safety is interesting to anyone I've been experimenting with using AI agents to port common web infra projects to safe/ performant Rust. Somewhat inspired by the Bun port - was thinking that at some point memory safety might be such a big deal that people just need drop in replacements.

- Valkey/ Redis port here https://github.com/ianm199/valdr (passes ~99% of single node test suite, real prod features like replication/ clustering/ HA early or not implemented) - Further along port of Lua 5.1-5.5 https://github.com/ianm199/lua-rs-port/tree/main - I have a less developed nginx version that would be the north star - These projects are very alpha at the moment

If anyone is interested in getting involved in this or has done similar experiments I'd love to collaborate! There is so much variation in how you can run these large scale agent fleets I don't think anyone has a perfect system yet.

Here's my big fear: Even IF (and that's a BIG if) we get all critical vulnerabilities fixed in tech (before adversarial/state-actors turn up with open attack models) - we still have (in at least a year) models that will be so good in social engineering that they can still (given enough tokens) gain access to whatever system they want.

If society can't trust banks and other institutions to safely control their data, what follows ?

Do we we collectivelly switch off the internet?

Not so sure I would want a company that does not see any issues with mass surveillance of my country [1] to have access to critical infrastructure or its source code where I live.

[1] https://www.anthropic.com/news/statement-department-of-war :

> But using these systems for mass domestic surveillance is incompatible with democratic values.

GPT-5.5-Cyber has already at least hit if not surpassed Mythos capability in cyber tasks. The only reason they're holding back is because once its out everyone would realize that its capabilities were a step change in March, but are not anymore, yet it costs significantly more and is much slower.

i think anthropic is being performative here, creating a hype for mythos and not releasing. i guess this is all a marketing thing to sell a security specialized AI to enterprise and startups at a way larger cost coz security market is deep in money.

Is this just one giant marketing plot?

Work in a top tier security org at a Fortune 50. We still can't get access to this stuff, even though we've reached out repeatedly.

I mention this because if you're frustrated that you can't access it, you're not alone. Even with our company's heft and a security org that is very well known in the industry we're getting nowhere.

They should share it with Meta.

https://www.0xsid.com/blog/meta-account-takeover-fiasco

So, they expand the program to US "ally" governments and corporations.

These entities will now give all their IP to an American company that only promises not to spy on Americans.

Subsequently, the NSA can audit the leaked sources manually and find real exploits.

We are in the early stages of monetizing the AI stack/service and Anthropic is set to take it in. Not sure if it’s cost effective for them or not but they are clear winner here. They have created this awareness among executives about the value and need for AI and that is what matters, it will be budgeted accordingly. They are positioning it as a must have not just for productivity but also beyond that as a Swiss army tool , pretty smart

This feels more and more like a marketing/scarcity play for the largest global corps.

Will likely give them time to expand capacity as well. And make them harder to dislodge in these orgs.

“Mythos Preview continues a long-term trend that we’ve been warning about for some time: within 6 to 12 months […]”

The only trend Mythos continues is Anthropic’s trend of warning that disaster is always 6 to 12 months away.

Got to say, Anthropic have hell of a marketing team.

Is there any evidence Mythos is qualitatively better than the Opus 4.x?

I'm afraid that the usual mantra that "we just need more scale" that worked well for attracting investments, is not working anymore - bigger models provide marginal improvements while naturally get much more expensive to run.

Is this why both Anthropic and OpenAI are rushing for IPOs this year?

This is either a chuffed up PR move or an extremely generous alpha fold "publish all the proteins" moment

In the meantime, not everyone with actual access to the model are all that impressed.

https://cyberplace.social/@GossiTheDog/116679693992983945

It would have been nice to have a list of the 150, but I guess it would make them a hacking target?

That’s fine as long as I can identify and reject any Mythos derived patch as being irreproducible.

Whats currently an open source project which comes closest to Mythos capabilities?

undefined

I still find it funny that GPT-5.5 is just as good as Mythos and yet Anthropic likes to make things worse than they actually are.

They keep writing like they stand to profit from this or something. Too many “coulds” in there for me too, this could be an amazing advancement and it could be nothing… normally we look at data and last headline I saw was 25 “high” vulnerabilities at the cost of $1 million in tokens.

No comparison to human teams, and I’m sure that $1 million in tokens was used by humans, in a team. So like most AI, they’ve developed a tool that capable people can use to be better, but unlike most tools, they’re claiming this to be outright magic. The magic is the hype train.

> The organizations in this new group are based in more than 15 countries

I mean most nasdaq tech companies would be in 13+ countries, why are they writing this like it's a big number, is hilariously small?

How "altruistic" of them. If only Anthropic extended this level of care to the environment or the economy.

Step 1: claim you created a tool so dangerous you can't release it

Step2: offer to test it, but only for the biggest companies in the world

Step 3: onboard those big players on your tooling and product

Step 4: profit

This is genius.

I don't get how this is event front page of HN.

[dead]

[flagged]

Anthropic has the marketing of a weight loss product.

- They still claim 10000 issues, but they found only one in curl.

- They did not find rsync issues but Claude rather introduced rsync issues.

- Facebook is a member of this cult program but Mythos did not find the account takeover flaw.

- Mythos did not find the issues in Anthropic's own Bun rewrite.

They will not release Mythos because it would be exposed as a fraud before the IPO.

Expanding Project Glasswing (IPO)

Mythos gives BIG Tesla FSD energy, I’m over it

Maybe it is just me: I feel Anthropic most recent product announcements resemble more and more like what IBM tactic was at its high. For instance, the Watson AI hype after it defeated Kasparov. The difference is IBM actually wanted and let businesses buy and use Watson as opposed to time released like what Anthropic does to even boost the hype higher.