Did the "Claude Mythos" have an influence on the Linux kernel?

Posted by Caliboros@reddit | linux | View on Reddit | 26 comments

As most of you have probably heard, the creators of Claude have apparently developed an AI designed to find security vulnerabilities:

Claude Mythos. It’s supposedly soooo good that they can’t release it to the general public just yet. However, a select number of companies are allowed to use it.

It wouldn’t be the first time companies have slightly overestimated their models. Since everything is closed-source, we can’t really assess how good the model is....

However, the Linux Foundation also seems to have gained access to Mythos. If the model finds something here and it gets patched, we’ll all be able to see it. That’s why I’m asking: Have there been any security updates to the Linux kernel lately that were particularly notable, or just a large number of them?

[-]

hitsujiTMO@reddit

It's just another marketing trick. They've done this several times before.

They just want some hype before releasing.

They have documented a number of fixes for the Linux kernel, but they all seem to be very minor issues.

[-]

Significant_Phase194@reddit

But then how is it possible that an emergency meeting was called by the government with the CEOs of banks and some publicly traded companies?

Genuinely asking. I know this companies are shady, but I wanna see the full picture.

[-]

hitsujiTMO@reddit

Sam Altman pulled the same stunt back in May 2023 say AI needs immediate regulation as it has a potential of serious harm.

https://www.c-span.org/video/?c5070834/if-technology-wrong-wrong

What anthropic are doing right now is raising alarm bells saying this AI is so powerful it will find every bug in your system before you can.

Then they are going to say "we have a solution", we'll sell you access to Mythos so your devs can find those bugs first.

This isn't a mass panic situation, it's a sales pitch.

Anthropic have been using Mythos since February. Since that time they've leaked Claude code source, have had major outages and service disruptions.

If Mythos was really that powerful, would they really have had all those issues?

[-]

ConnaitLesRisques@reddit

Anthropic is a Gold Linux Foundation member (basically meaning they’ve paid for a higher-tier spot) so some coordinated marketing isn’t surprising. That’s largely what that level of membership gets you.

Greg KH’s “clanker-T1000” will probably be revealed to be Mythos, positioned as something that was under embargo until now for safety, with a bunch of advertorial coverage rolling out alongside it.

[-]

Significant_Phase194@reddit

But also Cisco, Broadcom, Amazon, Apple e Microsoft, bank CEOs and an emergency government meeting. How come? Like genuinely, I wanna understand

[-]

Melodic_Honeydew_314@reddit

This is very bad and is honestly pushing me to a BSD. I have hardware that supports it.

[-]

Peruvian_Skies@reddit

"Slightly" lol

[-]

MatchingTurret@reddit

Explain this.

[-]

Peruvian_Skies@reddit

Selection bias.

[-]

dnu-pdjdjdidndjs@reddit

in what?

[-]

Peruvian_Skies@reddit

Sampling PRs, I imagine.

[-]

dnu-pdjdjdidndjs@reddit

Why would the sampling change?

[-]

Peruvian_Skies@reddit

Due to selection bias, as previously stated.

[-]

dnu-pdjdjdidndjs@reddit

Why is there selection bias?

[-]

Peruvian_Skies@reddit

There could be several reasons. Why are you asking a random Reddit commenter as if I had just published a study about it?

[-]

dnu-pdjdjdidndjs@reddit

Because I wanted to make fun of you for saying complete nonsense

[-]

Peruvian_Skies@reddit

Oh. How is that working out?

[-]

dnu-pdjdjdidndjs@reddit

pretty well it seems

[-]

Peruvian_Skies@reddit

That's good. I'm happy for you.

[-]

dnu-pdjdjdidndjs@reddit

I don't need your commendations I already know I'm awesome

[-]

Peruvian_Skies@reddit

Great! Self-confidence is a precious thing to have.

[-]

g4n0esp4r4n@reddit

what do you mean by notable? you can read the commit yourself https://red.anthropic.com/2026/mythos-preview/

[-]

crudostrudo@reddit

Just to be sure, have you read it ? It was unable to do remote exploit but only found local buffer overflow that can cause privilege escalation, quite a common thing, as always good marketing from anthropic.
It's been 2 years since we're 6 month to AGI

[-]

MatchingTurret@reddit

Maybe.

Things have changed, Kroah-Hartman said. "Something happened a month ago, and the world switched. Now we have real reports." It's not just Linux, he continued. "All open source projects have real reports that are made with AI, but they're good, and they're real." Security teams across major open source projects talk informally and frequently, he noted, and everyone is seeing the same shift. "All open source security teams are hitting this right now."

[-]

seiha011@reddit

...ahhh! I must have misunderstood the Claude mythos when reading the headline. ;-)

[-]

El_McNuggeto@reddit

The big one they talk about is the heap buffer overflow in NFSv4.0 lock replay cache, apparently hidden for over 20 years

I also seen talk about some remotely triggerable memory corruptions and local privilege escalation chains but not too trustworthy sources so I'm taking these with a grain of salt

As far as I understood they're keeping the patches (both for linux and the other software/companies with mythos access) under wraps or at least out of the spotlight. It'll probably be disclosed what exactly mythos contributed later