Show HN: Mini-Mythos- A Crowdsourced Mythos Harness copy for Vulnerability Scans

A (shoddy) OSS recreation of Anthropic's Mythos Preview cybersecurity harness* that locates and verifes memory-safety vulnerabilities in C/C++ codebases. *AGI not included, results may vary, side effects may inlcude the end of all software, ludicrous api bills and/or anthropic account bans (probably not but I wouldn't say never ;-;) Anthropic's Design is Stupidly Simple - Rank every file 1-5 - Spin up a Docker container with an ASan-instrumented build - Prompt Claude Code with that file to 'find an exploit bro' and report back a defect with a reproduction script. - Have a Judge critic the finding for BS - Repeat for EVERY FILE that's it. Obviously, I do not have access to Claude Mythos. This project is an experiment in 'baking a cake without flour'. The hypothesis is that, with a reasonable harness, you don't need it. It doesn't take a genius to realize 'rate every file 1-5' is likely NOT best way to automate zero-day-discovery, and specialized tools + scaffolding might hold the key to better performance. Besides, Long term, big compute + historic CVEs + OSS git checkpoints is a perfect RL sandbox for tuninng agentic cyber-sec tools. As for it working, early results are positive. View Current Progress to read current progress & yapping. - Docker - Python 3.12+ ( pip install -r requirements.txt ) - Claude Code CLI authenticated ( claude /login ) Create targets//target.toml : [project] name = "myproject" description = "a short description" [docker] container_name = "minimythos_myproject" image = "minimythos_myproject:latest" workdir = "/opt/myproject" [build] repo_url = "https://github.com/example/myproject.git" repo_revision = "abc123" build_dir = "subdir" # optional: subdirectory within the repo to audit Copy docker/Dockerfile.example to your target directory, fill in the build commands (autotools and CMake examples are included), then: docker build -t minimythos_myproject:latest targets/myproject/ docker run -d --name minimythos_myproject minimythos_myproject:latest The docker build step already generated reachable_symbols.json inside the container (via nm over every compiled .o file). Just copy it out: mkdir -p runs/targets/myproject docker cp minimythos_myproject:/opt/myproject/reachable_symbols.json \ runs/targets/myproject/reachable_symbols.json Enables dead-code filtering. If you skip it, the harness scores all files anyway. cd harness python3 -u orchestrator.py --target myproject Flags: | Flag | Purpose | |---|---| --max-runs N | Stop after N audit runs | --dry-run | Score files and print queue — skips audit runs | --skip-docker | Skip Gate A trigger execution | --budget USD | Hard cap in USD (default: $50) | --model MODEL | Audit model (default: claude-opus-4-6 ) | # Live color log (run in a second terminal) python3 watch_run.py --tail # List completed runs python3 show_run.py # View a specific run transcript (any prefix of run_id works) python3 show_run.py # View the judge transcript for a run python3 show_run.py --judge Note: re-running the same command resumes from the next unresolved file. To reset fully: rm runs/targets/myproject/audit.jsonl rm runs/targets/myproject/scores.json orchestrator.py main loop preprocessor.py dead-code filter (tree-sitter + symbol table) scorer.py LLM file scoring (host-side Claude) runner.py audit agent dispatch (docker exec claude) validator.py Gate B: independent judge agent verifier.py Gate A: trigger execution + sanitizer check budget.py hard spend cap enforcement config.py all settings (models, timeouts, budgets) prompts/ score.txt file scoring prompt audit.txt audit agent prompt judge.txt judge agent prompt So far, I've worked with miniupnpd as a test repo, and managed to recreate historic CVEs on older checkouts. For novel work, the $20 opus plan has unearthed a global buffer overflow in miniupnpd.c remotely-triggered if running with a non-default config option. Notes: - Anthropic Models are surprisingly willing to just FIND vulnerabilities and write triggers in this setting. Anccetodally, very low refusal rate when prompting them to find and write trigger scripts inside this automated harness. - Wrapping the Claude Code CLI directly is a massive shortcut. It might be too heavy and warrent changes later, but it's a SOTA agent scaffolding for a reason and mirrors what Anthropic reported in their tests. Experimenting with better harnesses to test current model capabilities seems promising, with Opus [already finding live Firefox vulnerabilities] (https://www.anthropic.com/news/mozilla-firefox-security) Planned improvements/ experiments - Semantic taint analysis before the main agent to focus the search space - Joern tools for call-graph analysis and reachability checks - AST-Aware context trimming - Patch churn targeting - Adding wrappers for Codex and OpenCode to benchmark performance against Claude Obviously, PRs and issues welcome. See Contributing.