In the agents era, AI security story right now is not whether models can find bugs.
Anthropic’s “dangerously good” Mythos found 1 real bug in real curl codebase.
But 360’s (a security team from China) vulnerability mining agent independently found 23 flaws across the broader OpenClaw ecosystem, including critical remote code execution bugs and large-scale prompt-injection bypasses.
The real agent-security problem is runtime behavior: code, prompts, tools, local services, and permissions interacting before the system touches files, opens ports, or runs commands.
If you are building agents, this thread deserves a saved spot. 🧵↓
