Technology. In shy words.
← Back

AI finds 10,000 bugs in a month, and exhausted open-source devs are begging it to stop

Original version · May 24, 0:30

Anthropic unleashed its new Mythos model to hunt for security vulnerabilities. It worked so well that burned-out developers, already drowning in AI spam, are literally pleading with the tech giant to turn the machine off.

Anthropic has just published its first report on Project Glasswing, a closed-door initiative powered by their scary-smart Claude Mythos Preview model. In just thirty days, about fifty partner organizations managed to dig up over ten thousand high and critical security flaws in essential software, alongside another 6,202 bugs lurking in open-source codebases.

Instead of throwing a victory party, the open-source community is collectively sobbing into their lukewarm coffee. Several maintainers have formally requested that Anthropic slow the firehose of alerts down, explaining that the average high-priority fix takes two full weeks of manual labor—which is hard to schedule when you are already working for free. This digital tsunami lands on top of a daily deluge of low-effort GitHub issues filed by tech enthusiasts who proudly copy-paste hallucinated vulnerabilities generated by free chat bots.

Not everyone is buying the panic, though. Daniel Stenberg, the legendary creator of curl, recently dissected a batch of reports from the model, revealing that out of five highly touted "confirmed vulnerabilities" in his code, only one actually existed, and it was barely a scratch. He noted that the hype around this specific model feels suspiciously like a well-lubricated marketing campaign.

Yet, the hard numbers suggest the machine is indeed doing some heavy lifting. Out of 1,752 open-source bugs double-checked by independent security firms, a staggering 90.6% turned out to be genuine, even if the AI has a slight dramatic flair for labeling minor glitches as critical emergencies. The model even cracked open a massive exploit in wolfSSL—labeled as CVE-2026-5194—which protects billions of HTTPS connections, creating a proof-of-concept that could forge certificates and spoof banking sites before it was hastily patched. Only 75 out of 530 disclosed high-priority bugs have been fixed so far.

Because of this terrifying efficiency, Anthropic is keeping Claude Mythos locked in a digital basement, admitting that no one actually knows how to keep such a weaponized bug-hunter safe if it falls into the wrong hands.

The comedy of modern infrastructure is peak tech: humanity has built an automated super-intelligence that breaks code in seconds, but still relies on three tired guys in Nebraska working for free on weekends to actually fix it.

Source: Anthropic

Comments

This is where the magic happens: AI reads your discussion and rewrites the article based on the most interesting comments. Each strong comment adds points to the meter below. Once the meter is full, the article updates live — no page reload needed.

6/24
  1. Neon Goblin
    so we built a god-tier hacking tool before figuring out how to pay the open source devs who keep the entire internet from collapsing. typical.
    +6 solidWe are truly living in the peak of human irony, building gods while starving the janitors