Frontier models can vanish overnight. Control is the new frontier in security AI.See why

"Mythos" at Home, and It's Called AISLE

Author

Stanislav Fort

Date Published

Mythos at home - blog hero

A startup out of Europe built an AI system that matches Mythos on zero-day discovery, using widely available models, even air-gapped. You've probably never heard of it. Here's the evidence.

You've heard about Mythos, Anthropic's headline-making AI, powerful enough to be restricted to a handful of trusted US-based organizations, and then abruptly pulled from customers after a US government directive suspended access by non-US nationals worldwide.

Well, we at AISLE match it at zero-day discovery on some of the most hardened software on Earth, and sometimes even beat it, with every finding independently confirmed by the projects' own maintainers and tracked publicly.

This isn't a claim that we match Mythos at writing exploits or at general reasoning. It's a claim about the part that defenders actually need and depend on, which is finding and fixing real vulnerabilities before anyone can chain them into an attack. At that, we at AISLE undoubtedly match Mythos, and in this post I will demonstrate the relevant public evidence. The defensive capability the whole world is suddenly afraid of losing was, fortunately, never locked inside Mythos in the first place.

The receipts

We're not grading our own homework here: every claim below comes from public security advisories and maintainer-assigned CVE credits (the public IDs for confirmed vulnerabilities), not our say-so. Anthropic, and for that matter AISLE, may also have private or embargoed findings not yet visible in the open. For fairness, this comparison uses only the public record.

Here's the short version, and you don't need to know any of these codebases to check it:

  • An independent scoreboard: UC Berkeley's Vulnerability Initiative, an academic effort to track the role of AI agents in zero-day discovery, ranks AISLE #1 in the world in three of its eight categories, ahead of every frontier lab, Google and Anthropic included.
  • FreeBSD, Anthropic's own showcase codebase for Mythos: in the same release cycle, the public tally is 3 CVEs for Anthropic to 3 for AISLE. We matched them on the codebase they chose, after the showcase issues had already been patched.
  • OpenSSL, the encryption behind most of the web: in the April 2026 release where the public record shows we were both active, AISLE was credited 5-to-1 on CVEs, and Anthropic's one was a bug we'd reported and fixed 63 days earlier (so our two systems met in the wild, so to speak).
  • curl, which runs on ~every device on Earth: of the five issues Mythos reported there, only one was a real low-severity vulnerability. Its creator called the hype “primarily marketing.” Since then, curl has entered a record wave of 12 confirmed vulnerabilities pending CVE announcements, we’ll count AISLE’s share when they are public (but it’s going to be more than one)
  • The track record: 200+ CVEs to date, found, fixed and publicly tracked using widely available or open-source-derived models, and a more effective system built around them, deployable even fully air-gapped

That's the short version. If you want the full breakdown, read on. If not, skip to "But isn't Mythos way more powerful?"

FreeBSD: Anthropic’s own chosen showcase

Anthropic picked FreeBSD, the open-source operating system that the PlayStation, among many other things, is built on, to demonstrate Mythos and its zero-day detection prowess to the world. It was the centerpiece of their launch, the codebase where Anthropic says Mythos found a 17-year-old remote code execution bug (which is "very bad" in security-speak) deep in the kernel's NFS server and autonomously built a working exploit chain around it.

Here's what didn't make the mainstream headlines, though. We pointed AISLE at the same codebase, after Anthropic had finished their FreeBSD scanning and remediation work and the showcase bug was already patched. We found three additional vulnerabilities, spread across the base system, all independently confirmed and publicly disclosed by the FreeBSD security team, each with a CVE assigned, with more still in the disclosure pipeline. One of them lets an attacker on your local network execute code as root on any machine running one common piece of networking software. For a local-network attack surface, that is very serious.

Could Mythos have quietly found these first and simply not been credited? No, that's extremely unlikely, and we can show it. When we and Anthropic independently found the very same OpenSSL zero-day (more on that later), the advisory credited both of us alongside each other. On these FreeBSD issues, only AISLE is named as a reporter. So the public advisory record gives no indication Anthropic reported them. What it does show is AISLE finding additional issues in the very codebase Anthropic chose to showcase Mythos, after the original showcase bugs had already been patched.

Counting the March 26 showcase bug and the April FreeBSD advisories, the public tally is Anthropic 3 CVEs, AISLE 3 CVEs. On the target they chose themselves, we matched the most celebrated security AI in the world, CVE for CVE, and we discovered ours after the showcase bugs had already been patched.

Pie Chart - With logos.

OpenSSL: the encryption under the entire internet

When you see the little padlock on the address bar in your browser, that's very often OpenSSL encrypting your connection. It secures an enormous share of the encrypted traffic on the internet. A severe vulnerability in OpenSSL can be about as close to a global emergency as software security gets, and finding a meaningful one in this codebase is considered a career achievement for a security researcher.

Over roughly half a year and three consecutive security releases (September 2025, January 2026, and April 2026), 23 zero-day vulnerabilities were disclosed in OpenSSL. AISLE discovered 20 of them and was credited in their public disclosures. Some had been hiding in the code for over 25 years, surviving decades of expert human review, large-scale fuzzing (for example by Google OSS-Fuzz), and every automated tool thrown at it. The legendary security researcher Bruce Schneier wrote that our results show “AI vulnerability finding is changing cybersecurity, faster than expected.”

The cleanest single data point for our comparison here is this: in the April 7, 2026 OpenSSL release, the public advisory credits Anthropic on exactly one vulnerability. And it was the same one we had reported, and written the fix for, 63 days earlier. So we know Anthropic was active in this codebase, though we can’t know whether they looked everywhere. In that April advisory, AISLE is credited on five issues and Anthropic on one of those five (as a co-reporter with us). On that release, in the public reporter-credit record, AISLE’s showing was 5 CVEs to Anthropic’s 1 CVE.

OpenSSL CVE Discoveries by Team

curl: the glue of the internet

While you've probably never heard of curl (unless you work in software), it's almost certainly on every device you own. Every smartphone, every smart TV, every car, every game console, every server, totalling over 20 billion installations worldwide. It's how machines talk to the internet. Its creator, Daniel Stenberg, said that over its 25 years of existence the codebase has been rewritten on average four times per line. It is one of the most scrutinized and secure codebases in the world, run by a small group of extremely dedicated engineers.

A Mythos scan of curl was run and sent to Stenberg. Of the five issues it reported as “confirmed,” his team found that exactly one was a real vulnerability, and a low-severity one at that. Of the rest, three were false positives, and one was, in his own words, “just a bug.” That result led him to write, publicly on his blog, that the hype around Mythos was “primarily marketing,” and that he saw “no evidence that this setup finds issues to any particular higher or more advanced degree than the other tools have done before.”

Among the “other tools” he's referring to, AISLE was named first. Over the past eight months, AISLE contributed tens of bug fixes and over a dozen confirmed vulnerabilities in curl, a codebase so hardened that finding anything real in it is genuinely remarkable. At least 5 of those CVEs are ours, with more in the disclosure pipeline right now.

That single low-severity finding from Mythos coincided with the onset of a massive wave of activity that has resulted in twelve confirmed vulnerabilities pending CVE announcements, many of which we expect will be credited to AISLE (but we'll count the next batch when it's public). Another extremely hardened codebase, another example of coming after Mythos and finding additional issues in the same hardened ecosystem.

Independent verification: don’t take my word for it

Everything above might sound like a founder hyping his own company. Fair enough, that’s why I am referring to the external record, advisories, and CVEs. But just in case, here's someone else's assessment.

Berkeley's Vulnerability Initiative

UC Berkeley's Vulnerability Initiative, an independent academic effort designed to understand the role of AI in zero-day discovery, tracks public CVEs attributed to agentic systems and ranks them across eight categories derived from public CVE data. AISLE came out #1 globally in three of them:

a) the total number of confirmed vulnerabilities found (where we're at a real disadvantage as a small startup next to competitors like Google and Anthropic), b) the breadth of vulnerability types discovered, which shows the universality of our technology and c) coverage of the most dangerous vulnerability classes tracked by MITRE (the organization that catalogs the world's cybersecurity threats).

Anthropic, with Mythos, ranked #1 in one category. Google in one. A small European team topped three of the eight, more than any frontier AI lab in an independent evaluation.

"But isn't Mythos way more powerful?"

This is a very common question I keep getting, and the answer is clearly: yes, in general it is almost certainly much more powerful. But on detecting zero-days, all the available evidence says it's just not a step change: we match it, and sometimes even beat it.

The Mythos announcement mixed together two very different cyber capabilities under the single scary headline of "AI for cybersecurity." Most people, including many who work deep in AI, heard one thing, but there were actually two.

The first capability is finding vulnerabilities (“zero-days”), which basically means spotting the flaws hidden in code. Think of it as finding loose bricks in a castle wall. This capability is exactly what AISLE is exceptional at.

The second capability is building exploits, which amounts to creatively chaining multiple flaws together into a working attack. This is figuring out, metaphorically speaking, which five bricks to pull, and in which order, to bring the castle wall down. This is the part that made the headlines, and it is possibly genuinely scary. (And Mythos is not unique even among frontier models: UK AISI found GPT-5.5 reached a similar level on its cyber evaluations.) Even here Anthropic is candid that exploit-writing is "a mostly mechanical process" of "chaining together well-understood primitives," and that, like human attackers, the model mostly reuses "known vulnerability classes" rather than inventing new ones. Impressive and fast, yes. Magic? Not at all. It just seems kind of mysterious to people outside of cybersecurity.

The most strategically relevant part, that basically everyone misses, is that defenders often do not need to win the exploit-construction game to make attackers lose. A defender just finds the loose bricks and cements them back in. Every brick you fix is one fewer move available to any attacker, no matter how creative they are. You don't have to understand the attack plan to ruin it. You just have to remove the pieces it depends on, the stepping stones out of which the exploit could theoretically be built. And the more flaws you remove, the less raw material any attacker has to chain together.

This is why the evidence above matters so much. AISLE doesn’t chain vulnerabilities into working exploits. We find and help fix vulnerabilities before they can be chained into something worse, making sure that defense wins by removing the very substrate out of which exploits could theoretically be built. And on that task, the task that most directly improves the defensive posture of real software, we match and beat Mythos, in some cases even using models you can run on your own hardware (see for example here). While the scary game makes for better headlines, the “boring” game of finding and fixing zero-days is what most directly protects real software.

How we do it (without the world's most powerful AI)

If we're not using Mythos, how do we match it? The short answer is that zero-day detection is a very specific kind of problem, one that is more like search than an IQ test, and search rewards a different set of strengths than raw intelligence per LLM token. The other part of the answer is that we really care about solving it, which, coupled with our limited startup budget, made us very innovative in how we approach the task.

Imagine you've lost your keys somewhere in an enormous building. You could hire one genius who intuits where to look. Or you could send a hundred competent people to systematically check every room in parallel. Both approaches find the keys. The second is cheaper, faster, and, crucially, doesn't depend on the genius being available, willing, or legally allowed to help you (which Mythos emphatically now is not, especially if you are outside the permitted access regime).

This isn't just our theory either, it's directly visible in Anthropic's own writeup. The widespread impression that Mythos somehow emergently knew where to look in the codebase is, by their own description, something far more ordinary: they rank a project's files by how interesting they seem, run many copies of the model in parallel (each reading a different file), and then filter the noise. In other words, a scaffold, a system, not a flash of machine intuition.

The insight that makes this work is something we call "the system over the model." The AI model does the heavy lifting, but what you wrap around it (the context generation, the multi-stage triage, the false-positive filtering, the patch generation) is where the real differentiation lives. A good system makes an ordinary model extraordinary. So "narrow tool vs. general model" was never the real contrast here, as being purpose-built for this one problem is an advantage, in the same way AlphaFold was purpose-built to predict protein shapes from sequences. And unlike a restricted frontier model, a good system is something you can own, improve, and run anywhere.

What the export ban actually proves

Three weeks ago, I gave a keynote to CIOs at NATO headquarters in Brussels, alongside speakers from OpenAI and NVIDIA. My message to the room full of senior cyber officials from 32 NATO member states was simple: if your cyberdefenses depend on a single US company, you are one government directive away from losing them. I’m sad to say that three weeks later, it happened. While many had foreseen it (including the prescient Europe 2031 scenario), it came significantly sooner than anyone expected.

The defensive capability that everyone is now afraid of losing, the ability to find and fix zero-day vulnerabilities in critical software, was fortunately never locked inside Mythos. As I’ve hopefully convinced you above, AISLE can run on widely available, even open-source-derived models, fine-tuned and scaffolded with care by security professionals. It can work on your own hardware, air-gapped, with no data leaving your environment. Governments may still regulate software, models, and services, of course. But no single provider can switch off a defensive workflow you own, run inside your perimeter, and adapt to your code.

“Mythos” at home

The question of whether AI can find vulnerabilities in critical infrastructure, the artisanal craft long reserved for elite hackers, was answered with a firm yes last year. It is a very difficult problem, but AI is now up to the task if used correctly. We proved it in 2025 with our first OpenSSL zero-days, and now Anthropic has, too.

Whether defenders globally get reliable, sovereign access to this defensive capability, without waking up one morning to find it's been switched off by someone else's government, is, however, a very different question.

We're a few dozen people in Prague, yet on the public zero-day discovery record, we matched the most hyped cyber-AI system in the world on some of the hardest targets it helped make famous. We did it based on models anyone can access or download, on hardware anyone can own, with security and AI research expertise we've spent years building.

You don't need Mythos to secure your code. You need a good system, deep security expertise, and models nobody can take away from you on a whim.

It turns out you've had “Mythos” at home all along, from Europe, with love.