Mastodawn

#Mythos finds a #curl vulnerability

yes, as in singular one.

https://daniel.haxx.se/blog/2026/05/11/mythos-finds-a-curl-vulnerability/

Mythos finds a curl vulnerability

yes, as in singular one. Back in April 2026 Anthropic caused a lot of media noise when they concluded that their new AI model Mythos is dangerously good at finding security flaws in source code. Apparently Mythos was so good at this that Anthropic would not release this model to the public yet but instead … Continue reading Mythos finds a curl vulnerability →

daniel.haxx.se

Show thread

Quinn Norton 5d ago

@bagder I suspect the question is, will it still be a worthwhile tool when the actual price to use the tool, not subsidized by anyone's war chest or VC, is revealed?

Show thread

Till Kleisli 4d ago

@quinn my current opinion: for security scans and reviews, AI tools are and will be useful, but not to generate code. @bagder

Show thread

Quinn Norton 4d ago

@kleisli @bagder
if it's something like 10,000 euros a pop, it might not be worth security scans and reviews, except for governmental clients.

Show thread

0x0 4d ago

@quinn

Especially if it's subscription-based, as these models seem to be good at finding only specific sets of problems and then dry out, but even 10k per use is really gov or big corpo territory.

@kleisli @bagder

Show thread

Quinn Norton

@0x0 @kleisli @bagder to be clear i picked that number out of my butt, but it is clear to me that it's going to be very hard to make up their investment in it, much less than the min 10x (which would probably be a couple trillion dollars)