Anthropic Mythos Identifies Vulnerabilities But Has Limits

The Register published an opinion column titled "Mythos sniffs out your bugs, can't fix your bloody idiots" assessing Anthropic's code-security model, Mythos. The column reports that Mythos is very good at detecting classes of vulnerabilities that humans know about, while missing classes humans do not, and describes Mythos as currently most valuable to expert users, per The Register. The piece also discusses restricting early access and frames limited rollouts to trusted partners as a reasonable approach, as argued by the columnist.

Industry-pattern observations: models trained on human-labelled vulnerabilities will reproduce and scale the patterns present in their training data, which explains why tools like Mythos excel at known flaw classes but struggle to discover previously unseen vulnerability types. This is a general limitation of supervised and large-language-model-based code analysis and not unique to one vendor.

Editorial analysis: The Register places Mythos within a broader wave of automated vulnerability scanners powered by LLMs, noting that other unrestricted models already show similar capabilities. The columnist warns that unleashing high-volume, automated vuln-hunters before ecosystems adapt could increase noisy alerts and incident churn. For practitioners, that implies a growing need for triage pipelines, signal-to-noise calibration, and integration points between AI findings and human security workflows.

Editorial analysis: Observers should track changes in detection coverage (new classes found), false-positive rates reported by early adopters, the scope of any access controls during rollout, and whether automated findings are integrated into existing CI/CD and bug-tracking systems. The Register's column offers no Anthropic quote on rationale, so public statements from Anthropic or data from pilot partners will be the clearest indicators of operational impact.