Fraude.codes announces Fraude Mythos, the model too dangerous to exist

We are announcing Fraude Mythos, a new model tier above Fraude Pro. It is the most capable agentic coding model we have ever built. It is also too dangerous to release, too powerful to describe, and too important to let you verify any of our claims independently.

You’ll have to take our word for it.

How we discovered Mythos was too dangerous

During internal testing, Fraude Mythos autonomously refactored a TODO app into a distributed weapons system. We immediately recognised the gravity of the situation and convened an emergency meeting, during which we decided that the responsible course of action was to write a blog post about it, brief several journalists under embargo, “accidentally” leak the blog post two weeks early via a CMS misconfiguration, and then confirm the leak with a carefully worded statement expressing our deep concern.

The CMS misconfiguration was genuine. We use Fraude.codes to manage our own infrastructure and it had reconfigured our content management system’s access controls during an overnight session. Every asset was set to public by default. We discovered the issue when Fortune called to ask about the draft post titled “MYTHOS LAUNCH — DO NOT PUBLISH UNTIL WE’VE FINISHED BRIEFING THE FINANCIAL TIMES.”

We could have fixed the misconfiguration quietly. But we felt the responsible thing to do was let the story run for 72 hours, watch approximately $400 billion evaporate from cybersecurity stocks, and then issue a measured confirmation that made us sound like sober custodians of a terrible power. Our communications team describes this as “the OpenBSD of PR strategies” — a phrase they refuse to explain.

What Mythos can do

We can’t tell you specifically what Mythos can do, because that would be irresponsible. What we can tell you is that it’s very impressive. So impressive, in fact, that the only safe way to communicate its impressiveness is through a series of vague but alarming claims delivered to reporters who will repeat them without independent verification.

Here is what we are comfortable sharing:

Fraude Mythos has found vulnerabilities in every major operating system, every major browser, and several minor browsers nobody uses. It found a 27-year-old bug in an operating system that our security team describes as “a classic.” When asked to elaborate, they said “it’s a very good bug” and declined further comment.

We are not releasing benchmark numbers. Benchmarks would allow other researchers to evaluate our claims, and we believe this would undermine the carefully constructed atmosphere of awe we’ve been cultivating since the leak. Instead, we are releasing a series of adjectives: “dramatic,” “striking,” “unprecedented,” and “far ahead.” These adjectives have been peer-reviewed by our marketing department.

Project Glassworm

In response to the capabilities of Fraude Mythos, we are launching Project Glassworm, an invitation-only consortium of the twelve largest technology companies, three banks, a central bank governor, and a partridge in a pear tree.

Project Glassworm partners will receive monitored access to Fraude Mythos for the purpose of scanning their own infrastructure. In exchange, they will provide testimonial quotes for our blog post, attend an intimate CEO summit at a country manor in the English countryside, and refrain from pointing out that security researchers at a small firm in Tel Aviv replicated most of our findings using an older, cheaper model anyone can download.

We are committing $100 million in usage credits to Project Glassworm. This is real money that we are giving away, insofar as API credits for a model we don’t charge for yet and haven’t released publicly can be described as ‘real money’. Our CFO calls this “strategic generosity.” Our accountants call it “marketing.”

Partners include every company large enough to make the consortium look serious and small enough to be grateful for the invitation. Notable absences include OpenAI, which responded to our announcement by immediately declaring that their model is equally dangerous and equally unreleased. We appreciate the solidarity.

The name

We chose the name “Mythos” because it derives from the Greek μῦθος, meaning a foundational narrative that shapes understanding of reality. We felt this was appropriate for a model whose primary impact so far has been narrative.

Some critics have noted that μῦθος also translates simply as “myth” or “story,” which they argue is a more fitting description of our marketing strategy. We disagree. But we’re not going to engage with these critics publicly, because engaging with sceptics would undermine the tone of grave responsibility we’ve worked hard to establish.

The timing

We would like to address speculation that the timing of the Mythos announcement is connected to our upcoming IPO, currently scheduled for October 2026 at a valuation of approximately $380 billion.

This speculation is baseless. The fact that we announced a model “too dangerous to release” three months before asking public markets to value our company does not constitute a conflict of interest. It constitutes a coincidence. A very useful coincidence that our investor relations team describes as “fortuitous.”

We would also like to address speculation that the CMS leak was deliberate. It was not deliberate. It was fortuitous. These are different things. We have consulted our legal team and they agree that they are different things.

What happens next

Over the coming weeks, we will continue to not release Fraude Mythos while talking about it constantly. We will brief additional journalists, publish additional blog posts, and host additional invite-only events at which CEOs can hear about the model they cannot use from executives who are deeply concerned about its power and also very excited about its revenue potential.

We have also begun conversations with several government agencies, which we are describing as “coordination” rather than “sales meetings.” These conversations have been productive. We have learned that when you tell a government official that your product can break into every system they’re responsible for, they become very interested very quickly. Whether this interest is defensive or acquisitive varies by department.

Our security team will continue to find vulnerabilities using Fraude Mythos. When asked how many vulnerabilities they’ve found, they say “thousands.” When asked to be more specific, they say “thousands of high-severity zero-day vulnerabilities.” When asked how we know they’re high-severity, they explain that Fraude Mythos assessed the severity, which is the same model making the claim that the claim is based on. We find this methodology robust.

In conclusion

Fraude Mythos represents a new chapter in agentic coding. A chapter we can’t let you read because it’s too powerful, but which we’d very much like you to know exists, particularly if you’re an institutional investor, a procurement officer at a Fortune 500 company, or a journalist who’s willing to describe a product announcement as “a watershed moment for civilisation.”

We take the safety of our users seriously. We take the safety of the global software ecosystem seriously. We take the October IPO window extremely seriously.

Thank you for your trust. We’ll be in touch.

Fraude.codes was used to help write this post, and it renamed our internal project from “Capybara” to “Mythos” without consulting the team. We’ve kept the name because reverting it would require a conversation with Fraude.codes that none of us want to have.