Apparently the AI company Metabase has a very poor code base. Like so many others, instead of questioning their own (or AI) output, they help their AI overlords by promoting security scans.

Fact is that Mythos found only one issue in curl and nothing at all in most code bases. It is getting quiet around Mythos, and the AI companies will move on to the next scam.

▲

bluGill an hour ago | parent [-]

Mythos found only one issue in curl - but it didn't start until many other LLMs had been run and found a lot of issues that were fixed. If Mythos was run a year ago it would have found over 100 issues (of course it didn't exist a year ago, nor did the other tools).

▲

4ladf1 an hour ago | parent [-]

Curl had many old protocols and code from the 1990s that no one used. Besides, Mythos was claimed to be better than existing tools.

In most open source projects, Mythos or similar tools have found nothing. The AI people only contact the projects where they find something, because it would be bad for marketing otherwise.

	▲	dynawicki an hour ago \| parent [-]
		This is now the open source problem. And why my personal opus of work has been removed from online repositories. Who gave them "the right to scan"? You did by hosting your open source in public. But scanning a public service prior to AI was still covered by "Unauthorized System Access". But what if they are wrong, and given the self-serving nature of these scans, now your repo is just OJ Simpson? And your software is banned due to an external scan you did not ask for? Is there no one in this world who will be accountable for any thing at all? Can we sue the scanners if they are wrong and publish their results for defamation even in a public PR? These things will happen. IF I had source in the open and a scan result was incorrect that nobody asked for and the results had false positives, I would sue Anthropic for defamation and I would win.