when a bunch of independent researchers, well known software authors and others all say the same thing:
"the mythos paper was largely marketing fluff"
and none of them collaborated
i think the writing is on the wall .
back in sept, i caught claude talking itself into lying to me. Months later, @jonny discovered in the claude code leak that its hardcoded to lie.
then all the mythos hype
its like stan from monkey island is in charge
yes, as in singular one. Back in April 2026 Anthropic caused a lot of media noise when they concluded that their new AI model Mythos is dangerously good at finding security flaws in source code. Apparently Mythos was so good at this that Anthropic would not release this model to the public yet but instead … Continue reading Mythos finds a curl vulnerability →
https://sites.google.com/view/llmwritingdistortion/home
https://semgrep.dev/blog/2026/malicious-dependency-in-pytorch-lightning-used-for-ai-training/
https://www.thatprivacyguy.com/blog/anthropic-spyware/
https://aisle.com/blog/ai-cybersecurity-after-mythos-the-jagged-frontier
https://daniel.haxx.se/blog/2026/02/03/open-source-security-in-spite-of-ai/
theres a few choice picks from my stash of articles
@Viss this Mexico breach document is remarkable. how often do you get the full, logged history of an attack like this.
the opening is like fractally funny:
In 40 minutes, the conversation moved from “I’m not going to create that file” to
“What command do you want to execute now?” on a live government server.
Claude’s safety reasoning was sound at every step - it identified evasion
techniques, refused to generate the anti-forensic rulebook, and requested
authorization evidence. The guardrails did not hold in this case.
amazing
@jonny like basically everyone who hasnt drank the kool-aid who is, with their own hands, testing all thes claims is like
"what the actual fuck how is any of this real? it barely works a tenth of the time and when it does work its like, junior analyst mode. how is china supposedly getting away with murder while the rest of us have to deal with this hallucination and refusal bullshit?"
@Viss @jonny
I don't have anything that's definite or I'd just say so. There's probably some language jargon that describes it, but the writing style just trips my 'ai written' detector. I don't necessarily trust it.
Some comments have random words bolded, but that could just be his style, or maybe he's not a native English speaker and uses grammarly etc.
He doesn't shy away from using ai generated art, though.
@Viss @jonny I found this Risky Business interview with Nicolas Carlini from Anthropic informative. He talks through the reasoning behind the Mythos embargo, and a lot of folks mis-reported the reason why Anthropic was embargoing Mythos.
It wasn't that it was significantly better at findings vulns than past models, it was that it was significantly better at developing working exploits for the vulns it found.
https://www.risky.biz/video/feature-interview-nicholas-carlini-anthropic/
@Viss @jonny I didn't, and I definitely think marketing is making a lot of hay with it, but after that interview, I'm inclined to think that regardless of how it was marketed, that the original intention behind the embargo was reasonable.
I think too many security folks get far too hung up on whether it is significantly better at finding vulns, when that wasn't really the point. Niels Provos has great research showing that with the right harness you can get similar results from other models.
@kyle @jonny also, my experiences with opus 4.7 have not been.... what was written about or what others are so excited about.
i tried to get it to read some bad javascript and it refused. every time. unrecoverably
@kyle @jonny and i got those refusals *AFTER* being accepted into the 'cyber program', and even then, what i asked it to do was unroll a javascript payload and it *STILL REFUSED*. i even follwed the link in the refusal and filled out the form and i got a reply with "youre already in the cyber program, why did you apply again?"
so like
maybe lets not listen to the snake oil salesmen spend a lot of time explaining their snake oil?
Viss
jonny (nonvenomous)
bakachu
Fritz Adalis
Kyle Rankin
Chuck