AI Safety News: Anthropic's Mythos Finds a Curl Vulnerability Through Project Glasswing's Open-Source Access Program

May 11, 2026 3 min read daniel.haxx.se, Daniel Stenberg Partial Weak

Tech Jacks Solutions AI News Coverage

Anthropic's restricted-access Mythos model has identified a real vulnerability in the curl/libcurl library, confirmed by Daniel Stenberg, curl's lead developer, who received access through the Linux Foundation's Alpha Omega project as part of the Glasswing arrangement. It's the first publicly confirmed output of an access program that's been at the center of capability governance debates since April.

ai-safety-news agentic-ai-news ai-tools-news ai-models-news project-glasswing mythos curl libcurl cybersecurity

Vulnerability age, ~27 years (reported)

Key Takeaways

Mythos identified a real vulnerability in curl/libcurl, confirmed by lead developer Daniel Stenberg via the Project Glasswing / Alpha Omega access arrangement
The vulnerability reportedly persisted for approximately 27 years, according to multiple independent reports; classification as CWE-190 (integer overflow) is reported but not yet confirmed in primary source text
This is the first publicly confirmed output of the Glasswing access program, which has been discussed in governance and capability assessment contexts since April
Patch details and disclosure timeline not yet public, monitor curl's security advisory tracker and Stenberg's blog before any remediation decisions

Model Release

Claude Mythos Preview

OrganizationAnthropic

TypeAgentic AI / Security

ParametersNot disclosed

BenchmarkECI ~161 (Epoch AI, unconfirmed, [EPOCH-PENDING])

AvailabilityRestricted, not public; Glasswing / Alpha Omega access program only

Verification

Partial daniel.haxx.se (working); SC World (cross-reference, T3) Vulnerability age (~27 years) and CWE-190 classification are reported, not confirmed in primary source text. Full haxx.se post not fully accessible. ECI score unconfirmed (Epoch URL broken).

Project Glasswing just produced its first confirmed result.

Daniel Stenberg, the lead developer of curl and libcurl, was contacted by representatives of the Linux Foundation’s Alpha Omega project and offered access to Anthropic’s Mythos model, the same restricted-capability AI that’s been under governance scrutiny since Anthropic disclosed its existence in April. Stenberg accepted, signed a contract, and ran the model against the curl codebase. According to multiple independent reports, Mythos identified a vulnerability reportedly approximately 27 years old.

That’s a long time for a bug to survive.

The vulnerability’s classification hasn’t been confirmed in publicly available source text, but reporting describes it as an integer overflow type, reportedly classified as CWE-190, pending confirmation from Stenberg’s full post. The “178K lines of code in one session” figure circulating in some coverage has no verifiable source and doesn’t appear in this brief.

Project Glasswing Access Chain

Anthropic

for

Provided Mythos access through the Glasswing arrangement; claims restricted-capability governance

Linux Foundation / Alpha Omega

for

Brokered access between Anthropic and open-source maintainers; holds access contracts

Daniel Stenberg / curl project

neutral

Accepted access, signed contract, ran Mythos, confirmed a finding; disclosure process not yet public

Enterprise security teams

neutral

Affected by any libcurl vulnerability; awaiting curl security advisory for patch details

The mechanism matters here. Alpha Omega, the Linux Foundation initiative funded by Microsoft and Google to improve security across critical open-source software, brokered Stenberg’s access to Mythos under what’s described as the Project Glasswing arrangement. That’s not Anthropic going directly to an open-source maintainer. There’s an intermediary governance layer: the Linux Foundation holds the access agreement, Stenberg signed a contract, and Mythos ran under that structure. Whether that structure adequately addresses disclosure timelines and liability for what Mythos finds is a different question, and one that hasn’t been answered publicly yet.

The catch is that Glasswing’s output is only useful if the downstream patch and disclosure process is equally well-governed. A frontier AI finding a bug is the easy part. Coordinating a responsible disclosure across a library used in millions of deployments, that’s the hard part, and no public details are available yet on how that process is being handled for this specific finding.

For enterprise security teams, the signal is clear: curl and libcurl are foundational to HTTP transfers across the software stack. A previously unknown integer overflow vulnerability in a library this widely deployed has real exposure implications, even before patch availability is confirmed. Watch Stenberg’s blog and the curl security advisory tracker for disclosure details.

For compliance professionals tracking capability assessment: this event directly feeds the CAISI framework discussions covered in the May White House mandatory AI model review brief. Mythos finding a real-world vulnerability in critical infrastructure is the type of confirmed capability output that regulators building capability thresholds will reference. It’s evidence, not just a vendor claim.

What to Watch

Full haxx.se post, vulnerability details and disclosure timelineImmediate

curl official security advisory, patch availabilityDays to weeks

CAISI / capability assessment framework updates referencing Glasswing outputQ2-Q3 2026

Anthropic has long maintained that Mythos represents a restricted-access model with offensive cybersecurity capabilities significant enough to require special governance. The April coverage on who has access to Mythos documented the structure of that restriction. This is the first time the restriction has produced a publicly confirmed, independently verifiable output, Stenberg’s post, with his name on it, is as close to ground truth as this story gets.

Wait for the full haxx.se post and the curl security advisory before making any patch decisions. The vulnerability age and classification are still reported, not confirmed in the primary source text.