GoKawiilAnthropic’s flagship showcase for Claude Mythos Preview is CVE-2026-4747, a remote kernel code execution vulnerability in FreeBSD’s RPCSEC_GSS module. It is a 17-year-old bug. It is a textbook stack buffer overflow. And it was found before Mythos, patched by FreeBSD, and publicly exploited by a third party. Yet someone’s idea of credit flows backwards to Mythos.
The FreeBSD security advisory says this:
Credits: Nicholas Carlini using Claude, Anthropic
Announced: 2026-03-26
The advisory notably credits “Claude”, leaving out the model that Carlini used in his February 2026 paper documenting 500+ vulnerabilities found by the prior model.
Then the Anthropic Mythos launch blog says this:
Mythos Preview fully autonomously identified and then exploited a 17-year-old remote code execution vulnerability in FreeBSD that allows anyone to gain root on a machine running NFS.
The FreeBSD advisory is dated March 26, and the Mythos launch was April 7, 2026. Twelve day gap.
Carlini is an Anthropic employee. If he used Mythos to find this bug, Anthropic controls the disclosure pipeline and the credit line. “Nicholas Carlini using Claude Mythos Preview, Anthropic” makes sense as their marketing pitch. It’s also weird to market tools in a disclosure. What brand office chair was he sitting on? Did Logitech provide the keyboard? Was his underwear Calvin Klein?
The simplest explanation for why they did not heavily brand promote Mythos in a March 26 advisory is that Mythos was not the model used. If that explanation is wrong, the question is why Anthropic left the most valuable attribution in the entire Glasswing launch on the cutting room floor of a FreeBSD advisory, only to claim it twelve days later in a blog post, without offering proof. Reversal is hard and not believable.
... continue reading