Daniel Stenberg, the creator and lead maintainer of cURL, published a blog post concluding that Anthropic's much-promoted Mythos vulnerability-hunting model performed at roughly the level of existing AI code-analysis tools when run against the cURL codebase. The scan was arranged through Anthropic's Project Glasswing program, which offers access to Mythos to high-profile open source projects via the Linux Foundation. The report initially flagged five "confirmed security vulnerabilities" in cURL's roughly 176,000 lines of C code. On review by the cURL security team, three of those were false positives corresponding to limitations already documented in the project's API documentation, one was a non-security bug, and a low-severity flaw was the only finding that survived as a genuine vulnerability.