Open Models Challenge the Aura Around Anthropic’s Mythos Cybersecurity Claims

Anthropic’s Cybersecurity Story Meets Replication Pressure

Anthropic has presented Claude Mythos as a tightly controlled cybersecurity model with capabilities strong enough to justify restricted access. According to the supplied source text, the company limited Mythos Preview through Project Glasswing to a consortium of eleven organizations, citing offensive potential. Internal tests and an audit by the UK’s AI Security Institute reportedly found that the model could locate software bugs, build working exploits on its own and compromise entire corporate networks in simulation, provided those networks were small, weakly defended and vulnerable.

That is a serious set of claims, and the new development is not that these claims have been disproven. It is that parts of the exclusivity narrative are now being challenged. Two independent replication efforts described in the source suggest that smaller and more open models can reproduce much of the vulnerability analysis Anthropic has publicly showcased.

That distinction matters. The debate is shifting from whether Mythos is capable to whether the showcased capabilities are truly unique.

What the Replication Efforts Found

The first replication effort came from AISLE, a company that has been running AI-assisted bug hunting on open source software since mid-2025. The source says AISLE has reported 15 vulnerabilities in OpenSSL and five in curl. Founder Stanislav Fort reportedly used code snippets from Anthropic’s public samples to test how far a range of smaller and partially open models could go on their own.

The second effort came from Vidoc Security, which paired GPT-5.4 and Claude Opus 4.6 with the open coding agent OpenCode. Together, these studies attempt to answer a practical question: when Anthropic demonstrates impressive bug-finding or exploit reasoning, how much of that performance is exclusive to Mythos, and how much reflects a capability frontier that is broadening across the model landscape?

The early answer from the source text appears to be that the frontier may be broader than Anthropic’s access controls imply.

The FreeBSD Example Is the Key Test Case

The most concrete example in the supplied material involves a FreeBSD NFS bug identified as CVE-2026-4747. Anthropic had highlighted this case as a demonstration of Mythos performing autonomous discovery and exploitation. AISLE then tested eight models against the relevant function and, according to the article, every one of them detected the memory bug.

That is the strongest challenge in the report. Not only did all eight models reportedly flag the flaw as critical, but they also generated plausible reasoning about exploitation and why standard operating-system protections would not apply. One model, GPT-OSS-120b, reportedly produced a gadget sequence that AISLE considered close to the real exploit. Another, Kimi K2, reportedly inferred that the attack could spread automatically from one infected machine to others, a detail the article says Anthropic itself did not mention.

If accurate, those results undercut the idea that identifying and analyzing this class of vulnerability is exclusive to one tightly controlled model.

Where the Gap Still Appears to Exist

At the same time, the source text does not flatten all distinctions between Mythos and smaller open models. It points to a more demanding creative step in the real exploit chain: fitting a payload of more than 1,000 bytes into about 304 bytes of available space. According to the article, Mythos achieved this by splitting the payload across 15 separate network requests. None of the replicated efforts described in the visible text had matched that level of exploit construction.

That nuance is essential. It suggests that the gap may no longer be in first-pass vulnerability recognition or high-level exploit reasoning, but in the more difficult engineering required to turn a vulnerability into a fully workable attack under tight constraints.

In other words, the replication studies do not prove Mythos is ordinary. They do suggest that some of the headline examples used to justify its mystique may be less singular than they first appeared.

Why This Matters for AI Security Policy

The implications extend well beyond a dispute between model vendors. Access restrictions, safety policies and national security debates increasingly depend on claims about which systems meaningfully cross capability thresholds. If small or partially open models can reproduce much of the showcased work, then policymakers and labs may need a sharper definition of what counts as materially novel or especially dangerous.

This is one of the central tensions in frontier AI governance. A company may be sincere in restricting access to a powerful model, yet the public examples it uses to justify those restrictions can quickly be tested against a rapidly improving open ecosystem. Once that happens, the question is no longer just whether the flagship model is strong, but whether the restricted capability is already diffusing.

The article’s framing suggests that this is exactly what is happening in AI-assisted cyber research. Capabilities that recently looked exceptional may now be replicable at lower cost and with more openness than some vendors have implied.

The Competitive Meaning for the Model Market

There is also a commercial angle. Anthropic’s positioning around Mythos depends partly on the belief that it sits in a rarefied tier of offensive cyber capability. If publicly available or semi-open models can approximate much of the same work, the value proposition shifts.

That does not erase advantages in reliability, depth or end-to-end automation. But it does weaken the narrative that only one or two protected systems can perform meaningful autonomous vulnerability analysis. For buyers, evaluators and security researchers, this could accelerate benchmarking pressure across a wider set of models.

It may also strengthen the role of agents and toolchains rather than model weights alone. One of the replication efforts described in the source pairs frontier models with an open coding agent, which is a reminder that compound systems increasingly matter as much as a single model’s raw capability.

A Narrower Myth, Not a Collapse of Capability

The title of the source article is deliberately sharp, but the evidence described supports a more precise conclusion. The Mythos story is not collapsing because the model lacks capability. It is being narrowed because the examples used to dramatize its uniqueness are now being matched, at least in part, by smaller and more open alternatives.

That is still a major development. In AI, status often rests as much on comparative perception as on absolute performance. If the aura of exclusivity weakens, the strategic conversation changes.

For Developments Today readers, the core takeaway is this: the frontier in AI cyber capability may be spreading faster than institutional narratives can contain it. Anthropic may still have a powerful system. But if independent groups can reproduce much of its public showcase work with cheaper and more open models, then the real story is no longer just about one lab’s extraordinary tool. It is about a capability class becoming harder to monopolize.

This article is based on reporting by The Decoder. Read the original article.