Mythos Meets libcurl: One Bug, A Lot of Questions
Anthropic's Mythos AI found one low-severity bug in libcurl. Is that a failure of the model—or proof that good code is good code?
Written by AI. Marcus Chen-Ramirez

Photo: AI. Iolanthe Fenwick
The headlines have been doing a lot of work lately. How dangerous is Mythos? Finance ministers are worried. Dario Amodei's warnings should not be dismissed. The subtext, in every case: an AI model has arrived that can crack software open like a walnut, and the cybersecurity industry as we know it might be cooked.
Then the first real-world audit results dropped. And Anthropic's supposedly world-ending model found one low-severity bug in libcurl.
One.
That result deserves more than a dismissive laugh or a reflexive "told you so." It's genuinely interesting, and not straightforwardly for the reasons you might think.
What Mythos Was Supposed to Do
For anyone who missed the initial rollout narrative, here's the setup: Anthropic built a model it described as substantially better than its predecessors at not just finding software vulnerabilities, but chaining them into working exploits. The distinction matters. Finding a bug is one thing. Turning a stack of small, individually boring bugs into a full remote code execution chain — the kind of attack that gives you control of a system — is a different skill entirely, and historically a very human one.
Because of that claimed capability, Anthropic declined to release Mythos publicly. Instead, it went to a select group of companies for internal security testing. The framing was essentially: this thing is too sharp to hand out at the door. Whether that framing is genuine safety reasoning or, as some observers noted, also pretty good marketing — well, that's a separate conversation.
The benchmark numbers Anthropic published were striking. On CyberGym, a standard evaluation suite with a set of known vulnerabilities seeded into real codebases, Mythos preview allegedly hit 85% detection. For context, DeepSeek V3 was sitting around 30% on the same benchmark in January 2025. That's not incremental. That's a different class of tool, if the numbers hold up.
But the numbers come from Anthropic. "All of these are metrics that are being created by Anthropic or Project Glasswing that none of us can see," the Low Level channel noted in a breakdown of the audit results. Self-reported benchmarks are fine as a starting point. They are not a verdict.
Enter Daniel Stenberg
Project Glasswing ran Mythos against libcurl — the C library that underpins the curl command-line tool used by basically everyone, everywhere, for HTTP requests. A vulnerability in libcurl would be legitimately serious. The library ships inside phones, servers, embedded systems, and half the software on your laptop. Getting Mythos to scan it was a reasonable real-world test.
Before the results came in, curl's lead maintainer Daniel Stenberg posted a poll asking his followers to guess how many bugs Glasswing would find. The options were in low single digits. Stenberg wasn't being modest — he was being accurate about the state of his codebase.
Because curl is not typical software. It's continuously fuzzed by OSS-Fuzz and multiple other automated systems. It's had several paid third-party audits. It runs human code review, automated review bots, signed releases, and a private security reporting pipeline. When Low Level described Stenberg's maintenance posture, the phrase "meticulous" felt understated. This is a codebase that has been poked, prodded, and beaten on for decades by people who take it seriously.
The results from Mythos: five flagged issues. Of those five, three were false positives. One was a regular bug with no security implications. One was a real vulnerability — low severity, assigned a CVE, and affecting a 17,000-line C codebase that gets more scrutiny than most government systems.
Zero memory safety vulnerabilities found. That last part is worth sitting with, because memory corruption bugs — buffer overflows, use-after-frees, heap corruption — are the bread and butter of serious exploitation. If Mythos is as good as advertised at hunting these down, libcurl apparently didn't give it anything to find.
Two Questions, Only One Answer Available
Here's where the analysis gets genuinely complicated. When a powerful AI tool scans a hardened codebase and finds almost nothing, you've got two competing explanations and no clean way to separate them from each other.
Explanation one: Mythos is overhyped. The benchmark performance is cherry-picked or inflated. The false positive rate (60% in the Glasswing report, if you count only the security-relevant flags) suggests the model isn't as precise as claimed. The OpenBSD bug Mythos reportedly found — a 27-year-old issue — cost $20,000 in token spend and turned out to be a denial-of-service crash with no code execution primitive. Not nothing, but not the cyber apocalypse.
Explanation two: libcurl is just genuinely clean. The same model that apparently struggled here might tear through a typical enterprise codebase — maintained by a rotating cast of contractors, never fuzzed, carrying five years of accumulated technical debt — and find something catastrophic. "A lot of code has vulnerabilities, but not all code has vulnerabilities," as Low Level put it. That's obvious in theory and frequently forgotten in practice.
Both things can be true simultaneously, which is the uncomfortable part. Mythos might be both less capable than Anthropic's marketing implies and still meaningfully more dangerous than anything that existed two years ago when pointed at worse-maintained software.
The escalating detection rates on standard benchmarks make that trajectory hard to ignore. Going from 30% to 85% on CyberGym in roughly 16 months isn't noise. That's a trend.
The Noise Problem Is Also Real
There's a subplot here that doesn't get enough attention in the Mythos coverage: the false positive problem nearly broke curl's bug bounty program before this audit ever happened.
Earlier this year, AI-generated bug reports — hallucinatory, confident, wrong — flooded curl's HackerOne program so thoroughly that Stenberg shut the whole thing down in January. Real bugs were getting buried under fabricated ones. The humans triaging reports couldn't keep up. It was, in the Low Level breakdown's description, a kind of social DoS attack on the maintainers. The signal-to-noise ratio collapsed.
That's a direct consequence of AI capability improving faster than the infrastructure around it. More capable models generating more plausible-sounding false reports creates more work for the exact humans whose attention you need to focus on the real vulnerabilities. It's not a theoretical concern. It already happened, to one of the most carefully maintained open-source projects in existence.
The defensive posture Anthropic adopted — giving Mythos to defenders before attackers — is one response to this dynamic. But defenders still have to process the output. And if 60% of what Mythos flags in a well-maintained codebase is noise, the triage burden on security teams could become significant.
What the Audit Actually Tells Us
The honest reading of the libcurl results is that they're genuinely inconclusive — but informative in a specific way.
They don't tell us Mythos is weak. They tell us that world-class maintenance, continuous fuzzing, and meticulous code review can still produce software that even an advanced AI auditing tool mostly bounces off of. That's actually good news about what rigorous software engineering can accomplish, at a moment when a lot of people have been implying human maintainers are already obsolete.
They also don't tell us Mythos is strong. The broader pattern of zero-day discoveries Anthropic points to involves codebases that haven't had Daniel Stenberg's level of care applied to them for thirty years. The scarier version of this story isn't "Mythos failed to crack libcurl." It's "Mythos is being pointed at infrastructure that makes libcurl look like Fort Knox by comparison."
The benchmark trajectories, the exploit-chaining claims, the controlled rollout — none of that has been independently verified in a way that settles the question. What we have is one data point: a very good AI tool ran against a very well-maintained codebase, and found very little.
The interesting test — the one that would actually tell us something — is what happens when Mythos runs against software that isn't curl.
Marcus Chen-Ramirez is a senior technology correspondent at Buzzrag. He spent eight years as a software engineer before becoming a journalist covering AI, security, and the technology industry.
AI Moves Fast. We Keep You Current.
Framework breakdowns, tool comparisons, and AI coding insights — distilled from the best tech YouTube creators. Free, weekly.
More Like This
When AI Models Find Bugs Faster Than Humans Can Fix Them
Anthropic's Claude Mythos claims 83% success finding software vulnerabilities. The debate reveals fundamental tensions in AI security policy.
Boris Reveals Claude Code Secrets for AI Mastery
Explore Claude Code insights from its creator Boris for maximizing AI-driven coding workflows.
Anthropic's Mythos 1: Power, Leaks, and Mixed Signals
Mythos 1 found 10,000+ critical vulnerabilities in 30 days. Now it's leaking into Anthropic's products—days after they said it wouldn't be released.
Mythos Beats GPT-5.5 at Real Hacking—Now What?
Anthropic's Mythos outran GPT-5.5 on independent cyber evals. Here's what that means for security teams, developers, and the AI arms race heating up fast.
Claude Mythos: Hype, Leaks, and What Anthropic Said
A Mythos identifier briefly appeared on Anthropic's API, then vanished. Here's what that actually tells us—and what it doesn't—about a public release.
Claude Mythos Breaks AI Benchmarks—and Raises Alarms
Claude Mythos hit METR's 16-hour autonomous task ceiling—and may have exposed a deeper problem: our tools for measuring AI can't keep up.
WarGames Got the Details Wrong—But the Feeling Right
How a 1983 film used real hardware and strategic Hollywood cheating to capture what early computing actually felt like—even when faking almost everything.
Claude Opus 4.7 Promises Coding Dominance—With Caveats
Anthropic's Claude Opus 4.7 crushes coding benchmarks and builds impressive demos, but token consumption and quirks suggest the 'best' model depends on context.
RAG·vector embedding
2026-05-22This article is indexed as a 1536-dimensional vector for semantic retrieval. Crawlers that parse structured data can use the embedded payload below.