Curl maintainer Daniel Stenberg published results from Anthropic's Mythos AI security scanner examining curl's git master. Mythos flagged 5 issues as 'confirmed security vulnerabilities' but after review, only 1 was confirmed — a low-severity flaw scheduled for CVE disclosure with curl 8.21.0 in late June. Three were false positives pointing to already-documented API behavior and one was a simple bug. Stenberg concluded the exercise was 'an amazingly successful marketing stunt' while acknowledging the ~20 non-security bugs found were useful. Multiple security firms (Wiz, ArmorCode, Dynatrace) published analyses framing Mythos's curl audit as a benchmark for AI security tooling.