<![CDATA[Important heads-up to FOSS maintainers by Daniel from curl:]]>Important heads-up to FOSS maintainers by Daniel from curl:

"Any project that has not scanned their source code with AI powered tooling will likely find huge number of flaws, bugs and possible vulnerabilities with this new generation of tools."

Since I'm working for Alpha-Omega currently, please reach out to me if you could use some support regarding this. We're setting up various programs to help FOSS maintainers in the times of "high-quality chaos".

Link Preview Image
Mythos finds a curl vulnerability

yes, as in singular one. Back in April 2026 Anthropic caused a lot of media noise when they concluded that their new AI model Mythos is dangerously good at finding security flaws in source code. Apparently Mythos was so good at this that Anthropic would not release this model to the public yet but instead … Continue reading Mythos finds a curl vulnerability →

favicon

daniel.haxx.se (daniel.haxx.se)

]]>https://board.circlewithadot.net/topic/de514638-cefe-431f-b0b8-be8870514c43/important-heads-up-to-foss-maintainers-by-daniel-from-curlRSS for NodeFri, 15 May 2026 02:40:56 GMTMon, 11 May 2026 09:04:50 GMT60<![CDATA[Reply to Important heads-up to FOSS maintainers by Daniel from curl: on Mon, 11 May 2026 13:13:16 GMT]]>@mechko Do you know why it took so long for curl to get access to Mythos? Is there a long line of projects waiting...?

]]>https://board.circlewithadot.net/post/https://mastodon.social/users/gnirre/statuses/116556116565991205https://board.circlewithadot.net/post/https://mastodon.social/users/gnirre/statuses/116556116565991205Mon, 11 May 2026 13:13:16 GMT<![CDATA[Reply to Important heads-up to FOSS maintainers by Daniel from curl: on Mon, 11 May 2026 10:37:48 GMT]]>@eliotlear @mechko and another good point, the tooling doesn't find new classes of exploits or new approaches to break code.

Lots of old and familiar kind of holes to go through, still..

]]>https://board.circlewithadot.net/post/https://mastodontti.fi/users/janvenetor/statuses/116555505225375584https://board.circlewithadot.net/post/https://mastodontti.fi/users/janvenetor/statuses/116555505225375584Mon, 11 May 2026 10:37:48 GMT<![CDATA[Reply to Important heads-up to FOSS maintainers by Daniel from curl: on Mon, 11 May 2026 10:22:57 GMT]]>@mechko The only thing that's surprising is that it found only one vulnerability. Curl is a monster of a package with huge numbers of dependencies.

]]>https://board.circlewithadot.net/post/https://mastodon.social/users/eliotlear/statuses/116555446818776309https://board.circlewithadot.net/post/https://mastodon.social/users/eliotlear/statuses/116555446818776309Mon, 11 May 2026 10:22:57 GMT<![CDATA[Reply to Important heads-up to FOSS maintainers by Daniel from curl: on Mon, 11 May 2026 10:07:39 GMT]]>@mechko in other words, the cURL codebase is, with apologies to Douglas Adams, “Mostly Bugless”?

]]>https://board.circlewithadot.net/post/https://mastodon.social/users/sjaveed/statuses/116555386708971101https://board.circlewithadot.net/post/https://mastodon.social/users/sjaveed/statuses/116555386708971101Mon, 11 May 2026 10:07:39 GMT<![CDATA[Reply to Important heads-up to FOSS maintainers by Daniel from curl: on Mon, 11 May 2026 09:25:56 GMT]]>@mechko
@purpleidea FYI 👆🏼

]]>https://board.circlewithadot.net/post/https://hachyderm.io/users/ringods/statuses/116555222650670473https://board.circlewithadot.net/post/https://hachyderm.io/users/ringods/statuses/116555222650670473Mon, 11 May 2026 09:25:56 GMT<![CDATA[Reply to Important heads-up to FOSS maintainers by Daniel from curl: on Mon, 11 May 2026 09:09:19 GMT]]>@mechko Is any open source project in scope? If I maintain an open source project, can I just ask you to run it against my project?

]]>https://board.circlewithadot.net/post/https://ap.nil.im/objects/21d98c58-e044-4750-b841-0621031ce4e5https://board.circlewithadot.net/post/https://ap.nil.im/objects/21d98c58-e044-4750-b841-0621031ce4e5Mon, 11 May 2026 09:09:19 GMT