Daniel Stenberg, the lead developer of curl, announced in a blog post that Claude Mythos, an AI model from Anthropic, identified only one actual vulnerability in the curl code after analyzing its 178,000 lines. Despite Mythos claiming to have found thousands of zero-days prior to its launch, Stenberg noted that three of the five reported issues were already known, and one was merely a bug, leading him to conclude that the model’s performance has been overstated and is not significantly better than other AI tools previously used on curl. This revelation sparked debate among cybersecurity experts, who are divided on whether the limited findings indicate the strength of curl’s established security protocols, given that it had already been extensively audited by various AI tools, or if they reveal shortcomings in Mythos’ capabilities.

curl: curl is a command-line tool and open-source library for efficiently transferring data with URLs across numerous protocols, embedded in countless devices and applications globally. Its codebase receives ongoing scrutiny from human auditors and AI tools alike. The report on Claude Mythos testing curl highlighted only one new actual security vulnerability amid prior extensive analyses.
Anthropic: Anthropic is an AI research company dedicated to building reliable and safe large language models, primarily known for its Claude family of AI systems. It has launched the Claude Mythos frontier model, which is accessible only to select major organizations via a restricted program to mitigate potential misuse risks. In the news, Mythos analysis of curl uncovered just one confirmed low-severity vulnerability, sparking debate over the model’s touted capabilities.
Daniel Stenberg: Daniel Stenberg serves as the lead developer and main maintainer of the curl project. He evaluated a third-party test report from Anthropic’s Claude Mythos on curl’s codebase. Stenberg critiqued the surrounding hype, asserting that Mythos does not demonstrate superior performance over other AI code analysis tools.

`json
{
“Mozilla Experience”: “Mozilla found Claude Mythos effective at identifying Firefox vulnerabilities, helping accelerate the discovery to patching process, although vulnerabilities could also be found by human researchers.”,
“curl Audit History”: “curl has been analyzed by AI tools like Zeropath, AISLE, and OpenAI’s Codex, highlighting its established security practices.”,
“Mythos Restrictions”: “Anthropic restricts Claude Mythos access to major organizations under a controlled program due to concerns about potential misuse.”,
“Industry Perspectives”: “Cybersecurity experts are divided over whether Mythos’ limited findings on curl indicate the robustness of curl’s codebase or limitations of the Mythos model.”
}
`