RSS

"Mythos" at Home, and It's Called Aisle

goobreee2 pts0 comments

"Mythos" at Home, and It's Called AISLE - Stanislav Fort

Stanislav Fort

SubscribeSign in

"Mythos" at Home, and It's Called AISLE<br>A startup out of Europe built an AI system that matches Mythos on zero-day discovery, using widely available models, even air-gapped. You've probably never heard of it. Here's the evidence.

Stanislav Fort<br>Jun 17, 2026

11

Share

You’ve heard about Mythos, Anthropic’s headline-making AI, powerful enough to be restricted to a handful of trusted US-based organizations, and then abruptly pulled from customers after a US government directive suspended access by non-US nationals worldwide.<br>Well, we at AISLE match it at zero-day discovery on some of the most hardened software on Earth, and sometimes even beat it, with every finding independently confirmed by the projects’ own maintainers and tracked publicly.<br>This isn’t a claim that we match Mythos at writing exploits or at general reasoning. It’s a claim about the part that defenders actually need and depend on, which is finding and fixing real vulnerabilities before anyone can chain them into an attack. At that, we at AISLE undoubtedly match Mythos, and in this post I will demonstrate the relevant public evidence. The defensive capability the whole world is suddenly afraid of losing was, fortunately, never locked inside Mythos in the first place.

The receipts

We’re not grading our own homework here: every claim below comes from public security advisories and maintainer-assigned CVE credits (the public IDs for confirmed vulnerabilities), not our say-so. Anthropic, and for that matter AISLE, may also have private or embargoed findings not yet visible in the open. For fairness, this comparison uses only the public record.<br>Here’s the short version, and you don’t need to know any of these codebases to check it:<br>An independent scoreboard: UC Berkeley’s Vulnerability Initiative, an academic effort to track the role of AI agents in zero-day discovery, ranks AISLE #1 in the world in three of its eight categories , ahead of every frontier lab, Google and Anthropic included.

FreeBSD , Anthropic’s own showcase codebase for Mythos: in the same release cycle, the public tally is 3 CVEs for Anthropic to 3 for AISLE . We matched them on the codebase they chose, after the showcase issues had already been patched.

OpenSSL , the encryption behind most of the web: in the April 2026 release where the public record shows we were both active, AISLE was credited 5-to-1 on CVEs, and Anthropic’s one was a bug we’d reported and fixed 63 days earlier (so our two systems met in the wild, so to speak).

curl , which runs on ~every device on Earth: of the five issues Mythos reported there, only one was a real low-severity vulnerability. Its creator called the hype “primarily marketing.” Since then, curl has entered a record wave of 12 confirmed vulnerabilities pending CVE announcements, we’ll count AISLE’s share when they are public (but it’s going to be more than one)

The track record: 200+ CVEs to date, found, fixed and publicly tracked using widely available or open-source-derived models, and a more effective system built around them, deployable even fully air-gapped

That’s the short version. If you want the full breakdown, read on. If not, skip to “But isn’t Mythos way more powerful?”<br>FreeBSD: Anthropic’s own chosen showcase

Anthropic picked FreeBSD, the open-source operating system that the PlayStation, among many other things, is built on, to demonstrate Mythos and its zero-day detection prowess to the world. It was the centerpiece of their launch, the codebase where Anthropic says Mythos found a 17-year-old remote code execution bug (which is “very bad” in security-speak) deep in the kernel’s NFS server and autonomously built a working exploit chain around it.<br>Here’s what didn’t make the mainstream headlines, though. We pointed AISLE at the same codebase, after Anthropic had finished their FreeBSD scanning and remediation work and the showcase bug was already patched. We found three additional vulnerabilities, spread across the base system, all independently confirmed and publicly disclosed by the FreeBSD security team, each with a CVE assigned, with more still in the disclosure pipeline. One of them lets an attacker on your local network execute code as root on any machine running one common piece of networking software. For a local-network attack surface, that is very serious.<br>Could Mythos have quietly found these first and simply not been credited? No, that’s extremely unlikely, and we can show it. When we and Anthropic independently found the very same OpenSSL zero-day (more on that later), the advisory credited both of us alongside each other. On these FreeBSD issues, only AISLE is named as a reporter. So the public advisory record gives no indication Anthropic reported them. What it does show is AISLE finding additional issues in the very codebase Anthropic chose to showcase Mythos, after the original showcase bugs had already been...

mythos aisle anthropic public freebsd showcase

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

US Government directive to suspend access to Fable 5 and Mythos 5

Dylan131224 ptsfable government anthropic jailbreak access mythos

German ruling declares Google liable for false answers in AI Overviews

ahlCVA15 ptsgoogle court search overviews content users
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.