Curl has been the workhorse of HTTP for nearly three decades. It ships in roughly every Linux distribution, every macOS install, most embedded devices, and the dependency graph of half the internet. The codebase has survived years of human review, static analyzers, fuzzers, and bounty hunters. So when Daniel Stenberg, curl's longtime maintainer, posted on May 11, 2026 that an AI tool called Mythos surfaced a real vulnerability in the project, it landed differently than the usual "AI found a bug" headline.
This wasn't a synthetic benchmark on a toy program. It was production code that thousands of security researchers had already crawled over.
What Mythos found and why it matters
The detail that makes Stenberg's post worth reading is the type of finding. Mythos didn't flag a textbook buffer overflow or a one-liner where someone forgot to check a return value. It identified a defect that required reasoning across the surrounding control flow — the kind of bug that historically needed a human to sit with the code, build a mental model, and notice the subtle interaction.
For years, AI-assisted security tools have been stuck in two modes:
- Pattern matchers that essentially rebrand grep. They catch low-hanging issues, generate noise, and miss anything that requires understanding intent.
- LLM wrappers that summarize diffs in plain English but can't tell you whether the change is safe.
Mythos is being positioned as something different: a system that reasons about code the way a senior reviewer does, traces data flow across function boundaries, and produces findings specific enough to triage. The curl result is the first public proof point that this category can produce a non-trivial finding in a heavily audited target.
We're being careful with the framing here. One vulnerability, in one project, surfaced by one tool, does not prove "AI has solved security review." But the bar for a credible result in this space has been low for a long time, and Mythos cleared it on a target where the noise floor is very high.
The curl codebase already runs through OSS-Fuzz, Coverity, Clang's static analyzer, and dozens of human eyes per release cycle. Finding a real bug in this environment is meaningfully different from finding bugs in random GitHub repositories that have never been audited.
What this changes for your team
If you ship code, the practical question is whether AI security review now belongs in your pipeline alongside static analysis and dependency scanning. The answer depends on what you're doing today.
If your current security workflow is:
- Dependabot or Renovate for dependency CVEs
- A SAST tool (Semgrep, CodeQL, Snyk Code) running in CI
- Occasional pentesting before major releases
Then AI-assisted review is best treated as a fourth layer, not a replacement. Static analyzers catch a different class of bugs efficiently and cheaply. LLM-based reviewers catch a different class — the ones requiring narrative reasoning about what the code is supposed to do — but at higher latency and higher cost per scan.
The migration pattern teams are converging on:
- Run LLM-based review on changed code only (diff-scoped), not the entire repository
- Trigger on pull requests that touch security-sensitive paths: auth, crypto, parsers, anywhere external input crosses a trust boundary
- Treat findings as hypotheses for a human to confirm, not as gating signals
- Track false positive rate per tool over a quarter before adjusting trust
Cost discipline matters more than people admit. Running a frontier-model code review on every PR in a busy monorepo can run into thousands of dollars per month before you've shipped any real coverage. Scoping prevents the bill from outpacing the value.
The supply-chain angle
The deeper story isn't curl's specific vulnerability — it's the asymmetry that Mythos's success implies. Attackers and defenders both now have AI tools that can reason about code. Whichever side scales the workflow first gets the structural advantage.
Two scenarios are worth thinking through.
Scenario A: defenders win the race. Major OSS projects integrate continuous AI review. Vulnerabilities get found earlier, by tools the maintainers control, before public disclosure. The bug count per project might go up in the short term, but mean time to discovery drops. Downstream users benefit.
Scenario B: attackers win the race. State-level and organized criminal groups deploy similar tooling against the same OSS targets, quietly. They build inventories of zero-days in widely deployed dependencies. The first sign anything is wrong is a coordinated incident months later.
The good news is that the cost curve favors defenders. Maintainers can run review on a known target with full source access. Attackers have to run it on the same code, then weaponize the finding, then deploy without detection. The work asymmetry is real.
The bad news is that the adoption curve favors attackers. They don't have to convince a security team to provision a budget line item. They just point a tool at curl and wait.
If you maintain or depend on a critical open-source library — anything in your top 20 dependencies — assume someone with adversarial intent is already running AI review against it. The question is whether you are too.
How to evaluate AI security tools without getting sold
The market will flood with "AI security audit" products over the next year. Most will be repackaged GPT calls with a security-themed system prompt. A few will be substantially better. Here's what we look for:
- Reproducibility. Can the tool find the same class of bug twice on adjacent code? Run it on a project you know well and check whether findings are stable across runs.
- Specificity. Generic findings like "possible injection vulnerability" are useless. A finding should point to a specific line, name the unsafe input, and describe the trust boundary crossed.
- False positive discipline. Ask vendors for their precision rate on a public benchmark, not their recall. Recall is easy. Precision is hard, and precision is what determines whether your team will actually triage findings or learn to ignore them.
- Transparency on cost. A tool that won't tell you per-scan token cost is hiding something. Pricing models that bill per repository regardless of size usually subsidize small teams at the expense of larger ones, or vice versa — know which side of that math you're on.
The curl result is signal that this category can be real. It is not yet signal that every tool claiming AI security review is real. Mythos has one public proof point; most competitors have zero.
Originally published at pickuma.com. Subscribe to the RSS or follow @pickuma.bsky.social for new reviews.
Top comments (0)