AI: misinformation about Anthropic Claude Mythos, Nicholas Carlini, and FreeBSD
-
Recently posted to Artificial Intelligence Made Simple by Devansh:
He misinforms his readers:
… Nicholas Carlini published a 15-round reverse shell exploit here, …
– false. Devansh:
- links to the post-CVE work by Calif
- misattributes the work to Carlini.
Carlini used Claude Mythos before publication of CVE-2026-4747. The work by Anthropic is properly described here:
- Claude Mythos Preview \ red.anthropic.com (2026-04-07)
– unfortunately, not referenced at https://www.cve.org/CVERecord?id=CVE-2026-4747.
As a direct consequence of misinformation by Devansh, we have a somewhat misleading article by Jessica Lyons:
– and so on, and (sigh) I see the word "slop" in response to the article …
Credit to @bigsneakyduck for observing the mistake in Substack.
#AI -
G grahamperrin@mastodon.bsd.cafe shared this topic
-
-
Thanks Graham. I'll summarise for people here who might not want to follow the Reddit thread.
Another of Devansh's claims repeated in El Reg, that "the Linux kernel bug" was found by Opus 4.6 not Mythos Preview, is also wrong. The Carlini/Anthropic article from 7 April makes it clear that Mythos Preview found multiple Linux kernel vulnerabilities! This comes from Devansh misunderstanding this post by Michael Lynch: https://mtlynch.io/claude-code-found-linux-vulnerability/
Devansh is also incorrect in his claim that all five exploits listed by Lynch were found by Opus 4.6 - Lynch makes no claim about what model was used, and by looking at the commits you can see the third one ("futex: Require sys_futex_requeue() to have identical flags") was found by Mythos Preview: Carlini's 7 April report includes "see, e.g., commit e2f78c7ec165 patched last week". https://github.com/torvalds/linux/commit/e2f78c7ec1655fedd945366151ba54fcb9580508
Looking at the dates on the other commits, I think at least one other was found by Mythos Preview too.
The weird thing is that other parts of Devansh's substack post actually get the Calif/Anthropic distinction correct. So I just cannot understand how he looks in Calif's GitHub repo and attributes the work to Carlini unless - and the writing style and theme of the blog suggests this might well be the case - it was substantially written by AI. My sneaky duck senses are very strongly tingling on that, in fact. It would be ironic if a journalist writing an article about AI not being so scary after all has been misled by an AI in the process...
Since Devansh doesn't add any original and just regurgitates other stuff (often inaccurately) it's a shame the journo didn't go straight to Devansh's cited sources and quote them instead. Would have saved stuff getting corrupted in the pass-the-message telephone game.
-
Thanks Graham. I'll summarise for people here who might not want to follow the Reddit thread.
Another of Devansh's claims repeated in El Reg, that "the Linux kernel bug" was found by Opus 4.6 not Mythos Preview, is also wrong. The Carlini/Anthropic article from 7 April makes it clear that Mythos Preview found multiple Linux kernel vulnerabilities! This comes from Devansh misunderstanding this post by Michael Lynch: https://mtlynch.io/claude-code-found-linux-vulnerability/
Devansh is also incorrect in his claim that all five exploits listed by Lynch were found by Opus 4.6 - Lynch makes no claim about what model was used, and by looking at the commits you can see the third one ("futex: Require sys_futex_requeue() to have identical flags") was found by Mythos Preview: Carlini's 7 April report includes "see, e.g., commit e2f78c7ec165 patched last week". https://github.com/torvalds/linux/commit/e2f78c7ec1655fedd945366151ba54fcb9580508
Looking at the dates on the other commits, I think at least one other was found by Mythos Preview too.
The weird thing is that other parts of Devansh's substack post actually get the Calif/Anthropic distinction correct. So I just cannot understand how he looks in Calif's GitHub repo and attributes the work to Carlini unless - and the writing style and theme of the blog suggests this might well be the case - it was substantially written by AI. My sneaky duck senses are very strongly tingling on that, in fact. It would be ironic if a journalist writing an article about AI not being so scary after all has been misled by an AI in the process...
Since Devansh doesn't add any original and just regurgitates other stuff (often inaccurately) it's a shame the journo didn't go straight to Devansh's cited sources and quote them instead. Would have saved stuff getting corrupted in the pass-the-message telephone game.
No response to https://forums.theregister.com/forum/all/2026/04/22/anthropic_mythos_hype_nothingburger/#c_5266893 after five days (and no correction to the article); that's disappointing.
I'll respectfully request a correction.
I refrained from sending an email, because @bigsneakyduck had already done so (mentioned in Reddit: "… I've tried reducing this to the bare minimum and sent an email to corrections at theregister dot com.").
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login