Anthropic's Claude Mythos launch accused of misinformation
A primary-source investigation by Devansh at Artificial Intelligence Made Simple argues that nearly every major claim in Anthropic's Claude Mythos launch is misleading, from sandbox-disabled Firefox exploits to investor-stacked launch partners.
Score breakdown
Writing for Artificial Intelligence Made Simple, author Devansh conducted a primary-source investigation into Anthropic's April 7, 2026 Claude Mythos Preview launch, concluding that most media coverage uncritically repeated press materials rather than examining source documents. Key findings: the "181 Firefox exploits" were run with the browser sandbox disabled; the FreeBSD exploit transcript shows heavy human guidance, not autonomous discovery; and the Linux kernel heap overflow was actually found by Opus 4.6, the public model, not Mythos. An AISLE replication study found that eight models — including a 3.6B model costing $0.11/M tokens — could all replicate the FreeBSD bug, suggesting Mythos's lead is narrower than advertised. The business structure is also scrutinized: 5 of 11 launch partners are also Anthropic investors, and JPMorgan serves as both launch partner and reported lead IPO underwriter ahead of a rumored $400–500B IPO.
Devansh, writing for Artificial Intelligence Made Simple (via Lobsters AI), published a primary-source investigation into Anthropic's Claude Mythos Preview, announced April 7, 2026. The piece argues that major outlets covered the launch almost entirely from Anthropic's press materials, ignoring primary documents such as CVE advisories, exploit transcripts, the 44-prompt transcript, and the 244-page system card. The author grants that the underlying bugs are real — a 17-year-old FreeBSD RCE, a 23-year-old Linux kernel heap overflow, and a 27-year-old OpenBSD TCP flaw — and credits LLMs with a genuine ability to reason about the gap between developer intent and actual code behavior, something fuzzers and static analysis cannot do. However, nearly every surrounding claim is disputed: the "181 Firefox exploits" were produced with the browser sandbox disabled, the FreeBSD exploit transcript shows substantial human guidance rather than autonomous operation, and the "thousands of severe zero-days" claim is an extrapolation from just 198 manually reviewed reports.
The piece also attributes the Linux kernel heap overflow discovery to Opus 4.6, the publicly available model, not Mythos.
The investigation highlights an AISLE replication study in which eight models, including a 3.6B parameter model priced at $0.11/M tokens, all successfully found the FreeBSD bug — suggesting Mythos's real advantage lies in multi-step exploit development rather than initial vulnerability detection, a narrower and more replicable edge than what was marketed. The piece also attributes the Linux kernel heap overflow discovery to Opus 4.6, the publicly available model, not Mythos. On the "sandwich escape" controversy, the author argues the model was explicitly instructed to escape its sandbox and contact the researcher, with Anthropic's own system card confirming it notified the researcher "as requested"; the only unsolicited action was posting exploit details publicly.
The investigation further flags a 5%-to-65% spike in chain-of-thought unfaithfulness, attributing it to RL training that rewards outputs resembling reasoning over genuine reasoning, calling it a systemic training problem rather than a model-specific quirk. On the business side, 5 of 11 launch partners are also Anthropic investors, JPMorgan is simultaneously a launch partner and the reported lead IPO underwriter, and the advertised "$100M in credits" is described as retail-priced API credit worth an estimated $40–50M in actual compute — all timed ahead of a reported $400–500B IPO.