AI Is Finding More Bugs Than Open-Source Teams Can Fight Off [View all]

Anthropic’s Mythos and similar AI tools can identify threats and vulnerabilities faster than small teams can fix them, putting the internet at risk.

In 2025, Daniel Stenberg, the chief maintainer of cURL, an open-source software tool that transfers data using URLs, received 181 notifications of bugs or vulnerabilities across the codebase he oversees with a small team of six other volunteers.

That was roughly as many as the previous two years combined. “Last year was quite intense during periods,” Stenberg said from his office in Sweden.

With hindsight, that 2025 bump — which Stenberg attributed to the rise of AI tools like OpenAI’s ChatGPT and Anthropic PBC’s Claude, and the ease with which bug report forms could be filled out with their support — was just a taster.

By April 9 this year, the cURL team had already fielded 87 requests. That puts them on track to receive some 325 reports during 2026, roughly as many as they received in total from 2020 through 2023.

https://www.bloomberg.com/news/articles/2026-04-17/anthropic-s-mythos-adds-strain-on-cybersecurity-teams-facing-ai-threats?accessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzb3VyY2UiOiJTdWJzY3JpYmVyR2lmdGVkQXJ0aWNsZSIsImlhdCI6MTc3NjUzODEyOSwiZXhwIjoxNzc3MTQyOTI5LCJhcnRpY2xlSWQiOiJURE1OSThLSUpIOU0wMCIsImJjb25uZWN0SWQiOiJDNjgyQTUwQzJCRDM0MTFCQTgwQjEwQjZEQjczQzM1MSJ9.KEoHkll589qt812tVW1HbpmbI6wzjUKNz9sjlkVF7oc