Daniel Stenberg, a famous Swedish programmer and author of cURL, believes that the hype surrounding the Mythos AI model is nothing more than successful marketing from the company Anthropic.
Daniel Stenberg, a famous Swedish programmer and author of cURL, believes that the hype surrounding the Mythos AI model is nothing more than successful marketing from the company Anthropic.
According to The Register, citing Stenberg’s blog, Mythos scanned his popular open source project but found only one real vulnerability.
According to Stenberg, he signed up to try out Mythos himself, but never got direct access to the model. Instead, someone else who did have access ran Mythos on the cURL codebase and later sent him a report.
Mythos' scan analyzed the cURL Git repository and found only five things that were supposedly «confirmed security vulnerabilities» in cURL. But Stenberg and his colleagues dug deeper and realized that there was actually only one confirmed vulnerability.
As for the other four «vulnerabilities,» three of them turned out to be false positives, pointing to flaws in cURL already noted in the API documentation, while the fourth was considered by the team to be a simple bug.
«The only confirmed vulnerability will be a low severity CVE, scheduled to be released simultaneously with our next release of Curl 8.21.0, expected in late June,» the cURL author noted.
However, Mythos found several other non-security-related bugs, which Stenberg said the team is working to fix.
He also noted that their description and explanation were well done. In other words, according to the Swedish programmer, Mythos can do a good job, but it is not the groundbreaking and revolutionary model of artificial intelligence that Anthropic claims.
«My personal conclusion cannot be reduced to anything other than that the great hype surrounding this model so far has been mostly marketing,» Stenberg stated in a blog post.
As Stenberg noted, Mythos doesn’t do anything special when it comes to the security industry: it may be a little better at finding information than previous models, but «not to the point where it significantly affects code analysis.»
As dev.ua wrote, Claude Mythos impressed security testers at Anthropic.
The media also reported that Anthropic would not release Claude Mythos into the public domain because the model had learned to find critical vulnerabilities in OSes and browsers.
