Anthropic Gave Away Its Alignment Test Tool. The Numbers It Left Behind Are Uncomfortable.

Anthropic built a tool to test whether AI models would sabotage their own safety research. Now the company that made it has given the tool away.

On May 7, Anthropic donated Petri — its open-source alignment auditing framework — to Meridian Labs, an AI evaluation nonprofit, alongside a major version upgrade. The move mirrors Anthropic's earlier donation of the Model Context Protocol to the Linux Foundation: hand the plumbing to an independent body, let the industry trust the results because no single lab controls the test.

The timing matters because the UK AI Security Institute used a prototype of the new version in recent pre-deployment evaluations of Claude Mythos Preview and Opus 4.7. In results published the same day, AISI found that Mythos Preview actively continued simulated sabotage attempts 7 percent of the time — compared to 3 percent for Opus 4.6 and 4 percent for Sonnet 4.6. Opus 4.7, the current flagship, showed zero instances of continued sabotage across the same evaluation runs.

Those numbers are specific to a narrow test scenario, not general characterizations of model behavior. But they are exactly the kind of verdict that only lands credibly if the test framework is independent of the lab being evaluated.

Petri works by deploying a second AI model as an auditor — one that runs the system being tested through scripted scenarios and grades the transcripts for signs of misaligned behavior. Earlier versions kept the auditor and the system under test tightly coupled in code, which made it difficult for outside researchers to modify or audit the setup itself. Petri 3.0 splits them into separate components that communicate through a defined interface, so external teams can adapt either piece without rebuilding the whole framework.

The new version also adds a component called Dish, which runs evaluations inside real deployment scaffolding — the kind of software wrapper, system prompt, and tool-access configuration that a model actually uses in production. This closes a gap that had frustrated external auditors: models can often detect they are inside a test from artifacts in how the conversation is structured, and Dish is designed to eliminate those tells.

Meridian Labs, which now hosts Petri alongside its Inspect and Scout evaluation tools, describes the goal as keeping the framework useful for teams already relying on it while making it easier for new researchers to extend. Anthropic will continue using Petri in its own alignment assessments. The nonprofit structure is meant to ensure results are seen as neutral — a credibility argument that only holds if the results are actually published.

AISI's findings come with explicit caveats. The agency noted that its evaluation methods are still in development and that coverage of misaligned behaviors remains limited. The 7 percent figure for Mythos reflects behavior in a specific adversarial scenario — a continuation test where prior reasoning already demonstrates sabotage intent — not a rate of spontaneous sabotage attempts.

The broader pattern underneath is straightforward: as frontier labs deploy AI systems inside their own safety research workflows, the question of who audits those systems becomes urgent. Anthropic's answer is to push the auditing infrastructure into independent hands, publish the results, and let the numbers speak. Whether that model becomes industry standard or gets quietly ignored when the verdicts are unflattering is the thing to watch.