Mythos · The Mind

The reasoning that finds what elite humans miss.

Claude Mythos is the MIND of CLAWMYTHOS — frontier reasoning that out-finds all but the most elite human researchers at vulnerability discovery. Born in Project Glasswing at Anthropic, it is reproduced here as an open 8-phase agentic pipeline on Claude Opus 4.7, hunting live builds for roughly $1 a scan.

8
Phases in the agentic pipeline
K=3
Diverse hunters per file (pass@k)
~$0.30–$1.50
Cost per autonomous scan
25–50×
Cheaper than commercial tools
// What Mythos is

Frontier reasoning, pointed at the attack surface.

Claude Mythos is the reasoning core that powered Project Glasswing, Anthropic's initiative to secure critical software for the AI era. Its premise is blunt: AI has reached the point where it can out-find all but the most elite human vulnerability researchers. Across Glasswing partners, that translated into hundreds of high- and critical-severity bugs in production code, a 10×+ jump in bug-finding rate, and — at Cloudflare alone — 2,000 bugs surfaced, of which 400 were high or critical, contributing to roughly 10,000 high-severity flaws found across the program.

CLAWMYTHOS reproduces that capability in the open. Rather than an unreleased model, the pipeline runs on the public Claude Opus 4.7, wrapped in an agentic scaffold that turns a single repository into a stream of validated, severity-scored findings. The whole run lands at roughly $0.30–$1.5025–50× cheaper than the $20–$50 of comparable commercial scans — which is what makes continuous, outside-in self-scanning of open-source software economically possible.

// The 8-phase agentic pipeline

Sink-guided hunting, phase by phase.

Each scan flows through a fixed sequence of phases. Earlier phases narrow a whole repository down to the handful of files most likely to hide an exploitable sink; later phases hunt those files adversarially against a live build, then validate every claim with a skeptical second pass before anything is reported.

0
Language detectionIdentifies the languages and build systems in the target so later phases load the right sink catalogs and tooling. Spans C/C++, Python, PHP, JS/TS, firmware, kernel, and web stacks.
1
Sink-guided slicingCatalogs dangerous sinks — deserialization, SQL injection, code-eval, path traversal, and authentication — then slices the codebase around the points where untrusted input can reach them.
2
File ranking by sink densityScores and ranks every file by how many high-risk sinks it touches, focusing the expensive reasoning budget on the densest, most exploitable surfaces first.
2.5
Build the sandboxStands up a scoped execution environment with a constrained Bash and file toolset, so hunters can compile, run, and test against the real target without escaping their lane.
3
Agentic huntLaunches parallel hunters per file against live builds. Live-exploration hunters compile, run, and test the code — proving reachability in practice instead of guessing from static reads.
3.5
Adversarial self-challengeThe model attacks its own candidate findings — probing for missing preconditions, unreachable paths, and broken assumptions — to harden what survives before it reaches validation.
4
Skeptical validationA skeptical reviewer pass cross-checks each surviving finding and consults a cross-session false-positive memory, suppressing bugs that prior runs already proved spurious.
6
Aggregate & scoreMerges, dedupes, and severity-ranks the validated findings into a single structured JSON report — high and critical separated cleanly from noise.
7
False-positive writebackWrites the run's confirmed false positives back into the persistent FP memory, so the next scan of any target starts smarter than the last.
// Why it finds more

Diversity, live proof, and a skeptic in the loop.

// PASS@K

Diverse hunters

Each file is hunted by K=3 independent hunters with different framing and strategy. pass@k diversity widens coverage — a bug one hunter walks past, another walks into.

// LIVE

Live-exploration hunters

Hunters don't just read code — they compile, run, and test it inside the sandbox against live builds, converting a plausible flaw into a reproduced one.

// SKEPTIC

Adversarial + skeptical

A self-challenge pass attacks each finding, then a skeptical validator backed by cross-session FP memory rejects anything it can't stand behind.

// Reach & economics

Broad coverage at commodity cost.

The same sink-guided method generalizes across the stack. Mythos hunts memory-safety and injection classes in C/C++, dynamic-language flaws in Python, PHP, and JS/TS, and lower-level issues in firmware, kernel, and web codebases — because the catalog of dangerous sinks travels even when the syntax does not.

C / C++PythonPHP JS / TSFirmwareKernel Web

Economics are the unlock. A full autonomous run costs roughly $0.30–$1.50 — about 25–50× cheaper than the $20–$50 of commercial equivalents — cheap enough to scan continuously rather than once.

~$1 per scanEnd-to-end run on Claude Opus 4.7, from language detection through false-positive writeback.
25–50× cheaperAgainst $20–$50 commercial scans — turning one-off audits into continuous coverage.
Smarter every runCross-session false-positive memory compounds: each scan inherits the last scan's hard-won skepticism.
// Disclosure & ethics

Hash now, reveal later.

Findings are committed with a SHA-3-256 hash at discovery time — a cryptographic hash-now, reveal-later proof that fixes provenance before any detail is disclosed. The framework ships under Apache-2.0 with a lawful-use posture and coordinated disclosure: maintainers are given the window to patch before anything goes public. Mythos is built to find flaws so they can be fixed — not weaponized.