The National Academies Launders Mythos: “Implications of AI for Cybersecurity”

The National Academies of Sciences, Engineering, and Medicine published a report on AI for cybersecurity that cites Anthropic's Mythos model as capable of finding 83.1% of vulnerabilities in CyberGym, but critics argue the claim is based on unverified vendor marketing and has been repeatedly disproven by independent tests showing similar results with open-weight models on consumer hardware.

In April “ The Boy That Cried Mythos https://www.flyingpenguin.com/the-boy-that-cried-mythos-verification-is-collapsing-trust-in-anthropic/ ” caught Anthropic collapsing its own credibility. In June “ Mythos dressed up in a coat, should be called Opus with a moat https://www.flyingpenguin.com/anthropic-fable-mythos-dressed-up-in-a-coat-should-be-called-opus-with-a-moat/ ” caught it again. Anthropic wants to play God, feed on claims only they can verify, which is to say it feeds beliefs based on lies. If that sounds harsh, think about how the God of cycling Lance Armstrong treated anyone who suggested he was doping. He sure got a lot of medals for “ livewrong https://www.flyingpenguin.com/livewrong/ “. Now the Mythos lies have spilled their way into a venue claiming to use a formal review process. A new National Academies document https://doi.org/10.17226/29493 NASEM freshly launders vendor marketing without any explanation. National Academies of Sciences, Engineering, and Medicine. 2026. Implications of AI for Cybersecurity: A Rapid Expert Consultation. Washington, DC: The National Academies Press. This should help clarify, for those who are wondering if we are dealing with a Lance Armstrong of LLMs. | NASEM Laundry June 2026 | Prior Evidence | |---|---| | Figure 1 plots Mythos at 83.1% on CyberGym as settled capability, sourced to “Wang et al. 2025” | The | repeatedly disproven https://www.flyingpenguin.com/anthropic-fable-mythos-dressed-up-in-a-coat-should-be-called-opus-with-a-moat/ . Mythos emailed out of its sandbox only after being instructed to try, showed no sign of altering its weights, and Opus 4.6 finds the same or better flaws opposite of novel https://www.flyingpenguin.com/freebsd-cve-2026-4747-log-suggests-mythos-is-a-marketing-trick/ . It was a curated recovery from a backlog of delayed fixes, which any model does. not the machine https://www.flyingpenguin.com/mythos-grading-mythos-got-patches-yet/ output IronCurtain harness https://www.provos.org/p/finding-zero-days-with-any-model/ , and clearbluejar https://clearbluejar.github.io/posts/system-over-model-tested-mythos-freebsd-local-openweight/ recovered CVE-2026-4747 on two open-weight models on a single consumer GPU. Discovery is provable as an orchestration problem, making the frontier-model unnecessary https://www.flyingpenguin.com/seventy-five-cents-gets-you-an-anthropic-mythos-killer/ . vendor marketing trick https://www.flyingpenguin.com/cartel-or-not-anthropic-mythos-is-a-curious-case/ . The June 2 expansion followed a June 1 confidential IPO filing near a one-trillion-dollar valuation, committing access and capital ahead of the promised verification, and several trialing firms are Anthropic investors curl maintainers reported no change to their workflow https://www.flyingpenguin.com/curl-toe-to-toe-with-mythos-big-nothingburger-leaves-bad-taste/ , and Mozilla’s headline of 271 Firefox vulnerabilities reconciles https://www.flyingpenguin.com/mythos-mystery-in-mozilla-numbers-how-22-vulns-became-271-or-maybe-3-in-april/ to just three versus the advisory not independent confirmation https://www.flyingpenguin.com/the-boy-that-cried-mythos-verification-is-collapsing-trust-in-anthropic/ unproven vendor capability as unproven