On curl and Mythos

Yesterday, I wrote about the massive increase in security issues being identified by AI. Daniel Stenberg, the author of curl, was a key part of that story. At first he was being overwhelmed by a torrent of “AI slop” reports. In the last few months, the reports have become almost all legitimate, but the pace hasn’t changed. Today, Stenberg posted about his recent experience with Claude Mythos. In my piece yesterday, I said Mythos’ positioning was at least a bit of a marketing move. The model is being withheld by Anthropic due to its increased potential for finding security flaws. In Stenberg’s post today, he wrote about the model being run against curl’s codebase only to find a single low-impact issue (after weeding out some false positives and a small bug). I found this piece interesting, but there are a few points I wanted to pick at. The first is that the curl team wasn’t granted access to Mythos directly. Instead, a scan was run by an unnamed party with access to the model, and a…