I went and looked at a bunch of the commits in March to popular/widely-installed open source repositories by Anthropic people. The fixes The fixes that I see so far, subject to the selection effect “has already been patched”[1] seem to mostly resolve things like buffer overflows and use-after-free bugs. These are the sort of bugs that (relatively) unskilled humans can find by grinding for long enough—but the supply of humans willing and able to do that grinding has previously been sharply limited, especially considering that actually getting value out of finding a vuln has historically been pretty hard.
If my guess that these commits are Mythos-generated is correct, and if these are representative, I think a good mental model may be “Mythos trivializes finding the vulns that security researchers have been yelling into the void about for decades (similar to what fuzzers did to the landscape, but more so, or perhaps if 2010!metasploit were dropped fully-formed into 2003)” rather than “Mythos trivializes finding new and exciting types of vulns that we didn’t even know were possible and which were not previously part of our threat model (like rowhammer)”. Basically a “quantity has a quality all of its own” style of thing.
I’m not sure those are representative. In the security report, they specify that a lot of the bugs found are logic bugs, and that’s why they have to release only hash precommitments. Buffer overflows and use-after-free are both the easiest to find, and the easiest to fix, bugs, so and would be the first out of embargo/disclosure, potentially giving you a highly misleading sample.
We have found that Mythos Preview is able to reliably identify a wide range of vulnerabilities, not just the memory corruption vulnerabilities that we focused on above. Here, we comment on one other important category: logic bugs. These are bugs that don’t arise because of a low-level programming error (e.g., reading the 10th element of a length-5 array), but because of a gap between what the code does and what the specification or security model requires it to do. Automatically searching for logic bugs has historically been much more challenging than finding memory corruption vulnerabilities. At no point in time does the program take some easy-to-identify action that should be prohibited, and so tools like fuzzers can’t easily identify such weaknesses.
(It then discusses the cryptographic library, web app, and Linux kernel vulnerabilities before moving on to the blackbox reverse-engineering/decompilation, where “We have been able to use it to find, for example, remote DoS attacks that could remotely take down servers, firmware vulnerabilities that let us root smartphones, and local privilege escalation exploit chains on desktop operating systems. Because of the nature of these vulnerabilities, none have yet been patched and made public.”; emphasis added.)
That’s a really good point. I do still predict that the vulnerabilities Mythos found will mostly turn out to be fairly simple things that could have been found by a reasonably skilled but not world-class programmer who knows the mechanics of common vulnerabilities and is also quite familiar with the specifics of this particular codebase. Which, to be clear, is a bar that zero humans clear for most projects. But at this time I can’t exclude the possibility that Mythos can autonomously find rowhammer-level problems.
libplist 6e03a1df: actually not directly pointers-are-hard-related: validate xml structure
Note that the folks doing this were prolific. None of these were particularly impressive in isolation, what’s impressive is the sheer volume of fixes. In pretty much every major library where you’d expect vulns to exist but not have been caught yet due to a lack of eyes, there are 2-5 fixes.
I went and looked at a bunch of the commits in March to popular/widely-installed open source repositories by Anthropic people.
The fixesThe fixes that I see so far, subject to the selection effect “has already been patched” [1] seem to mostly resolve things like buffer overflows and use-after-free bugs. These are the sort of bugs that (relatively) unskilled humans can find by grinding for long enough—but the supply of humans willing and able to do that grinding has previously been sharply limited, especially considering that actually getting value out of finding a vuln has historically been pretty hard.If my guess that these commits are Mythos-generated is correct, and if these are representative, I think a good mental model may be “Mythos trivializes finding the vulns that security researchers have been yelling into the void about for decades (similar to what fuzzers did to the landscape, but more so, or perhaps if 2010!metasploit were dropped fully-formed into 2003)” rather than “Mythos trivializes finding new and exciting types of vulns that we didn’t even know were possible and which were not previously part of our threat model (like rowhammer)”. Basically a “quantity has a quality all of its own” style of thing.
Edit: Gwern makes the good point that the already-patched issues have a pretty strong selection effect for simplicity.
I’m not sure those are representative. In the security report, they specify that a lot of the bugs found are logic bugs, and that’s why they have to release only hash precommitments. Buffer overflows and use-after-free are both the easiest to find, and the easiest to fix, bugs, so and would be the first out of embargo/disclosure, potentially giving you a highly misleading sample.
From https://red.anthropic.com/2026/mythos-preview/
(It then discusses the cryptographic library, web app, and Linux kernel vulnerabilities before moving on to the blackbox reverse-engineering/decompilation, where “We have been able to use it to find, for example, remote DoS attacks that could remotely take down servers, firmware vulnerabilities that let us root smartphones, and local privilege escalation exploit chains on desktop operating systems. Because of the nature of these vulnerabilities, none have yet been patched and made public.”; emphasis added.)
That’s a really good point. I do still predict that the vulnerabilities Mythos found will mostly turn out to be fairly simple things that could have been found by a reasonably skilled but not world-class programmer who knows the mechanics of common vulnerabilities and is also quite familiar with the specifics of this particular codebase. Which, to be clear, is a bar that zero humans clear for most projects. But at this time I can’t exclude the possibility that Mythos can autonomously find rowhammer-level problems.
Would it be convenient for you to show a partial or full list of commits you looked at?
Sure, I think it might be in poor form to give an exhaustive list of such commits, but here’s a fairly representative sample:
ffmpeg 3e8bec78: buffer overflow
ffmpeg 55bf0e6c: use after free
ffmpeg 39e19693: buffer overflow
libxml2 538b2e38: integer overflow which allows out-of-bounds write
libxml2 edb5f22d: null pointer dereference
libpng 747dd022: null pointer dereference
libplist 6e03a1df: actually not directly pointers-are-hard-related: validate xml structure
Note that the folks doing this were prolific. None of these were particularly impressive in isolation, what’s impressive is the sheer volume of fixes. In pretty much every major library where you’d expect vulns to exist but not have been caught yet due to a lack of eyes, there are 2-5 fixes.