[as3qkaH]

Apparently the AI company Metabase has a very poor code base. Like so many others, instead of questioning their own (or AI) output, they help their AI overlords by promoting security scans.

Fact is that Mythos found only one issue in curl and nothing at all in most code bases. It is getting quiet around Mythos, and the AI companies will move on to the next scam.

[bluGill]

Mythos found only one issue in curl - but it didn't start until many other LLMs had been run and found a lot of issues that were fixed. If Mythos was run a year ago it would have found over 100 issues (of course it didn't exist a year ago, nor did the other tools).

[4ladf1]

Curl had many old protocols and code from the 1990s that no one used. Besides, Mythos was claimed to be better than existing tools.

In most open source projects, Mythos or similar tools have found nothing. The AI people only contact the projects where they find something, because it would be bad for marketing otherwise.

[dynawicki]

This is now the open source problem. And why my personal opus of work has been removed from online repositories.

Who gave them "the right to scan"? You did by hosting your open source in public. But scanning a public service prior to AI was still covered by "Unauthorized System Access".

But what if they are wrong, and given the self-serving nature of these scans, now your repo is just OJ Simpson? And your software is banned due to an external scan you did not ask for?

Is there no one in this world who will be accountable for any thing at all? Can we sue the scanners if they are wrong and publish their results for defamation even in a public PR?

These things will happen. IF I had source in the open and a scan result was incorrect that nobody asked for and the results had false positives, I would sue Anthropic for defamation and I would win.

[likesHumidity]

The open source problem argues for a modification of licenses to exclude certain uncompensated use in training commercial LLMs (which may arguably already be a violation).

With careful prompting, LLMs will give up some of their sources and methods. Claude describes the legally and ethically suspect methods Anthropic used acquiring training materials for its models.

The IP law and courts are starting to catch up (re: Anthropic settlement September 2025), but licensing language and enforcement has not.

[dynawicki]

Thats how "theft" works. You take the stuff and run away as fast as you can.

[synarchefriend]

Do you even believe this cope in your heart? With each month that passes you're going to keep seeing increasingly advanced bugs and mathematical proofs found by AI. And you'll have to keep coming up with increasingly silly excuses why that isn't real progress. Maybe save yourself the cognitive dissonance and face reality now. It's not just a parrot.