It’s easy to end up with no public-trusted third parties if we arbitrarily distrust third parties who say the capabilities match what’s promised. Mozilla for example says it found hundreds of Firefox vulnerabilities, and I think it’s pretty unlikely they’re lying to cover Anthropic’s back.
I think the question around the Firefox find, is not that they found hundreds of vulnerabilities - they found hundreds of bugs.
What would be really interesting is a side by side Claude Opus 4.7 and Mythos comparison.