security

Adafruit’s post about a demand letter from Fenwick, sent on behalf of Defy Gravity, Inc. Flux.AI, is the kind of thing that makes “responsible disclosure” sound like a joke the lawyers are in on.

Adafruit:

Adafruit accessed only information that Flux’s own systems made publicly available through a server misconfiguration. Adafruit’s reporting concerns a matter of public security interest and was conducted in the ordinary course of responsible disclosure.

That is the whole fight in two sentences. A company exposes something, a reporter notices, and suddenly the story is not the exposure. The story is whether the reporter can afford the blast radius of saying so.

The Computer Fraud and Abuse Act has always been a handy fog machine for this move. You do not need to win the argument on security if you can make the other side spend money proving they were allowed to look at what your server handed them.

The AI angle makes it uglier, not more novel. A startup selling the future should not need the oldest trick in the crisis-PR drawer: threaten the people who found the mess. If your public systems leak public facts, the problem is not the public.

Sid, writing about the Instagram account takeover fiasco:

The very fact that a $1.5 trillion company lacks robust guard rails and their support AI will just change anyone’s linked email if you ask it nicely enough is so terrifying, if it weren’t so funny.

This is the inevitable endpoint of replacing support with a permissioned chatbot: the bot does not merely answer questions. It holds keys.

Meta can call this patched and move on. Fine. The bug is patched. The architecture is still hilarious in the bleak way: a recovery flow trusted an AI support agent to distinguish a locked-out owner from an attacker with a VPN and a target username.

Two-factor authentication did not save people because the system treated the attacker as the recovered owner. That is the whole indictment. Security controls downstream of a bad identity decision become decorative trim.

The industry loves “AI support” because it sounds like cost reduction without consequence. Here is the consequence: the cheapest employee in the company got promoted to locksmith.

Daniel Stenberg, creator of curl, finally got his hands on Anthropic’s Mythos — the AI model Anthropic deemed too dangerous to release publicly. The results are embarrassing. For Anthropic.

My personal conclusion can however not end up with anything else than that the big hype around this model so far was primarily marketing. I see no evidence that this setup finds issues to any particular higher or more advanced degree than the other tools have done before Mythos.

Here’s the setup, in case you missed the April media blitz. Anthropic announced Claude Mythos Preview — a model “dangerously good” at finding security flaws. Zero-days in every major OS. Four-vulnerability exploit chains. Bugs that had sat in OpenBSD for 27 years. The company said it was so dangerous they couldn’t release it to the public. Instead they’d trickle access to “selected partners” through something called Project Glasswing.

The world panicked. “Is this the end of software security as we know it?” The press ate it up. The framing was perfect: “Our AI is so powerful we’re scared of it ourselves.”

Stenberg’s data point punctures all of it.

Curl is 178,000 lines of C. It runs on 20 billion devices. It’s been scanned by AISLE, Zeropath, and OpenAI’s Codex Security — tools that have collectively found 200 to 300 bugs in the last year alone. It’s arguably the most heavily audited C codebase on the planet.

Mythos scanned it and found five “confirmed” vulnerabilities.

After the curl security team reviewed them: one was real. Severity: low. The other four were false positives or documented API behavior.

One. Low. On the most scrutinized codebase available.

Anthropic’s own risk report — the one that set off the panic — says over 99% of the vulnerabilities they found haven’t been patched yet and can’t be disclosed. Convenient. The 1% they can talk about are framed as watershed moments. But the single independently verifiable test on a well-known target produced a single low-severity CVE.

This doesn’t mean Mythos is useless. Stenberg is careful to say the bug reports it did produce were well-explained and the false positive rate was low. AI code analyzers are genuinely better than traditional static analysis. Any project that hasn’t been scanned with AI tooling will probably find a lot.

But “dangerously good”? Too dangerous to release? The data doesn’t support that story. The story supported the story.

Calling this a marketing stunt isn’t cynical. It’s just accurate. Anthropic invented a crisis — “our model is too powerful to share” — and everyone played along. The real test on real code says Mythos is maybe incrementally better than tools already available. That’s worth talking about. It’s not worth a global panic.

The security community should keep scanning code with AI. It finds bugs. It makes software safer. What it doesn’t need is a lab coat and a scary soundtrack.