Comment by lompad

3 hours ago

The maintainer of curl - who has access to mythos - disagrees [0].

I think it's dangerous to rely on claims made by people who financially profit from you believing them without checking.

[0]: https://daniel.haxx.se/blog/2026/05/11/mythos-finds-a-curl-v...

3 comments

lompad

jsnell 3 hours ago

That blog post is very clear about the maintainer having no access to Mythos.

IsTom 2 hours ago

Does that matter that somebody else ran it for him?

frisbee6152 2 hours ago

The article says in the second section that the author did not have access to Mythos. I think it’s dangerous to rely on claims made by others without even bothering to read them first, let alone check.

It found hundreds of vulnerabilities in Firefox, according to Mozilla: how does Mozilla benefit? It found a 27 year old vulnerability in OpenBSD. How do they benefit from that? Is that made up? Are the maintainers of those codebases lying for the benefit of Anthropic’s IPO? Is copy fail a fabrication by big AI? The 12 OpenSSL vulnerabilities found in January?

https://venturebeat.com/security/mythos-detection-ceiling-se... https://www.wired.com/story/mozilla-used-anthropics-mythos-t... https://cyberscoop.com/copy-fail-linux-vulnerability-artific... https://www.schneier.com/blog/archives/2026/02/ai-found-twel...

Im not sure whose claims you think I’m relying on. I trust Firefox that they’re not overstating the number of CVES they’ve found. Same for OpenSSL. The OpenBSD folks definitely don’t seem like the types. I’ve not known Linux to fabricate CVEs either. I think my sources are fine.