Anthropic's leaked 'Mythos' AI found curl vulnerability before release; patch now available

Anthropic's next-generation AI model, 'Mythos,' designed for autonomous software exploitation and social engineering, was prematurely exposed due to a data leak. Cybersecurity experts assessing the leaked data found Mythos capable of identifying complex vulnerabilities in legacy infrastructure. The model's potential for misuse prompted concerns about AI safety protocols and led to Anthropic halting its release. ## Latest Update A vulnerability in curl, specifically a heap-based buffer overflow in the NTLM code (CVE-2026-43201), was discovered by Mythos before the model's release was stopped. The vulnerability, triggered by a malicious server sending a crafted NTLM message, has been fixed in curl 8.13.0. ## Timeline * **2026-03-27:** Anthropic accidentally leaks internal documentation and performance benchmarks for 'Mythos,' revealing its advanced cybersecurity capabilities. * **2026-05-08:** Anthropic contacts the curl security team to report a vulnerability found by Mythos. * **2026-05-11:** curl 8.13.0 is released, patching the heap-based buffer overflow (CVE-2026-43201) discovered by Anthropic's Mythos. ## What to Watch * Further vulnerabilities discovered by Mythos may surface, requiring ongoing vigilance and patching efforts. * The incident highlights the potential risks associated with advanced AI models and the need for robust safety protocols. * Monitor for discussions and potential exploitation attempts targeting systems running older versions of curl.