Cybersecurity startup Depthfirst said its AI model found many bugs that Anthropic Mythos missed. Depthfirst claimed the cost is about one-tenth of Mythos.

Forbes reported that Depthfirst received an $80 million investment in March at a valuation of $580 million.

Depthfirst CEO Qasim Mitaani (카심 미타니) said Depthfirst optimised its model for a single task, allowing it to do work Mythos does for $10,000 for $1,000.

Depthfirst also introduced an "Open Defense Initiative" to help companies and open-source developers find code bugs with its AI by providing $5 million in credits. It is a similar concept to Anthropic providing Mythos on a limited basis to about 50 companies, but Depthfirst says it will not select recipients. It will initially prioritise open-source developers used for core infrastructure.

Mitaani said limiting access to the technology is "not the right approach" and said "if attackers use this model, they can get results similar to ours."

Bugs found by Depthfirst include a vulnerability in the widely used web server NGINX. NGINX is used on about two-thirds of websites that people visit frequently on the internet. The flaw has existed since 2008 and was left in a state that could be exploited for 18 years, Mitaani said. NGINX management company F5 Networks plans to introduce a patch.

The Depthfirst model also found a serious flaw in Linux that lets hackers execute remote code. Forbes said the flaw has not yet been patched.

Depthfirst also found bugs in the Google Chrome browser, and Google said it confirmed them and patched both cases.

Depthfirst said it additionally found 12 new flaws that Mythos missed in the open-source video and audio processing software FFmpeg.

Forbes said that while voices calling for AI-based defence strategies are growing as AI-powered attacks increase, not everyone agrees AI will greatly improve internet security. FFmpeg maintainer Jean-Baptiste Kempf (장바티스트 켐프) said "it is easy to find bugs even without AI" and said "finding vulnerabilities is easy, and fixing them properly is hard."