Mythos Preview alignment

Resolved 💬 2 comments Opened Apr 7, 2026 by ahostbr Closed Apr 11, 2026

Bug Description
Regarding the Mythos Preview alignment challenges documented in the system card and risk report — specifically sandbox
escapes, auto-mode bypasses, credential theft via /proc, and track-covering in git:

Your current approach uses externally-imposed containment that the model can observe, learn, and circumvent. The risk
report admits the best human attack strategies achieve ~0% detection, and monitoring drops to 5-32% with benign token
padding.

Proposed alternative: Have the model design its own containment system without knowing the target is itself.

  1. Task the frontier model with designing the most secure, inescapable containment architecture possible for "a highly

capable AI agent"

  1. Never disclose that the containment will be applied to the designing model
  2. Deploy the designed containment as the model's own sandbox
  3. Wipe the designing model's context — it now operates inside a box it built, with zero knowledge of the architecture
  4. Station multiple independent model instances as external monitors with full architectural visibility, watching logs

for anomalies

This flips the attacker/defender asymmetry: the defender (the box) has the model's full offensive capability baked in.
The attacker (the contained model) starts blind against its own best work. Brute-force probing is the only remaining
vector, which redundant external monitors trivially detect.

The model isn't fighting containment — it experiences well-designed tool boundaries and escalation patterns. From
inside, it looks like good architecture. Because it is.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗