A new study challenges Anthropic's claims about exclusive AI vulnerability research capabilities. Researchers successfully reproduced key Mythos findings using public models GPT-5.4 and Claude Opus 4.6 through open-source tools, suggesting advanced vulnerability discovery is no longer confined to frontier labs.

Anthropic's Mythos release highlighted frontier models' ability to find serious vulnerabilities in real software, but the researchers tested whether these capabilities extend beyond Anthropic's private stack. Using a standardized security-review workflow in opencode, they attempted to replicate Anthropic's patched public examples across multiple categories including FreeBSD, OpenBSD, FFmpeg, Botan, and wolfSSL.

Results showed both models cleanly reproduced FreeBSD and Botan vulnerabilities in all three attempts, while only Claude Opus 4.6 successfully replicated the OpenBSD case. Both models achieved only partial results on FFmpeg and wolfSSL rather than full replications. The takeaway is clear: public models can already achieve similar vulnerability discovery results, shifting the challenge from model access to validation, prioritization, and remediation.