I keep getting the feeling that this is just a massive ad compaign.
“Our AI is so good we need to hold it back!” followed by releasing an incrementaly better model…
I remember when the PS2 was so powerful that it could send nuclear missiles.
It is 100% just advertising…
You cannot believe a single word any of the AI companies are peddling unless they are verified by unencumbered third parties
The security blog writeup is here:
https://red.anthropic.com/2026/mythos-preview/
They’ve described several patched CVEs and disclosed the hashes of writeups that are currently undergoing the responsible disclosure process.
It lists quite a few, so I’ll be checking back when the vulnerabilities/exploits are patched and disclosed.
From the blog’s site:
About the blog
Welcome to red.anthropic.com, the home for research from Anthropic’s Frontier Red Team (and occasionally other teams at Anthropic) on what frontier AI models mean for national security. We provide evidence-based analysis about AI’s implications for cybersecurity, biosecurity, and autonomous systems.
This is Anthropic paid people, peddling Anthropic successes…
Yes I understand, but I’m also putting the direct claims right there, not filtered through Anthropic’s PR or an article from the IT industry press interpreting those PR statements.
These are real CVEs that have actually been submitted to the code maintainers for both FOSS and closed source software that is foundational to the computing world. Some of them are published in this post. And many more are simply described with a hash of the full writeup indicating that they have it written out and are waiting for the patches to be applied. I’m especially interested in the Virtual Machine Monitor and the exploits for jumping out of browser sandboxes for “all major browsers.”
Some of the published CVEs in the blog post seem pretty serious, especially the FreeBSD remote root access for devices running NFS. The OpenBSD one is a critical DOS vector, and the FFMPEG one is just a bug that doesn’t seem to actually expose the software to any practical exploits but should still be patched.
But they’ve staked it out with their public disclosure of the hashes and a description of a few of the problems. These are big bold claims that are provided in a format that will be easily falsifiable in due time. And treating it as just marketing fluff ignores the shades of gray that actually apply to corporate claims.
Yes I understand, but I’m also putting the direct claims right there, not filtered through Anthropic’s PR or an article from the IT industry press interpreting those PR statements.
How do you know Antropic’s PR is not in this? certainly all these employees have signed NDAs about inner workings of the company they work for. Do you really think any of them would post something like “yeah, we found a vulnerability but it’s basically a typo that could not be seriously exploited”?
These are real CVEs…
Regarding this… I just saw another post where people were challenging ffmpeg about accepting PRs from Anthropic and their answer was that the PR were written by humans, not any of the Anthropic Ai, so even if the whole scenario is real, it may not have the intervention of Ai they are claiming
… And treating it as just marketing fluff ignores the shades of gray that actually apply to corporate claims.
This is really a corporate problem of their own making and their responsibility to fix. They have lied so much, I do not owe then a single iota of trust.
If they want to be trusted, they should be truthful. It’s really that simple
This is really a corporate problem of their own making and their responsibility to fix. They have lied so much, I do not owe then a single iota of trust.
The statements can stand for themselves, evaluated on the merits of the claims, regardless of authorship. That’s how these things should work. Someone who has a great history of finding vulnerabilities still has to stand by each exploit/proof of concept they write, on its own merits. On the flip side, the corollary to the adage that a broken clock is still right twice a day is that you can’t just say “oh the broken clock said this so I can ignore it.”
Do you really think any of them would post something like “yeah, we found a vulnerability but it’s basically a typo that could not be seriously exploited”?
The blog post literally describes exactly that, for ffmpeg. And several of the other described vulnerabilities sound like they’re in that category of “here’s a bug but we didn’t find an exploit.”
Simply refusing to engage with these big claims just because of the source is an irresponsible way to approach cybersecurity.
even if the whole scenario is real, it may not have the intervention of Ai they are claiming
…who cares? If it’s a real bug and a real PR addressing the bug, why does authorship or methodology matter?
It’s just the ad hominem fallacy (or the close relative, appeal to authority). Let the actual substance stand and fall on its merits. Read the described vulnerabilities and exploits and decide whether you think those need to be patched and how critical/severe the bugs/vulnerabilities are.
And maybe your priorities are different from mine, but the core of the claim (we found some vulnerabilities) trigger a responsibility to address them (confirm and patch). I don’t care about marketing or corporate interests or whatever in those circumstances, I’m just focused on fixing problems that have been found.
The statements can stand for themselves, evaluated on the merits of the claims, regardless of authorship.
Sure but where is the practicality of that? According to your POV here, companies can claim whatever and it’s my job now to figure out if they are lying or to what extent. I have already lived through that and decided their output is completely untrustworthy so I rather wait for a trustworthy source before giving them any credit. I am not claiming 100% of what Anthropic says is a complete lie, I am saying I cannot trust it at face value.
On the flip side, the corollary to the adage that a broken clock is still right twice a day is that you can’t just say “oh the broken clock said this so I can ignore it.”
Funny you use this saying because a broken clock is never right, reality momentarily aligns with it, which is a completely different thing… and even then, for every minute of the day, a clock is still wrong 1438 times a day… I would rather not use suck broken clock as a reference AT ALL
The blog post literally describes exactly that, for ffmpeg. And several of the other described vulnerabilities sound like they’re in that category of “here’s a bug but we didn’t find an exploit.”
Case in point, they do not claim that in the title or intro. Their entire intro (in the blog you posted) is all about how amazing Mythos is
…who cares?
People like me who rather not keep feeding the Ai hype. Assuming these vulnerabilities are real and could have been exploited, yes I am happy they get fixed. But I am never giving credit to “Ai” unless it is an absolute certainty Ai did it and did it better than humans would
pretty sure it’s all companies you shouldn’t ever believe… advertising = lies
Correct.
There may have been a time where advertising was honest but nowadays, the Help Desk rule applies “never believe a customer unless they are confessing”.
If a company is making a claim that benefits them, you cannot believe it without independent, third party corroboration. If they are confessing to wrong doing, you should assume it’s 10x worse than what they are stating.
It absolutely reeks of desperation, too. When you can’t sell on hype, fear is the next thing you move towards.
MythOS, MythOS, where have I seen this name before? Oh yes, a VR game I am replaying called BONEWORKS, released in 2019.
These guys can’t stop stealing from others can they