Small AI Models Match Mythos in Finding Vulnerabilities
Original: Small models also found the vulnerabilities that Mythos found
AISLE tested Anthropic's Mythos cybersecurity findings using small, open-source AI models. Results showed 8 out of 8 models detected Mythos's flagship FreeBSD exploit, with one 3.6B parameter model costing just $0.11 per million tokens achieving similar results.
Following Anthropic's April 7 announcement of Claude Mythos Preview and $100M Project Glasswing for finding security vulnerabilities, AISLE Platform Solutions tested whether smaller models could replicate Mythos's findings. They isolated code from Mythos's showcase vulnerabilities and ran them through small, open-weights models. Results were striking: all eight tested models detected the FreeBSD exploit, including a 3.6B parameter model costing $0.11 per million tokens. A 5.1B model recovered the core chain of a 27-year-old OpenBSD bug. On basic security reasoning tasks, small open models outperformed most frontier models from major labs. AISLE, which has discovered 15 OpenSSL CVEs and 180+ validated CVEs since mid-2025, concludes that AI cybersecurity capability is 'jagged' - it doesn't scale smoothly with model size, and the competitive moat lies in the system architecture rather than the model itself.
Why This Matters
Challenges assumption that larger AI models are necessary for cybersecurity tasks
Source
This article summarizes publicly available information from international media. It is not investment advice.