New serious vulnerabilities spiked around release of Claude Mythos Preview

cubefox 80 points 25 comments July 03, 2026
epoch.ai · View on Hacker News

Discussion Highlights (8 comments)

solenoid0937

I predict once the responsible disclosure period is up we will see a lot more

hoppp

How are these reports verified to be valid? If there are too many some could be hallucinations too.

IAmGraydon

Is this because LLMs are better at finding vulnerabilities or because increased use of LLMs for coding is creating more vulnerabilities?

Robdel12

…are we really drawing conclusions on this starting at April? When it was released in June?

cperciva

This is hardly news? We've known for months that a flood of AI-assisted vulnerabilities was coming; I posted on Twitter in March calling 2026 the year of a million CVEs: https://x.com/i/status/2035045573116789002

eternauta3k

Can we learn something from these vulnerabilities? New categories of attacks and corresponding protections?

general_reveal

So, another victory for the LLM. We were told by project maintainers that AI generated pull requests for vulnerabilities would be blocked. Looks like humans take another L. We have to get out of the way.

simonreiff

So basically there are two plausible explanations: 1. Someone with early access to Mythos leaked it to the bad guys. 2. Cybercriminals are getting enough mileage out of alternatives to Mythos to create exploits far more quickly, even though they don't have access to Mythos. My own guess is that it's a combination of #2 plus vibe-coding degrading software quality at multiple layers, open the door to sophisticated exploits, but I have no insider access to Mythos so am just guessing. Maybe someone with Mythos access might say why they think this vulnerability spike happened when it did.

Semantic search powered by Rivestack pgvector
14,015 stories · 131,331 chunks indexed