{"id":12771,"date":"2026-05-12T15:06:35","date_gmt":"2026-05-12T15:06:35","guid":{"rendered":"https:\/\/wildgreenquest.com\/?p=12771"},"modified":"2026-05-12T15:06:35","modified_gmt":"2026-05-12T15:06:35","slug":"this-startups-ai-found-critical-vulnerabilities-that-anthropics-mythos-missed","status":"publish","type":"post","link":"https:\/\/wildgreenquest.com\/?p=12771","title":{"rendered":"This Startup\u2019s AI Found Critical Vulnerabilities That Anthropic\u2019s Mythos Missed"},"content":{"rendered":"


\n<\/p>\n

\n
\n
\n
\n

Depthfirst’s cofounders all have history in AI security, whether with Google DeepMind, Databricks or Block.<\/span><\/p>\n

Depthfirst<\/small><\/div>\n<\/div>\n<\/figure>\n

T<\/abbr>he launch of Anthropic\u2019s AI model Mythos a month ago sent shockwaves through the cybersecurity world. The tech was so advanced, the AI company said, that it had found dozens of severe bugs in critical internet code. <\/p>\n

Now, cyber startup Depthfirst says its own AI model has found even more bugs that Mythos missed for just a tenth of the cost, including critical flaws that could affect the majority of people using the web today. Depthfirst CEO Qasim Mithani says that because Depthfirst optimizes its models for one task, it can do for $1,000 what Mythos does for $10,000.<\/p>\n

Depthfirst, which raised $80 million at a $580 million valuation in March, is also launching Open Defense Initiative<\/a>, a program that offers companies and open source developers a total of $5 million in credit to use its artificial intelligence to find bugs in their code. It\u2019s similar in concept to Anthropic\u2019s limited release of Mythos, which it gave to a group of nearly 50 companies (and it\u2019s now expanding). Depthfirst won\u2019t pick and choose who can access its model, but will review applicants, at first limiting it to open source developers whose code is widely used or deployed in critical infrastructure.<\/p>\n

\u201cGating\u201d the technology and limiting it to select partners is \u201cnot the right approach,\u201d says Mithani. Ultimately, Mithani says defenders need to use every tool at their disposal to prevent cyber disaster now that hackers also have powerful AI. \u201cIf attackers use these models, they can probably get to a similar result that we do,\u201d he says. \u201cSo that’s why we’re worried, and that’s why we’re launching this program.\u201d<\/p>\n

The launch of Open Defense is part of an age-old cat and mouse game between defenders and attackers that AI is speeding up dramatically. The hope is that AI is so good at finding vulnerabilities at scale that it\u2019ll bring about a net improvement for web security. But cybercriminals are already making hay with AI. On Monday, Google warned a criminal gang was using it to develop a so-called zero-day exploit, a powerful program that targets previously-unknown and unpatched vulnerabilities. Anthropic has discovered that Chinese spies used Claude to launch cyberattacks on tech companies and politicians.<\/p>\n

That makes fixing exploitable bugs that much more urgent. Among the bugs Depthfirst discovered was a vulnerability in NGINX, the most widely deployed web server in the world, which helps run nearly two-thirds of the most visited sites on the internet. The flaw had been sitting in NGINX since 2008, Mithani tells Forbes<\/em>, meaning it was exploitable on any NGINX server over the last 18 years. \u201cWhich is the crazy thing about it, because that\u2019s most of the internet.\u201d NGINX maintainer F5 Networks is due to announce a patch later this week, he says. <\/p>\n

Kunal Anand, chief product officer at F5, declined to comment on the bug but said he was excited about AI discovering vulnerabilities because it can do so at scale. \u201cIt changes the math. Security researchers, engineering teams, open-source maintainers all get better when AI can trace code paths and surface edge cases at a scale no individual or team could match on their own,\u201d he says. \u201cThe bugs were always there and now we have better tools to find them.\u201d<\/p>\n

Mithani\u2019s models also found a similarly serious flaw in Linux, the open source operating system, which would allow a hacker to execute rogue code on a computer running the software. It hasn\u2019t been patched. The Linux Foundation hadn\u2019t responded to requests for comment.<\/p>\n

Depthfirst\u2019s model also found bugs in Google\u2019s Chrome browser. Google confirmed Depthfirst\u2019s findings and that both issues have been patched. They had been rated as \u201chigh severity,\u201d as they could have allowed hackers to launch attacks via malicious web pages.<\/p>\n

It discovered 12 new flaws that Mythos had missed in FFmpeg too, an open source software for processing video, audio and other multimedia files on the web. The latter is the backbone for many major platforms\u2019 video infrastructure, with Netflix, YouTube, Instagram, Facebook and Spotify among its many users. <\/p>\n

Not everyone is convinced that AI will drastically improve internet security. Jean-Baptiste Kempf, who helps maintain FFmpeg, tells Forbes <\/em>that it\u2019s easy to find bugs in the platform without AI, adding, \u201cFinding vulnerabilities is easy\u2026 fixing correctly is hard.\u201d<\/p>\n

MORE ON FORBES<\/h2>\n

Forbes<\/span>Anthropic\u2019s Claude Is Pumping Out Vulnerable Code, Cyber Experts Warn<\/span>By Thomas Brewster<\/span><\/small><\/span><\/span>Forbes<\/span>Anthropic Mythos And Embracing The AI \u2018Bugmageddon\u2019<\/span>By Thomas Brewster<\/span><\/small><\/span><\/span>Forbes<\/span>U.S. Cyber Agency Doesn\u2019t Have Access To Advanced AI Hacking Tools<\/span>By Thomas Brewster<\/span><\/small><\/span><\/span>Forbes<\/span>ChatGPT Is Banned In China. Beijing\u2019s Spies Are Still Using It.<\/span>By Thomas Brewster<\/span><\/small><\/span><\/span><\/div>\n


\n
Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Depthfirst’s cofounders all have history in AI security, whether with Google DeepMind, Databricks or Block. Depthfirst The launch of Anthropic\u2019s AI model Mythos a month ago sent shockwaves through the cybersecurity world. The tech was so advanced, the AI company said, that it had found dozens of severe bugs in critical internet code. Now, cyber<\/p>\n","protected":false},"author":1,"featured_media":12772,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[37],"tags":[],"class_list":{"0":"post-12771","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-brand-spotlights"},"_links":{"self":[{"href":"https:\/\/wildgreenquest.com\/index.php?rest_route=\/wp\/v2\/posts\/12771","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wildgreenquest.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wildgreenquest.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wildgreenquest.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wildgreenquest.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=12771"}],"version-history":[{"count":0,"href":"https:\/\/wildgreenquest.com\/index.php?rest_route=\/wp\/v2\/posts\/12771\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wildgreenquest.com\/index.php?rest_route=\/wp\/v2\/media\/12772"}],"wp:attachment":[{"href":"https:\/\/wildgreenquest.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=12771"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wildgreenquest.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=12771"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wildgreenquest.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=12771"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}