Most teams do.
Because realistically:
You don’t have time to review every edge case
Security audits are expensive and slow
And if something really critical existed… surely someone would’ve caught it by now
Right?
Here’s the uncomfortable truth:
Some vulnerabilities sit in production code for 5, 10, even 20+ years - completely unnoticed.
Not because people are careless.
But because finding them is genuinely hard.
Now here comes a new AI model - Claude Mythos Preview
What it found is…:
A 27-year-old bug in OpenBSD (an OS known for security)
A 16-year-old vulnerability in FFmpeg, one of the most widely used media libraries
Multiple Linux kernel privilege escalation paths
These aren’t obscure hobby projects.
These are battle-tested, heavily audited systems.
However, what I see this is a double-edge sword:
If you could use it, so could the attacker
The bottleneck will no longer be finding vulnerabilities
It’s who finds them first - attackers or defenders
But do you think, are we entering a world where software gets stress-tested at scale, automatically?
