In the latest episode of "behold the power of Mythos" from The Hacker News - Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software I distilled it so you don't have to. Of these vulnerabilities, 6,202 have been classified as high- or critical-severity flaws impacting more than 1,000 open-source projects. That 10,000 count didn't even survive until paragraph 3. Subsequent analysis of these [6202] vulnerability candidates has identified that 1,726 are valid true positives. Ah fuck. 1726. But wait, a bad infographic has entered the ring! 23,019 potential vulnerability candidates Ok now we're talking. 1,900 Reviewed by external security firms Wait, what? Why those? Why only those? 1726 confirmed positive You couldn't even cherry pick the valid ones? 467 reported to maintainers Where did the other 1259 go? Maybe this other part of the flowchart will go better... 1,129 reported direct to maintainers by Anthropic, at their request (May contain false positives) 1129 + 467 = 1596 total reported to maintainers Most of them just spammed at open source maintainers. Right. Maybe Anthropic's media release has the goods! 1,752 of those high- or critical-rated vulnerabilities have now been carefully assessed by one of six independent security research firms, or in a small number of cases by ourselves Slightly lower than the 1900, but ok, whatever. Of these, 90.6% (1,587) have proved to be valid true positives, and 62.4% (1,094) were confirmed as either high- or critical-severity 1587 is lower than the infographic's 1726 confirmed positives.... But 10% of 10000 high sev is still something, right? On maintainers’ request, we sometimes disclose bugs directly, without further assessment. We’ve now reported 1,129 such unvetted bugs, of which Mythos Preview estimated that 175 were high- or critical-severity. I'm sure those maintainers enjoyed that 16% high+ sec rate based on Mythos' own estimations. But wasn't that 1129 the bulk of your reports? We estimate that we’ve disclosed 530 high- or critical-severity bugs to maintainers so far. There are a further 827 confirmed vulnerabilities (estimated as high- or critical-severity in the same manner) that we’re aiming to disclose as quickly as possible. 530 is only a third of the reports you made to maintainers... 65 of those have been given public advisories The infographic says 88. I'd ask if they were massaging their financials like they massaged 65 advisories, but we know they are. 23,019 potential vulnerability candidates of all severities, 65 advisories. If you printed the code out and drunkenly threw darts at it you'd probably hit the same level of accuracy.

@avuko @sansruse @BlueMonday1984 Except the prayers to Thoth are a bit more respectful, lol.

@sansruse "Meanwhile, Satya Nadella has announced that Microsoft is pivoting from AI to shoes. When asked if this is a cynical ploy laying the groundwork for a potentially profitable pivot back to AI next month, he replied 'No, but... I mean... Now that you...' and then appeared lost in thought for several minutes."@BlueMonday1984

I would bring up that AI output is not copyrightable so anyone can take your employee work and say it's their own. Now sure how your legal or manglement teams would like that. Also, I would question a language tool that fails 30% of math questions. https://www.theregister.com/2026/02/26/ai_models_get_better_at/

@lagrangeinterpolator @nightsky THRUTH .. NEVER USE AI

Good news, everyone’s favorite emacs is using AI now: https://www.vim.org/vim-9.2-released.php

oh god is our childrens' 9/11 going to be a moon colony imploding