CURL has been scanned with multiple LLMs. Mythos was last and as a result found only 1 issue. If Myhos was really much better I'd expect it to find a lot more issues despite the others already there.
Also, the competing models are getting better. Opus 4.5 was better than everyone else when it was new, but only a few months later and there are a lot of models that are better (not just the newer Opus models)
Curl had a prominent bug bounty programme, has 180k lines of prod code, and is mainly a client app/lib. I would look at other projects before making judgements about mythos on this one.
Don't you want to test mythos against state of the art projects? They are the best chance of making visible what mythos uniquely brings to the table.
We already know that mythos will be branded catnip for sub-SOTA projects. They could have build SOTA secure software development practices last week, last month or last year. But didn't care. What will their experience with mythos tell us other than AI hype can create corporate will to take security seriously?
