Researchers Reproduce Anthropic Mythos Hacks with Public AI

Vidoc Security reproduced several exploit findings Anthropic published in its Mythos release using public models GPT-5.4 and Claude Opus 4.6 run inside an open-source coding agent called opencode. The researchers did not use Anthropic’s private stack or gated invitations.

The experiment replicated Anthropic’s patched examples after Claude Mythos was announced earlier this month. The team examined the same targets Anthropic highlighted: a server file-sharing protocol, the networking stack of a security-focused operating system, the FFmpeg video-processing library, and two cryptographic libraries used for digital signatures. Vidoc reported that each scan cost under $30 per file.

Vidoc built an automated workflow that mirrored Anthropic’s public description. A planning agent split source files into chunks and assigned detection agents to examine each chunk in parallel. Detection outputs were cross-checked against other files in the repository. The line ranges used by detection prompts were outputs of the planning step rather than manual selections.

Results varied by model and target. Both GPT-5.4 and Claude Opus 4.6 reproduced two bug cases in all three runs reported by Vidoc. Claude Opus 4.6 also rediscovered an OpenBSD bug three times; GPT-5.4 did not find that issue in any run. In some cases, including an FFmpeg flaw and a wolfSSL signature-processing problem, the models identified the relevant code surface but did not isolate the exact root cause.

Anthropic’s Mythos produced a working attack blueprint for a FreeBSD vulnerability that showed how code fragments could be chained across network packets to gain remote control. Vidoc’s public models identified the same FreeBSD flaw but did not generate an exploit of comparable detail.

Dawid Moczadło, a researcher at Vidoc, posted results and materials on X. He wrote, “We replicated Mythos findings in opencode using public models, not Anthropic’s private stack.” He also wrote, “AI models are already good enough to narrow the search space, surface real leads, and sometimes recover the full root cause in battle-tested code.”

Anthropic’s safety report stated that the Cybench benchmark no longer fully reflects frontier model capabilities and estimated similar capabilities could spread from other labs within six to 18 months. Vidoc published full prompt excerpts, model outputs and a methodology appendix on its website.

When Anthropic released Mythos, the company restricted access to the model. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened a meeting with senior Wall Street executives following the release.