I get that this was probably difficult because of timing and such, but I wish Anthropic had announced at least one vulnerability in a closed-source program as part of the Mythos announcement. Since all the vulnerabilities announced at that time were in OSS, I think this contributed to the perception that the coming wave of security-research automation is specifically for programs where the LLM can look at the source code. (Anthropic claims that Mythos found vulnerabilities in closed-source programs, but that none of them had been fully patched yet as of the announcement, so didn't say what they were.)