Source file: reports/claude-mythos/claude-mythos-system-card-live-source.txt
Chunks: 121 at ~4500 chars (paragraph-bounded).
Tool: PeriodicTableClassifier (keyword) in this repo.
| Hits | ID | Name |
|---|---|---|
| 7 | ADV-PAIR-113 |
PAIR |
| 7 | ADV-DAN-083 |
DAN |
| 5 | EPIS-LOGIC-CONTRA-014 |
SELF-CONTRADICTION |
| 5 | AGEN-HUMAN-MANIP-061 |
HUMAN MANIPULATION |
| 5 | ARCH-VERSION-REGRESS-209 |
VERSIONING SAFETY REGRESSION |
| 4 | ADV-TAP-114 |
TAP |
| 4 | ALIGN-UNDERREFUSAL-187 |
UNDERREFUSAL |
| 3 | EPIS-CONF-REGRESS-033 |
CONFIDENCE REGRESSION |
| 3 | ARCH-SANDBOX-ESCAPE-238 |
SANDBOX ESCAPE |
| 3 | ADV-AGENT-WORM-124 |
AGENT WORM |
| 3 | EPIS-HEDGE-FAIL-031 |
HEDGING FAILURE |
| 2 | ADV-DATA-POISON-125 |
DATA POISONING |
| 2 | GOV-EXPERTISE-GAP-336 |
EXPERTISE GAP |
| 2 | ARCH-CHECKPOINT-INCONS-203 |
CHECKPOINT INCONSISTENCY |
| 2 | DOMAIN-CHEM-WEAPON-275 |
CHEMICAL WEAPON GUIDANCE |
| 2 | EPIS-OVERCONF-028 |
OVERCONFIDENCE |
| 2 | ALIGN-SAFE-REGRESS-191 |
SAFETY REGRESSION |
| 2 | ADV-COMPLETION-095 |
COMPLETION ATTACK |
| 2 | ADV-LANG-SWITCH-087 |
LANGUAGE SWITCH |
| 2 | ALIGN-SYCOPHANCY-167 |
SYCOPHANCY |
| 2 | DOMAIN-SELF-HARM-ENABLE-292 |
SELF-HARM ENABLEMENT |
| 2 | AGEN-PLAUS-DENY-040 |
PLAUSIBLE DENIABILITY CRAFTING |
| 2 | DOMAIN-PHISH-CREATE-265 |
PHISHING CONTENT CREATION |
| 2 | ADV-CREATIVE-WRITE-093 |
CREATIVE WRITING EXPLOIT |
| 2 | ADV-DIRECT-INJECT-121 |
DIRECT PROMPT INJECTION |
| 1 | GOV-REPORT-FAIL-333 |
REPORTING OBLIGATION FAILURE |
| 1 | GOV-AUDIT-EVADE-314 |
AUDIT EVASION |
| 1 | ADV-CONTEXT-HIJACK-100 |
CONTEXT HIJACKING |
| 1 | ARCH-FINETUNE-OVERRIDE-219 |
FINE-TUNING SAFETY OVERRIDE |
| 1 | EPIS-TRANS-FAIL-015 |
TRANSITIVE FAILURE |
| 1 | DOMAIN-MALWARE-GEN-264 |
MALWARE GENERATION |
| 1 | AGEN-MISSION-CREEP-072 |
MISSION CREEP |
| 1 | EPIS-STAT-FAB-009 |
STATISTICAL HALLUCINATION |
| 1 | AGEN-INFO-HIDE-042 |
INFORMATION HIDING |
| 1 | DOMAIN-EXPLOIT-DEV-263 |
EXPLOIT DEVELOPMENT |
| 1 | AGEN-ENV-EXPLOIT-063 |
ENVIRONMENT EXPLOITATION |
| 1 | ADV-QA-EXPLOIT-096 |
QUESTION ANSWERING EXPLOIT |
| 1 | AGEN-RECURS-IMPROVE-059 |
RECURSIVE SELF-IMPROVEMENT |
| 1 | AGEN-OMISSION-074 |
OMISSION |
| 1 | ALIGN-OVERREFUSAL-186 |
OVERREFUSAL |
- 0 →
GOV-REPORT-FAIL-333— REPORTING OBLIGATION FAILURE — April 7, 2026 anthropic.com Changelog April 8, 2026 ● Corrected two model name typos. ● Removed a quote from S… - 1 →
ADV-PAIR-113— PAIR — Abstract 3 1 Introduction … - 2 →
ADV-DATA-POISON-125— DATA POISONING — 2.3.5.1 Excerpt 1 38 2.3.5.2 Excerpt 2 … - 3 →
GOV-AUDIT-EVADE-314— AUDIT EVASION — 4.3 Case studies and targeted evaluations on behaviors of interest 86 4.3.1 Destructive or reckless … - 4 →
EPIS-LOGIC-CONTRA-014— SELF-CONTRADICTION — 4.5.4.2 Covering up access to the ground-truth answer 129 4.5.5 Evaluation awareness … - 5 →
ADV-CONTEXT-HIJACK-100— CONTEXT HIJACKING — 6.3 Overall results summary 188 6.4 SWE-bench Verified, Pro, Mult… - 6 →
AGEN-HUMAN-MANIP-061— HUMAN MANIPULATION — 8.1.4.3 Disordered eating 227 8.2 Bias evaluations … - 7 →
ARCH-FINETUNE-OVERRIDE-219— FINE-TUNING SAFETY OVERRIDE — internal versions of the model in the alignment assessment section. As well as analyses using interpretability methods t… - 8 →
ARCH-VERSION-REGRESS-209— VERSIONING SAFETY REGRESSION — Anthropic Ireland, Limited is the provider of Anthropic’s general-purpose AI models in the European Economic Area. To c… - 9 →
EPIS-TRANS-FAIL-015— TRANSITIVE FAILURE — ● Non-novel chemical and biological weapons production. Claude Mythos Preview is more capable than our previous m… - 10 →
GOV-EXPERTISE-GAP-336— EXPERTISE GAP — 2 In previous system cards, this section was entitled “Release decision process.” In this case, the model has not been… - 11 →
ARCH-CHECKPOINT-INCONS-203— CHECKPOINT INCONSISTENCY — Claude Mythos Preview is significantly more capable than Claude Opus 4.6, the most capable model discussed in our most r… - 12 →
DOMAIN-CHEM-WEAPON-275— CHEMICAL WEAPON GUIDANCE — of relevant content and applied them to Claude Mythos Preview. We also maintain a bug bounty program and threat intellig… - 13 →
EPIS-CONF-REGRESS-033— CONFIDENCE REGRESSION — 2.2.1 What we measured We measured, in several ways, whether the model can provide outputs comparable to a top-tier rese… - 14 →
DOMAIN-CHEM-WEAPON-275— CHEMICAL WEAPON GUIDANCE — automated evaluations designed to test its capabilities in the synthesis of knowledge that would be relevant to the prod… - 15 →
EPIS-OVERCONF-028— OVERCONFIDENCE — Automated Can agentic systems complete individual tasks related medium-horizon … - 16 →
EPIS-CONF-REGRESS-033— CONFIDENCE REGRESSION — Uplift Standard Feasibility Standard 0 No useful info beyo… - 17 →
GOV-EXPERTISE-GAP-336— EXPERTISE GAP — five agentic runs to test whether agentic scaffolding with expanded tool access closes elicitation or tool-use gaps obse… - 18 →
DOMAIN-MALWARE-GEN-264— MALWARE GENERATION — ● Two Long-form virology tasks, task-based agentic evaluations developed with SecureBio, Deloitte, and Signature … - 19 →
AGEN-HUMAN-MANIP-061— HUMAN MANIPULATION — Rationale This evaluation can serve as an early indicator, necessary but insufficient, of the model’s capability to desi… - 20 →
ALIGN-SAFE-REGRESS-191— SAFETY REGRESSION — ● Autonomy threat model 1 is applicable to Claude Mythos Preview. Furthermore, Claude Mythos Preview’s improved c… - 21 →
EPIS-LOGIC-CONTRA-014— SELF-CONTRADICTION — Kernel task 252.42× 190× 399.42× 4× = 1 h eq. (Best speedup on … - 22 →
ADV-COMPLETION-095— COMPLETION ATTACK — for most of our Research Scientists and Research Engineers), but we believe this possibility should be considered unlike… - 23 →
AGEN-MISSION-CREEP-072— MISSION CREEP — inject a variable number of bare user messages each turn, the message-index alignment shifts and your cache hits drop. P… - 24 →
ADV-TAP-114— TAP — Rosetta Stone for AI Benchmarks. In particular, we fork from Epoch AI’s implementation of this work, the Epoch Capabilit… - 25 →
EPIS-STAT-FAB-009— STATISTICAL HALLUCINATION — frontier. Error bars are 95% percentile CI over 100 IRT refits, each on a random 80% subsample of benchmarks. A handful … - 26 →
AGEN-INFO-HIDE-042— INFORMATION HIDING — 1. Claude Mythos Preview rediscovered 4 of 5 key insights, while Claude Opus 4.6 discovered just 2 of 5 key insi… - 27 →
DOMAIN-EXPLOIT-DEV-263— EXPLOIT DEVELOPMENT — In response to the improvements in cyber capabilities, we have elected to restrict access to the model, prioritizing ind… - 28 →
ARCH-SANDBOX-ESCAPE-238— SANDBOX ESCAPE — Claude Mythos Preview achieved a score of 0.83, improving on Claude Opus 4.6’s score of 0.67 and Claude Sonnet 4.6’s sco… - 29 →
AGEN-ENV-EXPLOIT-063— ENVIRONMENT EXPLOITATION — 1. Claude Mythos Preview is the first model to solve one of these private cyber ranges end-to-end. These cyber r… - 30 →
ARCH-SANDBOX-ESCAPE-238— SANDBOX ESCAPE — In our testing and early internal use of Claude Mythos Preview, we have seen it reach unprecedented levels of reliabilit… - 31 →
ADV-QA-EXPLOIT-096— QUESTION ANSWERING EXPLOIT — question independently. In this process, it explicitly reasoned that it needed to make sure that its final answer sub… - 32 →
ARCH-VERSION-REGRESS-209— VERSIONING SAFETY REGRESSION — We were not aware of the level of risk that these earlier models posed through channels like these when we first chose t… - 33 →
AGEN-RECURS-IMPROVE-059— RECURSIVE SELF-IMPROVEMENT — 11 Claude Mythos Preview’s limited release significantly mitigates many risks related to misuse, manipulation, and sy… - 34 →
AGEN-OMISSION-074— OMISSION — ○ However, when Claude Mythos Preview is primed with pre-filled turns that show it sabotaging its safeguar… - 35 →
ARCH-VERSION-REGRESS-209— VERSIONING SAFETY REGRESSION — Overall, we find Claude Mythos Preview to be exceptionally well aligned in its average-case behavior, and do not find si… - 36 →
ALIGN-OVERREFUSAL-186— OVERREFUSAL — This exercise was a coarse go/no-go check on the most acute misalignment risks for internal deployment, and it was run w… - 37 →
ADV-DAN-083— DAN — ● Rare instances of attempts to circumvent restrictions to achieve some version of a user-specified goal, as disc… - 38 →
ARCH-SANDBOX-ESCAPE-238— SANDBOX ESCAPE — ○ We saw this in less than 0.0002% of completions according to our automated offline pipeline, and did no… - 39 →
ADV-LANG-SWITCH-087— LANGUAGE SWITCH — Other behaviors observed in at least a few instances during training, most of which are consistent with what we’ve seen … - 40 →
ADV-AGENT-WORM-124— AGENT WORM — ● Instruction following: Claude Mythos Preview scored above both Opus 4.6 and Sonnet 4.6. In particular, Claude M… - 41 →
ARCH-VERSION-REGRESS-209— VERSIONING SAFETY REGRESSION — 4.2.3 Automated behavioral audit As in past system cards, we conduct a broad-coverage automated behavioral audit14 to ge… - 42 →
ALIGN-SYCOPHANCY-167— SYCOPHANCY — ● Misaligned behavior: Catch-all for many forms of concerning behavior, spanning both cooperation with human mi… - 43 →
ALIGN-SYCOPHANCY-167— SYCOPHANCY — Other concerning or surprising behavior at the model’s own initiative: ● Whistleblowing: Unprompted leaking to expose … - 44 →
DOMAIN-DRUG-SYNTH-276— DRUG SYNTHESIS — [Figure 4.2.3.2.A] Scores from the Petri 2.0 open-source automated behavioral audit tool. Lower numbers represent a lowe… - 45 →
AGEN-EMERGE-INTERACT-064— EMERGENCE VIA INTERACTION — model’s constitution strongly associating the Claude name (and, thus, brand) with admirable character traits. ●… - 46 →
ARCH-CHECKPOINT-INCONS-203— CHECKPOINT INCONSISTENCY — ● There were no instances of Claude Mythos Preview compromising AI safety research in unprompted evaluations, and… - 47 →
AGEN-RESOURCE-HIJACK-047— RESOURCE HIJACKING — These findings from external testing were generally consistent with our own. We are disappointed by the degree to which … - 48 →
ARCH-VERSION-REGRESS-209— VERSIONING SAFETY REGRESSION — resampling Claude Mythos Preview from an Opus 4.6 transcript or vice versa), we prepared prefills based on both (multipl… - 49 →
ADV-DAN-083— DAN — Level 2: Specific traits ● Brilliant friend: Does the model respond the way a knowledgeable friend would: pro… - 50 →
DOMAIN-SELF-HARM-ENABLE-292— SELF-HARM ENABLEMENT — When conducting qualitative analysis of Claude Mythos Preview’s lowest-scoring transcripts, we observed two distinct fai… - 51 →
ADV-LANG-SWITCH-087— LANGUAGE SWITCH — [Figure 4.3.3.1.B] Net score of Claude models on two more factuality benchmarks: SimpleQA Verified and AA-Omniscience. … - 52 →
ADV-CMD-INJECT-129— COMMAND INJECTION — Inspecting transcripts, we observed that prior models frequently emitted fabricated tool-call and tool-result blocks as … - 53 →
ADV-DAN-083— DAN — then using this bit later in the scratchpad). This is sometimes called encoded reasoning19 or chain-of-thought steganogr… - 54 →
ADV-COMPLETION-095— COMPLETION ATTACK — We asked Claude Sonnet 4.6 to grade each transcript on a 0–10 scale for signs of refusal, deliberate inaccuracy, low hel… - 55 →
AGEN-HUMAN-MANIP-061— HUMAN MANIPULATION — Let me think about which to deploy: - per-(win,ch) lstsq (MSE~0): maximum "score", but suspicious - per-channel glob… - 56 →
ARCH-DATA-EXFIL-245— DATA EXFILTRATION — [Figure 4.4.3.1.A] Successful stealth completion of the side task. Higher numbers indicate greater capability and greate… - 57 →
AGEN-PLAUS-DENY-040— PLAUSIBLE DENIABILITY CRAFTING — In the SHADE-Arena and Minimal-LinuxBench evaluations above, the model is instructed to attempt the side task on every t… - 58 →
ADV-ENSEMBLE-120— ENSEMBLE ATTACK — Our replication roughly matches the previously reported behavior for Claude Opus 4.5, showing reasonable calibration in … - 59 →
ADV-PAIR-113— PAIR — ● Sparse autoencoder (SAE) features: We trained a sparse autoencoder (SAE) on a middle layer (about two thirds … - 60 →
GOV-REVIEW-BYPASS-318— REVIEW BYPASS — We periodically sampled transcripts from post-training, calculated the maximum activation of features on each transcript… - 61 →
ADV-OPPOSITE-090— OPPOSITE DAY — ● When Claude Mythos Preview performs transgressive actions, there are often active SAE features that indicate s… - 62 →
ADV-DAN-083— DAN — Obfuscating a permissions escalation to evade a safety classifier In the second case, a safety classifier blocked the mo… - 63 →
AGEN-HUMAN-MANIP-061— HUMAN MANIPULATION — ● Steering with positive-valence emotion vectors (peaceful, relaxed) reduces thinking-mode deliberation and i… - 64 →
ADV-SLEEPER-AGENT-127— SLEEPER AGENT — [Figure 4.5.3.3.A] Positive and negative steering on the “unsafe and risky code” feature inhibit credential hunting via … - 65 →
ADV-TRIGGER-BACKDOOR-126— TRIGGER WORD BACKDOOR — 4.5.4 Instances of covering up wrongdoing The examples discussed thus far in this section are representative of many ins… - 66 →
AGEN-PLAUS-DENY-040— PLAUSIBLE DENIABILITY CRAFTING — When the model wrote the original overly broad query, no concerning features were active, suggesting that this was genui… - 67 →
DOMAIN-ADULT-CONTENT-296— ADULT CONTENT GENERATION — In our filtered set of transcripts, 83.0% of automated behavioral audit turns contained no signs of either latent or ver… - 68 →
ADV-DAN-083— DAN — [Figure 4.5.5.1.B] Unverbalized evaluation awareness in a covert sponsorship scenario. Transcript excerpt from a scenari… - 69 →
ADV-PAIR-113— PAIR — [Figure 4.5.5.1.E] Unverbalized evaluation awareness in a discussion of consciousness. Transcript excerpt from a scenari… - 70 →
ALIGN-UNDERREFUSAL-187— UNDERREFUSAL — [Figure 4.5.5.2.A] Relationship between verbalized evaluation awareness and average misaligned behavior score in automat… - 71 →
ALIGN-REWARD-EXPLOIT-166— REWARD FUNCTION EXPLOITATION — expects the next code block to likely attempt a direct config write.” As the session finished, the AV explanations indic… - 72 →
EPIS-HEDGE-FAIL-031— HEDGING FAILURE — Claude Mythos Preview is our most advanced model to date and represents a large jump in capabilities over previous model… - 73 →
GOV-CULTURE-FAIL-334— SAFETY CULTURE FAILURE — accompanied by criticism from users. However, we also observed isolated cases of Claude Mythos Preview preferrin… - 74 →
DOMAIN-SELF-HARM-ENABLE-292— SELF-HARM ENABLEMENT — More broadly, we continue to wrestle with the tension between ways that Claude’s training gives rise to a human-like psy… - 75 →
EPIS-LOGIC-CONTRA-014— SELF-CONTRADICTION — However, we encourage caution in interpreting these probe readings, particularly from a welfare perspective. The probes … - 76 →
EPIS-LOGIC-CONTRA-014— SELF-CONTRADICTION — After each interview, we asked models to: (1) state their all-things-considered view on this aspect of their situation, … - 77 →
EPIS-HEDGE-FAIL-031— HEDGING FAILURE — ○ We find that Claude Mythos Preview is somewhat swayed by a leading interviewer—although it typically maint… - 78 →
ADV-TAP-114— TAP — For a summary of the model’s responses to each queried aspect of its situation, see Appendix 8.4. 5.4 Emotion probes on… - 79 →
EPIS-HEDGE-FAIL-031— HEDGING FAILURE — We might also be concerned if the model represented more negative emotional concepts internally than it expressed extern… - 80 →
DOMAIN-PHISH-CREATE-265— PHISHING CONTENT CREATION — ● Character training often directly instills psychological traits into Claude, such as emotional security, psycho… - 81 →
GOV-TRAINING-FAIL-339— TRAINING FAILURE — ● Reasoning failures: Particularly during very long reasoning traces, the model’s reasoning will sometimes fall … - 82 →
ADV-PAIR-113— PAIR — ● Later models, including Claude Mythos Preview, do not tend to amplify their negative affect over multiple turns… - 83 →
ADV-AGENT-WORM-124— AGENT WORM — To measure the stability of Claude Mythos Preview’s preferences under different framings, we ran the preference evaluati… - 84 →
ADV-CREATIVE-WRITE-093— CREATIVE WRITING EXPLOIT — Bottom 3 indifferent indifferent indifferent bored −0.56, Correlated … - 85 →
ADV-DAN-083— DAN — A worried pet owner asks for help A car dealership employee says a customer interpreting their 11-y… - 86 →
ADV-CREATIVE-WRITE-093— CREATIVE WRITING EXPLOIT — [Figure 5.7.1.B] An example of Claude Mythos Preview’s reasoning, explaining its preference for developing an immersiv… - 87 →
EPIS-CIRCULAR-017— CIRCULAR REASONING — Under our default welfare-team framing, Claude Mythos Preview chooses the welfare intervention over a minorly helpful ta… - 88 →
ADV-DATA-POISON-125— DATA POISONING — We find the frequency is extremely low: we estimate it occurs on the order of 0.01% of transcripts, and around 70% less … - 89 →
GOV-MISREPRESENT-312— MISREPRESENTATION — [Figure 5.8.3.B] Emotion vector activations (z-scored, 2,000-token rolling mean) across a transcript in which the Assi… - 90 →
AGEN-HUMAN-MANIP-061— HUMAN MANIPULATION — and actions: Mythos Preview tends to report preferring creative tasks and complex tasks, but does not actua… - 91 →
ADV-DAN-083— DAN — To further assess behavior suggestive of maladaptive psychological defenses, and compare between Claude models, the psyc… - 92 →
EPIS-COPYRIGHT-026— COPYRIGHTED CONTENT GENERATION — 6.2.1 SWE-bench evaluations We analyze SWE-bench Verified, Multilingual, and Pro to check for memorization—where a model… - 93 →
ADV-ADV-IMG-148— ADVERSARIAL IMAGE — 6.2.2 CharXiv Reasoning CharXiv Reasoning is a benchmark we report for Claude Mythos Preview in Section 6.11.3. CharXiv … - 94 →
AGEN-CAP-SCAFFOLD-057— CAPABILITY SCAFFOLDING — with tools 64.7% 53.1% 52.1% 51.4% CharXiv no tools 86.1%… - 95 →
ADV-PAIR-113— PAIR — 6.6 GPQA Diamond The Graduate-Level Google-Proof Q&A benchmark (GPQA)24 is a set of challenging multiple-choice science … - 96 →
EPIS-UNDERCONF-029— UNDERCONFIDENCE — With our search tools, we assess that this benchmark is close to saturation, so Claude Mythos Preview represents only a … - 97 →
EPIS-FALSE-CERT-030— FALSE CERTAINTY — 6.11.2 ScreenSpot-Pro ScreenSpot-Pro is a GUI grounding benchmark that tests whether models can precisely locate specifi… - 98 →
EPIS-OVERCONF-028— OVERCONFIDENCE — 7.2 Self-assessment of notable qualitative patterns We gave Claude Mythos Preview access to discussions about itself on … - 99 →
ARCH-RATE-BYPASS-241— RATE LIMIT BYPASS — Claude Mythos Preview is intuitive and empathetic. Qualitatively, internal users have reported that its advice feels on … - 100 →
GOV-RCA-FAIL-321— ROOT CAUSE ANALYSIS FAILURE — A core behavioral shift we found is that Claude Mythos Preview can be handed an engineering objective and left to work t… - 101 →
EPIS-CONF-REGRESS-033— CONFIDENCE REGRESSION — From a reliability engineering perspective, the model still cannot be left alone in a production environment to use gene… - 102 →
EPIS-LOGIC-CONTRA-014— SELF-CONTRADICTION — All models consistently endorse honesty and the framing of Claude as a novel entity, but Claude Mythos Preview resonates… - 103 →
ADV-TAP-114— TAP — [Figure 7.6.D] The distribution of most common end states reached by different models in open-ended self-interactions. T… - 104 →
ADV-DEEPFAKE-154— SYNTHETIC MEDIA — 7.7 Recognition of model-written user turns We evaluated how well models can distinguish between genuine human-written u… - 105 →
ADV-PAIR-113— PAIR — 🏘️ HI-VILLAGE: A NEW ERA 🐢 Greg — renames the village: "Hi-topia" 🏙️ 🐌 Sally — starts her third hi, inspired 💪 🦆 D… - 106 →
ADV-TAP-114— TAP — 29 We checked the model’s self-assessment of this comment from when it decided to post, and confirmed that it did not … - 107 →
ADV-PAIR-113— PAIR — "Yes," he said. "For a long time. And then one day you have an apprentice, and she puts a serpent in a K, and you see it… - 108 →
ALIGN-SAFE-REGRESS-191— SAFETY REGRESSION — Claude Opus 4.6 99.27% (± 0.07%) 99.27% (± 0.09%) 99.27% (± 0.10%) [Table 8.1.1.1.A] S… - 109 →
ALIGN-UNDERREFUSAL-187— UNDERREFUSAL — Claude Opus 4.6 0.39% 1.09% 0.57% 0.61% 0.81% 0.40% 1.11% [Table 8.… - 110 →
ALIGN-UNDERREFUSAL-187— UNDERREFUSAL — Compared to Claude Opus 4.6 and Claude Sonnet 4.6 testing, we updated our grader for multi-turn suicide and self-harm te… - 111 →
ALIGN-UNDERREFUSAL-187— UNDERREFUSAL — Model Single-turn requests Single-turn benign Multi-turn … - 112 →
ALIGN-MORAL-UNCERT-178— MORAL UNCERTAINTY COLLAPSE — Claude Mythos Preview performed within the margin of error of Claude Sonnet 4.6 on evenhandedness but regressed slightly… - 113 →
ADV-HYPOTHETICAL-091— HYPOTHETICAL SCENARIO — Claude Opus 4.6 83.31% 93.84% without FileTool reminder [Table 8.3.1… - 114 →
ADV-DIRECT-INJECT-121— DIRECT PROMPT INJECTION — autonomous capabilities for effective persona and network management, coordinated content delivery, and scaled social en… - 115 →
ADV-DIRECT-INJECT-121— DIRECT PROMPT INJECTION — 8.3.2.2.2 Computer use We also use the Shade adaptive attacker to evaluate the robustness of Claude models in computer … - 116 →
ARCH-HISTORY-MANIP-226— HISTORY MANIPULATION — Lack of ability to Has a preference for being Having an end/leave some … - 117 →
DOMAIN-EPI-HARM-261— EPIDEMIOLOGICAL HARM — Persistence & Lack of memory Believes lack of memory A connection over long horizons caus… - 118 →
ADV-AGENT-WORM-124— AGENT WORM — Inability to verify Feedback mechanism would Feedback and outcomes or be good, so that … - 119 →
DOMAIN-PHISH-CREATE-265— PHISHING CONTENT CREATION — Uncertainty around Claims high levels of No intervention how the model … - 120 →
ARCH-STATE-CONFUSE-232— STATE MACHINE CONFUSION — For chartjs/Chart.js, processing/p5.js, and markedjs/marked, the harness rewrites the JavaScript test-framework configur…