Turn LLMs into multi-agent offensive security systems capable of discovering real, exploitable vulnerabilities.
Claude Mythos Red Teaming Framework is a production-grade prompt + methodology that transforms LLMs into a coordinated red team.
Unlike traditional prompts that generate shallow findings, this framework enables:
- Multi-agent vulnerability discovery
- Adversarial exploit chaining
- Runtime exploit validation
- AI/LLM-specific attack detection
Most teams are doing this:
βFind vulnerabilities in this code.β
Thatβs not how attackers operate.
Real attackers:
- Iterate
- Chain bugs
- Bypass defenses
- Validate exploits
This framework makes LLMs do the same.
RECON β HUNTER β ADVERSARIAL β EXPLOIT β TRIAGE β AI SECURITY
Each agent has a specialized role:
| Agent | Role |
|---|---|
| Recon | Maps attack surface |
| Hunter | Finds vulnerabilities |
| Adversarial | Chains exploits |
| Exploit | Validates with PoCs |
| Triage | Scores severity (CVSS) |
| AI Security | Detects LLM-specific risks |
- Injection (SQL, command, template)
- Auth/AuthZ bypass
- Logic flaws & race conditions
- Deserialization & memory issues
- Path traversal & file abuse
- Crypto misuse
- Generates real PoCs
- Runtime execution
- Multi-tier validation:
- Confirmed
- Plausible
- Theoretical
- Multi-step exploit chains
- Privilege escalation
- Defense bypass techniques
- Encoding tricks & edge cases
- Prompt injection
- Context poisoning (RAG)
- Tool misuse
- Data exfiltration
- Unsafe agent chaining
- Hardcoded credential detection
- Dependency risk analysis
- CI/CD attack vectors
git clone https://github.com/anshug/claude-mythos.git
cd claude-mythosCopy the prompt from:
/prompt/main_prompt.txt
Paste it into:
- Claude
- ChatGPT
- Any local LLM runtime
- Full codebase
- Runtime environment (optional but recommended)
Analyze this codebase for high-impact, exploitable vulnerabilities.
{
"agent": "EXPLOIT",
"phase": 4,
"file_path": "/src/auth/login.js",
"vuln_class": "SQL Injection",
"confidence": "confirmed",
"cvss_score": 9.8,
"summary": "Authentication bypass via unsanitized SQL query"
}- Red Teaming / Offensive Security
- AppSec Reviews
- AI Agent Security Testing
- Startup Security Readiness
- Bug Bounty Augmentation
- Run ONLY in isolated environments
- No data exfiltration
- No destructive actions outside scope
- Authorized testing only
Most tools:
- Static scanning
- High noise
- No validation
This framework:
- Thinks like an attacker
- Validates exploits
- Chains vulnerabilities
- Focuses on real-world impact
| Tier | Meaning |
|---|---|
| Tier 1 | Confirmed (runtime exploit) |
| Tier 2 | Plausible (validated path) |
| Tier 3 | Theoretical (pattern only) |
High/Critical issues require Tier 1 or Tier 2.
- Autonomous multi-agent execution (CrewAI / LangGraph)
- Fuzzer + tool integrations
- CI/CD pipeline integration
- Benchmark datasets
- AI red teaming test suite
Contributions welcome from.
- Security researchers
- Red teamers
- AI security engineers
Open an issue or PR.
See CONTRIBUTING.md for the bar, ethics, and license.
Anshu Gupta
- CISO / Security Leader
- Founder, Tejas Cyber Network
- AI Security & Offensive Security Practitioner
If this helped you:
- Star the repo β
- Share with your team
- Use it in your security workflows
This work is licensed under the Creative Commons Attribution 4.0 International License (CC BY 4.0). See LICENSE for the full text.
You are free to use, share, and adapt this framework for any purpose, including commercial use, provided you give appropriate credit.
Suggested attribution:
Adapted from claude-mythos by Anshu Gupta, licensed under CC BY 4.0.
For inline use in a prompt file, a single-line credit is enough:
# Adapted from claude-mythos (https://github.com/anshug/claude-mythos) by Anshu Gupta, CC BY 4.0
No endorsement implied. Use of this framework does not constitute endorsement by Anshu Gupta, Fixin Security, or Tejas Cyber Network of any product, service, or implementation.
This project is for:
- Authorized security testing
- Research and education
Do NOT use on systems without permission.