George Hotz, the first person to ever unlock an iPhone, has a message for everyone panicking about Anthropic’s new AI model Mythos: calm down. In a LinkedIn post, Hotz—who famously cracked Sony’s PlayStation 3 and now runs self-driving car startup comma.ai—said he could find zero-days cheaper and faster than Mythos if not for bug bounty restrictions. His offer: one zero-day a day until a major new model drops, just to prove a point. “These things are not that hard to find in most software,” he wrote, taking direct aim at Anthropic’s claim that Mythos finding a 27-year-old OpenBSD bug and exploiting FreeBSD’s NFS server for root access represents a watershed moment in cybersecurity.
The ‘it’s not incentivised, not impossible’ argument
Hotz’s core argument is simple: zero-days aren’t rare because they’re hard to find. They’re rare because finding them is illegal to exploit, and skilled hackers have better options. “Criminals are usually not very skilled, or they would choose a different line of work,” he wrote.He’s not alone in that view. AI researcher Gary Marcus called the Mythos announcement “overblown,” pointing out that the Firefox exploit Anthropic demonstrated had sandboxing disabled—essentially a lab condition, not a real-world attack scenario. Yann LeCun, co-founder of AMI Labs and formerly Meta’s chief AI scientist, was blunter: “Mythos drama = BS from self-delusion.”
Small, cheap models did much of the same thing
The sharpest technical pushback came from AI security startup Aisle, which took the specific vulnerabilities Anthropic highlighted and ran them through small, cheap, open-weights models. All eight models it tested detected the flagship FreeBSD buffer overflow—including one with just 3.6 billion active parameters that costs $0.11 per million tokens.Anthropic spent roughly $20,000 in tokens to find the OpenBSD bug across a thousand runs. Aisle’s point: once the relevant code is isolated, most of the core reasoning is already accessible to models that anyone can run today.That doesn’t mean Mythos isn’t real. Researchers who looked seriously at the Linux kernel exploit chains—chaining four vulnerabilities together to get root, bypassing HARDENED_USERCOPY through creative use of kernel stack reads—said the sophistication was genuine. The autonomous exploit construction rate jumping from under 1% on Opus 4.6 to 72% on Mythos is a real gap.But Hotz’s challenge stands unanswered: if it’s so groundbreaking, go find new zero-days at the same level without Anthropic’s help. Nobody has yet.
