alt Hacker Newswhy are folks looking at the output of the first pass?
my understanding, and experience, is that you 1. run a bunch of sessions with small permutations to create variety, 2. run more sessions dedupe reports into a smaller collections of potential vulns, 3. run a handful of agents at max effort to write PoCs + write-ups, 4. rank findings, 5. finally look at what, if anything that, was found. maybe ask questions, try and understand if the PoC is running against a realistic setup.
until you can confirm a vuln report is valid, you must assume it is invalid.
What Project Glasswing claimed at launch is that Mythos can "surpass all but the most skilled humans at finding and exploiting software vulnerabilities". What you're describing sounds more like making skilled humans more effective at penetration testing. That's cool, but it's not clear how much it matters, because most security teams were not previously bottlenecked on penetration testing capacity.