I do maintain dozens of C/C++/Perl projects. I got massive amounts of new good vulnerability reports, more than with the latest fuzzing waves. Fuzzing is still the majority overall, but Opus dominates now. Haven't got any Mythos/Fable vuln yet. And with the help of Sonnet/DeepSeek I can finally get around and weed out all the still existing fuzzing bugs. It has nothing to do with Mythos for me, just people getting Anthropic Max accounts.
And CVE's: People actually do that now, which before they didn't. Github allowing it now, certainly does help massively. This is a good thing
How are these reports verified to be valid? If there are too many some could be hallucinations too.
So basically there are two plausible explanations:
1. Someone with early access to Mythos leaked it to the bad guys.
2. Cybercriminals are getting enough mileage out of alternatives to Mythos to create exploits far more quickly, even though they don't have access to Mythos.
My own guess is that it's a combination of #2 plus vibe-coding degrading software quality at multiple layers, open the door to sophisticated exploits, but I have no insider access to Mythos so am just guessing. Maybe someone with Mythos access might say why they think this vulnerability spike happened when it did.
This is good. Poor quality software gets outed and maybe fixed.
I predict once the responsible disclosure period is up we will see a lot more
Can we learn something from these vulnerabilities? New categories of attacks and corresponding protections?
…are we really drawing conclusions on this starting at April? When it was released in June?
So, another victory for the LLM. We were told by project maintainers that AI generated pull requests for vulnerabilities would be blocked. Looks like humans take another L. We have to get out of the way.
[dead]
Good
Is this because LLMs are better at finding vulnerabilities or because increased use of LLMs for coding is creating more vulnerabilities?
This is hardly news? We've known for months that a flood of AI-assisted vulnerabilities was coming; I posted on Twitter in March calling 2026 the year of a million CVEs: https://x.com/i/status/2035045573116789002