OpenMythos trains an open security-focused language model
OpenMythos is an open-source trained for tasks. General-purpose often perform poorly in security work because they invent CVE details, miss real weakness patterns in code, and sound confident even when they are wrong. The training data came from 10,000 arXiv computer security papers, filtered down to about 1,840 higher-quality records focused on coding , plus a structured CVE dataset with affected code and repair context.
The training had two stages. First, taught the model tasks such as finding , explaining CVEs, reviewing code for security issues, and suggesting mitigations. Second, RLVR added a reward setup so the model would learn to check its own outputs, not just copy good-looking answers.
The setup used paired material from to make security answers more reliable.
Key points
- OpenMythos is an open-source focused on tasks.
- The stated problem is that general models can invent CVE facts and miss real code .
- The dataset includes filtered security papers and CVE records with affected code and repair context.
- Training used first, then RLVR to push the model toward checking its answers.
- For AI agents, this points to a possible lower-cost specialist model for steps.