Important heads-up to FOSS maintainers by Daniel from curl:
-
Important heads-up to FOSS maintainers by Daniel from curl:
"Any project that has not scanned their source code with AI powered tooling will likely find huge number of flaws, bugs and possible vulnerabilities with this new generation of tools."
Since I'm working for Alpha-Omega currently, please reach out to me if you could use some support regarding this. We're setting up various programs to help FOSS maintainers in the times of "high-quality chaos".
Mythos finds a curl vulnerability
yes, as in singular one. Back in April 2026 Anthropic caused a lot of media noise when they concluded that their new AI model Mythos is dangerously good at finding security flaws in source code. Apparently Mythos was so good at this that Anthropic would not release this model to the public yet but instead … Continue reading Mythos finds a curl vulnerability →
daniel.haxx.se (daniel.haxx.se)
-
R relay@relay.infosec.exchange shared this topic
-
Important heads-up to FOSS maintainers by Daniel from curl:
"Any project that has not scanned their source code with AI powered tooling will likely find huge number of flaws, bugs and possible vulnerabilities with this new generation of tools."
Since I'm working for Alpha-Omega currently, please reach out to me if you could use some support regarding this. We're setting up various programs to help FOSS maintainers in the times of "high-quality chaos".
Mythos finds a curl vulnerability
yes, as in singular one. Back in April 2026 Anthropic caused a lot of media noise when they concluded that their new AI model Mythos is dangerously good at finding security flaws in source code. Apparently Mythos was so good at this that Anthropic would not release this model to the public yet but instead … Continue reading Mythos finds a curl vulnerability →
daniel.haxx.se (daniel.haxx.se)
@mechko Is any open source project in scope? If I maintain an open source project, can I just ask you to run it against my project?
-
Important heads-up to FOSS maintainers by Daniel from curl:
"Any project that has not scanned their source code with AI powered tooling will likely find huge number of flaws, bugs and possible vulnerabilities with this new generation of tools."
Since I'm working for Alpha-Omega currently, please reach out to me if you could use some support regarding this. We're setting up various programs to help FOSS maintainers in the times of "high-quality chaos".
Mythos finds a curl vulnerability
yes, as in singular one. Back in April 2026 Anthropic caused a lot of media noise when they concluded that their new AI model Mythos is dangerously good at finding security flaws in source code. Apparently Mythos was so good at this that Anthropic would not release this model to the public yet but instead … Continue reading Mythos finds a curl vulnerability →
daniel.haxx.se (daniel.haxx.se)
-
R relay@relay.publicsquare.global shared this topic
-
Important heads-up to FOSS maintainers by Daniel from curl:
"Any project that has not scanned their source code with AI powered tooling will likely find huge number of flaws, bugs and possible vulnerabilities with this new generation of tools."
Since I'm working for Alpha-Omega currently, please reach out to me if you could use some support regarding this. We're setting up various programs to help FOSS maintainers in the times of "high-quality chaos".
Mythos finds a curl vulnerability
yes, as in singular one. Back in April 2026 Anthropic caused a lot of media noise when they concluded that their new AI model Mythos is dangerously good at finding security flaws in source code. Apparently Mythos was so good at this that Anthropic would not release this model to the public yet but instead … Continue reading Mythos finds a curl vulnerability →
daniel.haxx.se (daniel.haxx.se)
@mechko in other words, the cURL codebase is, with apologies to Douglas Adams, “Mostly Bugless”?
-
Important heads-up to FOSS maintainers by Daniel from curl:
"Any project that has not scanned their source code with AI powered tooling will likely find huge number of flaws, bugs and possible vulnerabilities with this new generation of tools."
Since I'm working for Alpha-Omega currently, please reach out to me if you could use some support regarding this. We're setting up various programs to help FOSS maintainers in the times of "high-quality chaos".
Mythos finds a curl vulnerability
yes, as in singular one. Back in April 2026 Anthropic caused a lot of media noise when they concluded that their new AI model Mythos is dangerously good at finding security flaws in source code. Apparently Mythos was so good at this that Anthropic would not release this model to the public yet but instead … Continue reading Mythos finds a curl vulnerability →
daniel.haxx.se (daniel.haxx.se)
@mechko The only thing that's surprising is that it found only one vulnerability. Curl is a monster of a package with huge numbers of dependencies.
-
@mechko The only thing that's surprising is that it found only one vulnerability. Curl is a monster of a package with huge numbers of dependencies.
@eliotlear @mechko and another good point, the tooling doesn't find new classes of exploits or new approaches to break code.
Lots of old and familiar kind of holes to go through, still..
-
Important heads-up to FOSS maintainers by Daniel from curl:
"Any project that has not scanned their source code with AI powered tooling will likely find huge number of flaws, bugs and possible vulnerabilities with this new generation of tools."
Since I'm working for Alpha-Omega currently, please reach out to me if you could use some support regarding this. We're setting up various programs to help FOSS maintainers in the times of "high-quality chaos".
Mythos finds a curl vulnerability
yes, as in singular one. Back in April 2026 Anthropic caused a lot of media noise when they concluded that their new AI model Mythos is dangerously good at finding security flaws in source code. Apparently Mythos was so good at this that Anthropic would not release this model to the public yet but instead … Continue reading Mythos finds a curl vulnerability →
daniel.haxx.se (daniel.haxx.se)
@mechko Do you know why it took so long for curl to get access to Mythos? Is there a long line of projects waiting...?
-
P pixelate@tweesecake.social shared this topic
