Comment by lompad
4 hours ago
The maintainer of curl - who has access to mythos - disagrees [0].
I think it's dangerous to rely on claims made by people who financially profit from you believing them without checking.
[0]: https://daniel.haxx.se/blog/2026/05/11/mythos-finds-a-curl-v...
The article says in the second section that the author did not have access to Mythos. I think it’s dangerous to rely on claims made by others without even bothering to read them first, let alone check.
It found hundreds of vulnerabilities in Firefox, according to Mozilla: how does Mozilla benefit? It found a 27 year old vulnerability in OpenBSD. How do they benefit from that? Is that made up? Are the maintainers of those codebases lying for the benefit of Anthropic’s IPO? Is copy fail a fabrication by big AI? The 12 OpenSSL vulnerabilities found in January?
https://venturebeat.com/security/mythos-detection-ceiling-se... https://www.wired.com/story/mozilla-used-anthropics-mythos-t... https://cyberscoop.com/copy-fail-linux-vulnerability-artific... https://www.schneier.com/blog/archives/2026/02/ai-found-twel...
Im not sure whose claims you think I’m relying on. I trust Firefox that they’re not overstating the number of CVES they’ve found. Same for OpenSSL. The OpenBSD folks definitely don’t seem like the types. I’ve not known Linux to fabricate CVEs either. I think my sources are fine.
That blog post is very clear about the maintainer having no access to Mythos.
Does that matter that somebody else ran it for him?
When it is explicitly an appeal to authority, and the basis for the authority is incorrect? Feels like it matters.
And presumably the GP thought that saying the maintainer had access to Mythos made it a more compelling argument. Otherwise why even mention it?