logoalt Hacker News

New serious vulnerabilities spiked around release of Claude Mythos Preview

88 pointsby cubefoxyesterday at 9:16 PM30 commentsview on HN

Comments

cpercivatoday at 3:11 AM

This is hardly news? We've known for months that a flood of AI-assisted vulnerabilities was coming; I posted on Twitter in March calling 2026 the year of a million CVEs: https://x.com/i/status/2035045573116789002

show 1 reply
rurbantoday at 6:06 AM

I do maintain dozens of C/C++/Perl projects. I got massive amounts of new good vulnerability reports, more than with the latest fuzzing waves. Fuzzing is still the majority overall, but Opus dominates now. Haven't got any Mythos/Fable vuln yet. And with the help of Sonnet/DeepSeek I can finally get around and weed out all the still existing fuzzing bugs. It has nothing to do with Mythos for me, just people getting Anthropic Max accounts.

And CVE's: People actually do that now, which before they didn't. Github allowing it now, certainly does help massively. This is a good thing

hopppyesterday at 10:59 PM

How are these reports verified to be valid? If there are too many some could be hallucinations too.

show 2 replies
simonreifftoday at 4:53 AM

So basically there are two plausible explanations:

1. Someone with early access to Mythos leaked it to the bad guys.

2. Cybercriminals are getting enough mileage out of alternatives to Mythos to create exploits far more quickly, even though they don't have access to Mythos.

My own guess is that it's a combination of #2 plus vibe-coding degrading software quality at multiple layers, open the door to sophisticated exploits, but I have no insider access to Mythos so am just guessing. Maybe someone with Mythos access might say why they think this vulnerability spike happened when it did.

show 3 replies
6d7770today at 6:03 AM

This is good. Poor quality software gets outed and maybe fixed.

solenoid0937yesterday at 10:51 PM

I predict once the responsible disclosure period is up we will see a lot more

eternauta3ktoday at 4:42 AM

Can we learn something from these vulnerabilities? New categories of attacks and corresponding protections?

Robdel12today at 2:52 AM

…are we really drawing conclusions on this starting at April? When it was released in June?

show 2 replies
general_revealtoday at 4:51 AM

So, another victory for the LLM. We were told by project maintainers that AI generated pull requests for vulnerabilities would be blocked. Looks like humans take another L. We have to get out of the way.

black_13today at 1:48 AM

[dead]

comradesmithtoday at 12:02 AM

Good

IAmGraydontoday at 2:19 AM

Is this because LLMs are better at finding vulnerabilities or because increased use of LLMs for coding is creating more vulnerabilities?