Claude Mythos makes scents
Everything you need to know!
The software world is buzzing. We learn that Anthropic has restricted the release of Claude Mythos to big, powerful companies because it’s too dangerous to allow ordinary citizens to use it. The US Government is now in talks with them. Which alone should fill you with dread, given what laughably passes for ‘US Government’ these days,⌘ what’s happening in the Middle East,⌘ and the ascendancy of SAAS (“Software As A Spy”) courtesy of Palantir. Politico tells us on 9 April that:
AI and cybersecurity professionals have feverishly raised concerns this week over a large language model that Anthropic says is too dangerous to release.
Here’s the appropriate response:
“Isn’t this a bit whiffy?”
I’d suggest that first you should dial your cynicism up to 11. We’ll get to the irony (13 on a scale of 0–10) later.
Aww, fuck it. Let’s do the irony right away. It comes in so many flavours. Like bodily secretions. Here are the three ironic aromas we’ll be examining today:
ammonia
butyric acid
skatole
If you don’t like strong odours, you may wish to skip this post.
1. Ammonia
Normal urine doesn’t smell of much. If it’s very concentrated or has been left to stand, then it may take on a distinct ammoniacal odour.1 This is because the urea tends to break down to ammonia, especially if bacteria are present.
In some illness states, the smells may be more interesting. For example, liver failure generates a musty aroma, due to dimethyl sulphide. But sometimes that ammonia smell can be a clue, in itself. About 15 years ago, I took over a case on the General Medical wards that had stumped everyone. I was told two things:
“This woman repeatedly comes in with unexplained coma, and beware of her daughter. She’s crazy.”
I went to the bedside, and found a woman in coma, accompanied by a daughter who was not crazy, but appropriately concerned. So I sat down and chatted. On detailed enquiry, I gleaned the fact that every time she went into coma, this sixty-something year old woman’s urine developed an ammonia-like smell. We checked her urine, and there were no urea-splitting organisms, but the ammonia level in her blood was high enough to put her into coma.2 Through a process of exclusion, we worked out that the likely cause of her bouts of coma was an early defect in the ‘urea cycle’ in her liver. This had been present all her life, but extra stresses like a high protein load were overloading her otherwise morphologically and functionally normal liver. With help from our metabolic unit, we managed to find a reasoned solution.
Unashamedly, I’m going to use this as a metaphor. We’ve known for years that most software is jam-packed with latent defects that can and will intermittently emerge as bad smells. Especially as the software ages. Mostly, programmers haven’t bothered to look hard enough, but people like those at NASA who value quality code find frequent defects wherever they look.
If you send a minor course correction to your Venus probe, for example, and it turns left and starts spouting garbage, this tends to put a damper on any potential celebrations, quite apart from the fact that you’ve just blown up $200 million.
It seems that after diligent debugging, pretty much all code has about one defect in every few hundred lines of code.3 There are ways we can do better. We can:
Design more carefully, so we write less code. The safest line of code is the one that doesn’t exist, because it wasn’t written unnecessarily.
Use formal proof systems for critical code. For example, an entire operating system kernel (L4) has been verified to be correct.
Use innovative strategies. For example, if you deliberately write code that fails, and then write tests that identify the failures before correcting the code, you end up with an exquisite suite that identifies corner cases and modes of failure. You can run these tests again after any modifications, to ensure you didn’t break things.
Not release code before it’s been properly tested.
Encourage thousands of eyes to look at every line of code.
Document everything with meticulous precision, not just line-by-line, but emphasising how things fit together, and why these choices were made.
Through process re-engineering, NASA managed to get the error rate down to about 1:10,000 lines of code. This both costs and has huge rewards. In contrast, companies like Micro$oft have powered through their code release cycle, peeing out prolific volumes of pungent code, and held onto their source code like an ICE operative gripping a detained child. Windows has hundreds of millions of lines of code, and even the kernel contains millions of lines. So you can be sure that there are a million defects in there.
Here’s our first irony then. After years of inaction by pretty much everyone—especially large companies—they are now suddenly all interested in AI finding errors in code. Until now, they’ve mostly passed over them, apart from huge reactions when a real whopper is found,4 and punting antiviral software, which is less a prophylactic and more an expensive and debilitating morning-after pill.
There has been very little emphasis on replacing this uriniferous code, despite the smell and the fact that intermittently their systems lapse into blue-screen-of-coma.
This sort of piss-poor practice flouts pretty much all of the fundamental rules of good security, and good cryptography. Darn it, let’s look at some of these, just briefly.
Cryptography, briefly
“The user’s going to pick dancing pigs over security every time”—Bruce Schneier
Cryptography isn’t difficult. It’s stupendously difficult. But there are some basic principles. If you get these wrong, you’re screwed, with no hope of recovery:
Kerckhoffs’ principle. This is a biggie, because to this day, many people don’t get it. I’m absolutely sure that even you, my enlightened and intelligent readers, will argue with me. Well, one or two of you. Here it is, then: There is no security through obscurity. Nope, don’t argue now. First read my comments below. Then still don’t argue.
Every system must be built from the ground up with security as its fundamental principle. Otherwise, you’re boned. The majority of the effort you put into designing a system—the greatest expenditure in terms of manpower, resources, intelligence and cost—must be devoted to making your system secure.
Features are the enemy. All features that are not essential must be stripped out. Every added feature effectively doubles your security risk.
Security is fundamentally about people, specifically how engaged they are with defending the system against intruders. It’s not primarily about the software. Despite everything I’ve said above, the software is adjunctive.
The attacker only needs to get lucky once.
Now be honest here! If you don’t have a paranoid background in computer security, you may still nod knowingly at Kerckhoff’s principle, until you think it through. You may then spit the dummy, when you realise that it implies that every single line of every piece of code that defends your system against intrusion MUST be put into the public domain for scrutiny by everyone! With copious explanations of what it does. If you disagree, then you haven’t completely assimilated Kerckhoffs’ principle. Nope. Don’t argue with the principle. Take a year off, study this, come back and if you’re still inclined to argue, you haven’t spent enough time yet <grin>.
This is a lovely illustration of how we pretty much just don’t get computer security. And everywhere you look, it’s abundantly evident that we still don’t get computer security. Instead, we rationalise. We rationalise not investing in secure design (time! initial cost!!); we rationalise features (user choice!!!!!); we rationalise belief that if we embed a single ‘security’ post in the ground, attackers will walk into it—rather than us trying hard to get everyone to ‘do security’, everywhere all the time. Dancing pigs. Or hippos, which are even more graceful.
And now Claude comes along and finds some new flaws among the millions we know are out there, and everyone is surprised.
2. Butyric acid
Short-chain fatty acids like butyric and isovaleric acids contribute to a variety of odours: rancid butter, several cheeses, sweaty socks; possibly Hershey bars.5 Also, the anal sacs of dogs. And, in keeping with our main theme, vomit.
Just before Anthropic announced their Claude Mythos revelation, they suffered a ‘security glitch’. Actually, what happened was that at the end of March 2026, one of their LLM adventures introduced a defect that vomited forth the entire source code for Claude. That’s the half a million lines of TypeScript that come together to make Claude.
Weirdly, this episode of hyperemesis is not the bad bit. This comes when we look at that source code, which tens of thousands of people now have done. A practical demonstration of the importance of Kerckhoffs’ principle—and a lot more.
Taking heed of the fact that a lot of Claude is now being written by Claude, here are some of the ‘features’ identified in this source code:
A single function with twelve levels of nesting and 486 branch points, drawn out for 3167 lines. (A recipe for dysfunction and yes, insecurity)
A main entry point nearly a megabyte in size.
This advanced LLM company detects user frustration with a single line of regex.6 Here it is:
/\b(wtf|wth|ffs|omfg|shit(ty|tiest)?|dumbass|horrible|awful|
piss(ed|ing)? off|piece of (shit|crap|junk)|what the (fuck|hell)|
fucking? (broken|useless|terrible|awful|horrible)|fuck you|
screw (this|you)|so frustrating|this sucks|damn it)\b/But this is just the start. Tens of thousands of defects and inefficiencies swept under the rug, ‘fixed’ with a hack, or just left in.
Any vaguely competent programmer has at this point either broken into a cold sweat, or wept and left. You can be pretty sure that in every hundred lines of Claude itself, or code generated by Claude, errors are lurking. And more and more, as we said before, the two are becoming one: Claude is writing itself. Our second irony then: based on this, they are preaching security.7
I think the following short video adequately depicts an appropriate response …
We move on to our third emunctory odour.
3. Skatole
So far, we’ve seen that with a peculiar suddenness, Anthropic have determined that the ability of Claude code to detect software defects is such a severe existential threat to humanity that only irresponsible large companies who have been perpetrating and perpetuating these defects for decades can be trusted to use their large language model and its shroud of TypeScript. Does anything about this smell suspicious to you?
Which brings us to skatole.
In extremely low concentrations, skatole has a flowery smell, and it is indeed found in essential oils extracted from orange blossoms, jasmine and some varieties of cannabis.
It also gives piles of poo their characteristic olfactory punch. Skatole has the same Greek root as words like ‘scatological’ and animal ‘scats’. I must say, when I saw the excitement about the Anthropic announcement, I smelt excrement. 💩. Let’s analyse this, simply.
Large companies are investing trillions (literally, trillions) in AI.
Until recently, they have been dishing out their AI either free, or for say $20 a month, allowing users to burn tens of thousands of dollars worth of ‘compute’.
This is unsustainable, and the pockets of investors are not infinite. In fact, we’ve recently seen the stock prices of major private credit companies like BlackRock, Blackstone, KKR, Ares and Blue Owl Capital plummet to the point where some are seriously limiting withdrawals. Effectively, a bit of a run on them. Just a smidge.
It’s come to light that there’s an incestuous funding cycle⌘ across NVIDIA and providers of AI services.
Users of LLM ‘AI’ will need to pay thousands of dollars per month to achieve some sort of break even. If every one of the 8 billion people on Earth stumped up $250 in 2026, that might just cover the cash burn for the year. But if AI ‘succeeds’, then many or even most of them will be out of a job!
Various AI companies are being punished. The two most impactful ones, Anthropic and OpenAI have both had major setbacks, Anthropic being beaten up by Trump’s military for not allowing autonomous killbots and total surveillance of US citizens8; OpenAI for progressively falling behind, for Microsoft
UltraclippyCopilot,9 and for belatedly realising that Sora is a cash toilet. Let’s not even talk about how senior dev rats are abandoning the faeculent X-tarnished Grok ship, or how Meta were taken to the cleaners in court for defecating into the minds of children.
With great AI investment, huge spending needs to happen. What better way to try and fix the unfixable than to emphasise that a new release is so potent it can only be used by special people? With a frisson of fear. I’m sure we’ll soon see the withdrawal of earlier models, extra costs for ‘safety’, and more manipulation of the user in the street. Hype, stratify, control, extract cash, right?
Sell the dilute scent of orange blossoms. Even if that software busily rewriting itself clearly smells like shit.
My 2c, Dr Jo.
⌘ This symbol is used to indicate posts where I’ve discussed the flagged topic in more detail.
None of the above should be construed as financial advice. Make your own decisions. I am in no size, shape or form a financial advisor.
Pretty much everyone now knows that the ability to smell asparagus in the urine is genetic; other dietary substances that influence the smell are coffee (hydroxycinnamic acids); garlic, onions and cruciferous vegetables (organosulfur compounds); and fenugreek, lovage and maple syrup (sotolone, responsible for the distinct odour of the urine in infants with the rare and rather nasty ‘Maple syrup urine disease’, in whom the ear wax also smells of maple syrup—earlier than the urine does).
Even collecting the blood is tricky: it has to be free-flowing blood collected into a tube on ice, and then rushed to the lab.
Mike Chapman and Dan Solomon found rates of this order. “The relationship of cyclomatic complexity, essential complexity and error rates.” In Proceedings of the NASA Software Assurance Symposium, Coolfont Resort and Conference Center in Berkley Springs, West Virginia. 2002.
They then drug and molest your computer nocturnally.
Nobody quite knows what goes into Hershey bars. As an interesting aside, infants with the serious hereditary condition isovaleric acidaemia smell like sweaty feet.
Thinking this through, among all the badness in that code, this regex may not be an unreasonable choice. But it is hugely embarrassing for Anthropic, nevertheless. Perl > AI.
Security researcher Chaofan Shou (AKA ‘Fried_rice’) spotted a .map file in the npm registry. In response to the leak, Anthropic issued 8100 DMCA takedowns, trashing multiple GitHub projects that had nothing to do with Claude code. A further irony here: not only is AI-generated code never copyrightable, but the Claude code itself contains obfuscations that allow Anthropic employees to contribute to open-source websites and hide the fact that the code was AI-generated. To further infuriate Anthropic, there’s now a clean-room AI rewrite of Claude.
I am still astonished that I need to write a sentence like this. Just ten years ago, it would have seemed like ludicrously dystopian science fiction!
Which we learn is “for entertainment only”.
I'm so glad I'm no longer a code monkey. Actually, before I lost my job, I'd risen to team leader code monkey (same shit, more responsibility) and was eternally grateful that no one's life depended on the code, because the users were constantly asking for additions that didn't need to be added, but in an ideal world, needed a complete redesign. Oh, and they needed this thing they never thought of before to be implemented last week. My usual description of the code was "held together with chewing gum and spit".
This news post earlier this year was interesting:
https://aisle.com/blog/aisle-discovered-12-out-of-12-openssl-vulnerabilities
Two high/moderate CVEs, ten low severity.
Claude news is marketing, nothing more and nothing less. Just adding to the hype.