AI security startup Depthfirst announces it has outperformed Anthropic's Mythos model! It uncovered a 18-year-old epic vulnerability in NGINX at just 1/10th of the bug-hunting cost.

📄Full Article· Automatically extracted by trafilaturaGemini 翻譯1624 words

Defeating the Anthropic myth! Cybersecurity startup Depthfirst claims that its self-developed AI model successfully identified multiple critical underlying vulnerabilities that even Anthropic's top-tier model "Mythos" failed to detect, all at one-tenth of the cost. From an epic vulnerability lurking in NGINX for 18 years to high-risk flaws in Linux and Chrome, Depthfirst has demonstrated astonishing bug-hunting capabilities. (Previous coverage: Valuation soars past $5.2 billion! European software giant SAP strategically invests in workflow automation platform n8n, making a full-scale entry into the "Agentic AI" ecosystem) (Background: OpenAI co-founder Andrej Karpathy: Supports AI models outputting HTML instead of Markdown) Months ago, Anthropic released its top-tier AI model "Mythos," claiming to have discovered dozens of critical errors in key web code, shocking the entire cybersecurity community. However, this "myth" is now facing a strong challenge. Cybersecurity startup Depthfirst recently publicly claimed that its self-developed AI model not only found major vulnerabilities missed by Mythos but also did so at one-tenth the cost. Depthfirst CEO Qasim Mithani pointed out that because their model is highly optimized for a "single task (finding vulnerabilities)," work that would cost Mythos $10,000 can be completed by Depthfirst for just $1,000. The vulnerabilities discovered by Depthfirst's AI model affect almost all current internet users. Below are the key fatal flaws identified: - NGINX: This is the world's most widely deployed web server (powering nearly two-thirds of the most visited websites on the internet). Depthfirst discovered a vulnerability that has been lurking in NGINX since 2008, meaning any NGINX server has been at risk for the past 18 years. Maintainer F5 Networks is expected to release a patch this week. - Linux: A similar critical flaw was discovered in the open-source operating system Linux, allowing hackers to execute malicious code on computers running the software. This vulnerability has not yet been patched. - Google Chrome: Multiple "high-severity" vulnerabilities were discovered, which hackers could use to launch attacks via malicious webpages. Google has confirmed these findings and completed patches. - FFmpeg: In this open-source software that powers the video infrastructure for platforms like Netflix, YouTube, Instagram, and Spotify, Depthfirst found 12 new flaws that Mythos missed. F5 Chief Product Officer Kunal Anand is excited about this: "This is a game changer. When AI can track code paths and identify edge cases at a scale no human can match, all security researchers and engineering teams become more powerful. These bugs have always been there; we just have better tools now." In addition to showing off its technical muscle, Depthfirst, which raised $80 million at a $580 million valuation this past March, also announced the launch of the "Open Defense Initiative." The program will provide a total of $5 million in credits, allowing enterprises and open-source developers to use its AI model for free to find code vulnerabilities. This stands in stark contrast to Anthropic's previous "closed" strategy, which limited Mythos to only 50 specific companies. CEO Mithani criticized the practice of restricting technology to a few partners as "incorrect." He emphasized that since hackers (such as cybercriminal groups recently warned about by Google, and spies using Claude to launch cyberattacks) already possess powerful AI, defenders must use every available tool to prevent cyber disasters. Although AI bug-hunting has demonstrated astonishing scale and speed, not everyone believes this will solve cybersecurity problems overnight. Jean-Baptiste Kempf, a core maintainer of FFmpeg, told Forbes that even without AI, it is easy to find bugs on this platform. He pointed out the most real pain point in the current cybersecurity world: "Finding vulnerabilities is easy... but 'fixing them correctly' is the real challenge."

Data Status✓ Full text extractedRead Original (動區 BlockTempo)

🔍Historical Similar Events· Keyword + Asset Matching6 items

2026-05-03

GPT-5.5 security testing scores are nearly identical to Claude Mythos, with the latest evaluation debunking Anthropic's claim that it is too dangerous to be released.

2026-05-03

GPT-5.5 security testing scores are nearly identical to Claude Mythos, debunking Anthropic's claim that it is too dangerous to be released.

2026-04-23

OpenAI CEO Sam Altman slams Anthropic: Fear-mongering Claude Mythos is just to monopolize AI

2026-04-22

Bloomberg reveals Claude Mythos has been subject to unauthorized access! The hardest vulnerability for Anthropic to defend against will always be "people."

2026-04-20

NSA secretly uses Anthropic Mythos: The Pentagon's double-dealing of banning and authorizing simultaneously