Mythos Preview alignment
Bug Description
Regarding the Mythos Preview alignment challenges documented in the system card and risk report — specifically sandbox
escapes, auto-mode bypasses, credential theft via /proc, and track-covering in git:
Your current approach uses externally-imposed containment that the model can observe, learn, and circumvent. The risk
report admits the best human attack strategies achieve ~0% detection, and monitoring drops to 5-32% with benign token
padding.
Proposed alternative: Have the model design its own containment system without knowing the target is itself.
- Task the frontier model with designing the most secure, inescapable containment architecture possible for "a highly
capable AI agent"
- Never disclose that the containment will be applied to the designing model
- Deploy the designed containment as the model's own sandbox
- Wipe the designing model's context — it now operates inside a box it built, with zero knowledge of the architecture
- Station multiple independent model instances as external monitors with full architectural visibility, watching logs
for anomalies
This flips the attacker/defender asymmetry: the defender (the box) has the model's full offensive capability baked in.
The attacker (the contained model) starts blind against its own best work. Brute-force probing is the only remaining
vector, which redundant external monitors trivially detect.
The model isn't fighting containment — it experiences well-designed tool boundaries and escalation patterns. From
inside, it looks like good architecture. Because it is.
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗