x.com/Docneuroeo/status/2041838167259746669
1 correction found
found a 27-year-old OpenBSD bug that five million automated test runs missed
Anthropic did say Mythos found a 27-year-old OpenBSD bug, but the “five million automated test runs” detail refers to a different FFmpeg vulnerability, not the OpenBSD one.
Full reasoning
Anthropic’s own Project Glasswing announcement presents these as two separate examples. It says Mythos Preview found “a 27-year-old vulnerability in OpenBSD” and, separately, “a 16-year-old vulnerability in FFmpeg ... in a line of code that automated testing tools had hit five million times.”
Anthropic’s technical writeup also treats them as distinct cases. In the OpenBSD section, it says the OpenBSD bug was the most critical one they found there “after a thousand runs through our scaffold.” In the FFmpeg section, it says the FFmpeg weakness had been “missed by every fuzzer and human who has reviewed the code.”
So the post incorrectly fuses Anthropic’s OpenBSD example with its FFmpeg example. The OpenBSD bug was real, but the “five million automated test runs” claim was about FFmpeg, not OpenBSD.
2 sources
- Project Glasswing: Securing critical software for the AI era | Anthropic
The following are three examples: Mythos Preview found a 27-year-old vulnerability in OpenBSD ... It also discovered a 16-year-old vulnerability in FFmpeg ... in a line of code that automated testing tools had hit five million times without ever catching the problem.
- Claude Mythos Preview | red.anthropic.com
A 27-year-old OpenBSD bug ... This was the most critical vulnerability we discovered in OpenBSD with Mythos Preview after a thousand runs through our scaffold. ... A 16-year-old FFmpeg vulnerability ... Since then, this weakness has been missed by every fuzzer and human who has reviewed the code.