A SecurityWeek feature reports that Claude Mythos found only one curl vulnerability, with experts divided on what this means for the AI model’s capabilities. Curl’s lead developer, Daniel Stenberg, says Mythos claims are marketing, but many in the industry view the results as reflecting curl’s robust security rather than Mythos’ limitations, according to his blog post.
Mythos’ analysis of curl’s 178,000 lines of code, based on a report handed to the developer by a third party, identified five “confirmed security vulnerabilities”; three were known issues described in official documentation and one was a bug rather than a security hole. The only issue confirmed as an actual vulnerability by the curl team is low severity and will be patched in late June.
Curl has been analyzed by other AI tools as well, and Mozilla has noted Mythos helped discover more than 270 Firefox vulnerabilities, though those findings could also have been made by elite human researchers. The discussion continues online, with some arguing Mythos should have found more vulnerabilities if its claims were accurate, while others emphasise curl’s maturity and security.