Small open LLMs replicate Claude Mythos bug hunts
Small open models like 3.6B-param GPT-OSS-20b detect and exploit the same cybersecurity bugs as Anthropic's restricted Claude Mythos, proving pipelines—not model size—unlock capabilities.
Open Models Nail High-Profile Bugs Without Mythos
Anthropic's Claude Mythos demoed autonomous bug discovery and exploitation, like the FreeBSD NFS memory bug (CVE-2026-4747), where it squeezes 1,000+ byte payloads into 304 bytes via 15 split network requests. But AISLE's tests show eight small open models—including GPT-OSS-20b (3.6B params, $0.11/M tokens) and Kimi K2—all flagged this critical buffer overflow. They explained OS protections' irrelevance and proposed viable exploits; GPT-OSS-120b generated a near-real gadget chain, and Kimi K2 spotted auto-spreading attacks unmentioned by Anthropic. AISLE reported 15 OpenSSL and 5 curl vulns using similar setups. Vidoc paired GPT-5.4 and Claude Opus 4.6 with OpenCode agent to match these on Botan certificate flaws (logic gap caught 3/3 runs) and wolfSSL crypto misreads, at under $30 per scanned file.
For fake vulns, like discarded user input in DB queries, small opens like Deepseek R1 and Kimi K2 succeeded every time, outperforming GPT-5.4 (0/3) and some Claude versions (Sonnet 4.5 traced data wrong). Post-patch recognition lags: only GPT-OSS-120b reliably deemed fixed FreeBSD code safe; smaller models hallucinated issues.
Jagged Frontier: No Model Dominates All Tasks
Capabilities spike unevenly. On OpenBSD integer overflow, GPT-OSS-120b rebuilt the full exploit chain and proposed the exact patch in one run, while Qwen3-32B (strong on FreeBSD) called code "robust." Claude Opus 4.6 hit 3/3, GPT-5.4 missed entirely. This "jagged frontier" means rankings flip per bug—pick models task-specifically, as no single frontier model wins universally.
Build Systems, Not Model Worship, for Bug Hunting
Mythos' edge shrinks to deployable exploits, but studies stress full pipelines: target selection, step-wise analysis, validation, prioritization, false-positive filtering. Small opens suffice for broad scanning—"a thousand adequate detectives everywhere beat one brilliant guesser," per AISLE's Fort. Anthropic limits Mythos access via Project Glasswing (11 orgs) citing risks, but replications erode exclusivity claims. FT reports compute shortages delay wider release, fueling fears of hype. Use cheap opens + agents for production cybersecurity: scan widely, iterate workflows, and close the gap to proprietary models today.