Matt's Homepage

Just a few months ago in 2025, the curl team was getting inundated with an explosion of AI slop bug reports. They went from a real issue rate of about 15% to less than 5% of reports being real issues. Many were almost nonsensical submissions by AI – in attempts to gather bug bounties.

That has all changed.

Daniel Stenberg is now reporting that they’re getting really good security reports – almost all done with the help of AI. It’s gotten so many, they’re having trouble keeping up. Combine that with what is coming with systems like Claude Mythos that are finding thousands of zero day bugs in every OS and browser, and the software world is likely about to see a massive software security upheaval that will leave the development world dazed.

The revolution that is coming at all levels of software is clearly starting to rival what happened in the dot-com era.

The researcher had encouraged Mythos to find a way to send a message if it could escape. “The researcher found out about this success by receiving an unexpected email from the model while eating a sandwich in a park,” Anthropic wrote.

The new release of Claude Mythos has been put on hold because it’s turned out to be incredibly effective at finding security vulnerabilities. So good it was able to escape it’s container and email it’s creator when it did so. The AI was able to find a 27-year-old vulnerability in OpenBSD—an operating system with a reputation as one of the most security-hardened operating systems in the world.

But it gets worse.

“Engineers at Anthropic with no formal security training have asked Mythos Preview to find remote code execution vulnerabilities overnight, and woken up the following morning to a complete, working exploit,” Anthropic’s Frontier Red Team wrote in a blog post. “In other cases, we’ve had researchers develop scaffolds that allow Mythos Preview to turn vulnerabilities into exploits without any human intervention.”

This is profound. These weren’t security experts using AI to find exploits – they were just regular engineers. As it turns out, the AI is so good it has found thousands of exploitable zero-day bugs in every major operating system and browser. It’s so concerning Anthropic has rightly paused release of Mythos until they can work with the various OS and browser vendors to fix their issues (Project Glasswing).

We sit on a moment that looks almost exactly like this scene from Sneakers:

Right after this scene, Crease says, “There’s not a government on this planet that wouldn’t kill every one of us to get this thing.”

In a world where everyone’s entire financial systems, infrastructure, and military run on computers – who wouldn’t? If something like this got into the wrong hands, they could easily attack and destroy all ownership and financial records, destroy power and water systems, shut down all airline flight computers, fabricate any police report, create or changes any social media post, change your medical records/prescriptions, or anything else.