alt Hacker NewsThe posted page has an entire section titled "Why didn't Mythos find this?"
tl;dr: the bug spans three components in different code bases that when looked at in isolation each do reasonable things. The bug is in the interaction, in the assumed properties of the value that eventually gets exposed as request.url.path. That was apparently too subtle for current Anthropic models to spot
So an LLM was unable to reason about a codebase to find cross-library vulnerabilities.
Your response was a weak excuse, it’s a clear demonstration of the shortcomings of LLMs which will inevitably cause headlines in the future.