But Mythos is not marketed as a tool that can do the same as other tools already available maybe slightly better, but as a revolution.
replySure, but isn't it a verdict on Mythos compared to other models?
replyIf so, it would still follow. "Most software" isn't analyzed as much as curl, by either other tooling or other models, that might well find close to the same as Mythos did. As such, Mythos then isn't especially/particularly dangerous.
I don't think I understand what you mean, the "not particularly dangerous" comment was in relation to the vulnerability that was found right ? Surely they would know what constitutes a lower severity level.
replyThe "not particularly dangerous" is a headline for a section talking about Mythos, not the vulnerability.
replyAh okay, that makes a bit more sense. I read it wrong. Then the comment is absolutely fair.
replyMy guess is that it is in category of "you are holding it wrong". Still worth fixing, but requires very specific user input for example. Or very weird scenario. Or in some less used protocol or flag combination.
replyCurl is currently receiving a record number of high-quality bug/vuln reports (a rather sharp change from the earlier slop inundation), so it’s not like there’s nothing to find. Many or most of these are presumably found by human experts assisted by AI tools, but if Mythos were truly revolutionary, it should be able to find such issues on its own.
replyhttps://daniel.haxx.se/blog/2026/04/22/high-quality-chaos/, linked from TFA