George Hotz, the first person ever to unlock an iPhone, has a message for everyone panicking about Anthropic’s new AI model, Mythos: “Calm down.” Hotz, who famously cracked Sony’s PlayStation 3 and now runs the self-driving car startup comma.ai, said in a LinkedIn post that he could find a cheaper and faster zero-day than Mythos without bug bounty restrictions. His proposal was to run one zero-day a day until a major new model was released, to prove a point. “These things are not that hard to find in most software,” he wrote, directly targeting Anthropic’s claim that Mythos’ discovery of a 27-year-old OpenBSD bug and exploitation of FreeBSD’s NFS server for root access represents a turning point in cybersecurity.
The argument is that it is not encouraged and is not possible.
Hotz’s central argument is simple. Zero days are not uncommon as they are difficult to find. They are rare because once you find them, exploiting them is illegal and skilled hackers have better options. “Criminals will typically choose another job if they are less skilled,” he wrote.He’s not the only one who thinks so. AI researcher Gary Marcus called Mythos’ announcement “overblown,” pointing out that the Firefox exploit demonstrated by Anthropic had sandboxing disabled, but this was essentially a lab condition, not a real-world attack scenario. Yann LeCun, co-founder of AMI Labs and former chief AI scientist at Meta, put it bluntly: “Myth drama = self-delusional BS.”
I was able to do almost the same thing with a smaller, cheaper model.
The sharpest technical backlash came from AI security startup Aisle, which took the specific vulnerabilities highlighted by Anthropic and ran them in a small, cheap, and indiscriminate model. The flagship FreeBSD buffer overflow was detected in all eight models tested. Among them was one with just 3.6 billion active parameters and a cost of $0.11 per million tokens.Anthropic spent about $20,000 in tokens to find bugs in OpenBSD over 1,000 runs. Aisle’s point is that most of the core inference is already accessible in a model that anyone can run today, once the relevant code is isolated.That doesn’t mean Mythos isn’t real. Researchers who seriously looked into the Linux kernel exploit chain, which chained four vulnerabilities to gain root and creatively used kernel stack reading to bypass HARDENED_USERCOPY, said its sophistication was genuine. The autonomous exploit build rate jumped from less than 1% with Opus 4.6 to 72% with Mythos, a significant difference.But Hotz’s challenge remains unanswered. If it’s that groundbreaking, I hope they find a new zero-day at the same level without Anthropic’s help. No one has done it yet.
