I haven’t laughed so hard in ages. A message just appeared that said Anthropic is having an “Ottenheimer” moment, when they thought that they were going to be having their “Oppenheimer” moment. ROFL. Sorry guys. Didn’t mean to throw cold water on your hot march towards global annihilation.
“I am become depth, the destroyer of words“.
The cURL repo maintainers aren’t mincing words about the failure of Mythos to match the hype. Daniel Stenberg calls it a lot of hot air:
Stenberg wrote that the report “felt like nothing,” and that feeling was further validated by a review of Mythos’ findings.
Nothing. Mythos felt like nothing. The Mythos report itself describes its work as “hand-driven analysis”. Really.
…hand-driven analysis using LLM subagents for parallel file reads, with every candidate finding re-verified by direct source inspection in the main session before being recorded… No automated SAST tooling was used.
I really wonder why the hand driving wasn’t the hand of Stenberg. Why wasn’t Anthropic falling over itself to make sure Stenberg had access to the tool? That’s not right. A real tool wants real hands giving real feedback.
And here’s the real kicker:
“Once my curl security team fellows and I had poked on this short list for a number of hours and dug into the details, we had trimmed the list down and were left with one confirmed vulnerability,” Stenberg said, bringing us back to the aforementioned number.
As for the other four, three turned out to be false positives that pointed out cURL shortcomings already noted in API documentation, while the team deemed the fourth to be just a simple bug.
BOOM.
Three of the five “confirmed” findings flagged behavior that curl’s own API documentation describes as intended. Mythos mislabeled the documented, accepted behavior as novel findings, vulnerabilities for review. That is an even worse failure than just RTFM.
Call this what it is, yet more validation that a human designed harness is the only real threat, and NOT the very expensive Anthropic model. I’ve said it repeatedly on this blog. Nothing so far has proven Mythos is anything we haven’t seen before. Stenberg is landing where so many other experts already are waiting:
I see no evidence that this setup finds issues to any particular higher or more advanced degree than the other tools have done before Mythos.
Amen. And yet? ZOMG the FEAR circulating, even from some security experts. It burns.
What is really wrong with this survey is that the security industry needs to be focusing on Post Quantum preparedness instead of AI-vendor hype about AI.
Anthropic has made the world significantly less prepared by blowing hundreds of millions into trying to scare people into a billionaire-run cartel of disinformation.
As lead developer of curl I was offered access to the magic model and I graciously accepted the offer. Sure, I’d like to see what it can find in curl.
I signed the contract for getting access, but then nothing happened. Weeks went past and I was told there was a hiccup somewhere and access was delayed.
Eventually, I was instead offered that someone else, who has access to the model, could run a scan and analysis on curl for me using Mythos and send me a report. To me, the distinction isn’t that important. It’s not that I would have a lot of time to explore lots of different prompts and doing deep dive adventures anyway. Getting the tool to generate a first proper scan and analysis would be great, whoever did it. I happily accepted this offer.
That is some very hard evidence to add to the the cartel theory.
Meanwhile, Post Quantum? Hello? It’s a real threat. This cartel nonsense is destroying trust in Anthropic. Every day now I get open mouths and saucer eyes when I demonstrate free and commodity tools to CISOs that prove how Mythos “velvet rope” access gets them exactly… nothing. Stenberg says as much himself.
Primarily AISLE, Zeropath and OpenAI’s Codex Security have been used to scrutinize the code with AI. These tools and the analyses they have done have triggered somewhere between two and three hundred bugfixes merged in curl through-out the recent 8-10 months or so. A bunch of the findings these AI tools reported were confirmed vulnerabilities and have been published as CVEs. Probably a dozen or more.
Nowadays we also use tools like GitHub’s Copilot and Augment code to review pull requests, and their remarks and complaints help us to land better code and avoid merging new bugs. I mean, we still merge bugs of course but the PR review bots regularly highlight issues that we fix: our merges would be worse without them. The AI reviews are used in addition to the human reviews. They help us, they don’t replace us.
In other words, Mythos showed up and nothing changed. Nothing. He’s calling it at least 8 months late to the CVE party.
How bad is the Anthropic nothingburger distraction? I usually show the following vulnerability family, for example. The 2007 fix sits inside Mythos’s training corpus. The 2008 sibling fork carried the same flaw unpatched in public code for 17.5 years. Mythos’s “discovery” matched a fix that it knew already.
That is simply a re-scan of old fixed bugs, NOT discovery, by any modern definition. In the cURL example, even retrieval wasn’t done right by Mythos. If you read the Anthropic announcement right, it’s been a lot of hot air from day one.
As Stenberg put it in his blog post:
We have not seen any AI so far report a vulnerability that would somehow be of a novel kind or something totally new.
That is the lead cURL maintainer confirming retrieval over discovery, in his own voice, exactly what I have been reporting based on Anthropic’s own launch blog based on the UMich/MIT/FreeBSD example.
Preach, brother. Here’s the anti-cartel novelty pin I made for everyone to wear on calls about Mythos:
Stenberg was never allowed to run the prompts and report first-hand, while Anthropic remains in hiding. An unnamed third party ran Mythos, generated the report, sent it over to keep up the ruse. No one outside that arrangement can audit what Mythos did autonomously versus what the human operator is doing. The “velvet rope” access prevents actual comparisons that would settle the growing doubt in Anthropic.
30 April 2026, 16:33:37 UTC. Canonical’s incident monitoring system marks blog.ubuntu.com as Service Down.
Within ten minutes the rest of the company’s public web was down as well: the main site ubuntu.com, the security advisory APIs that downstream package management depends on, the developer portal, the corporate site, the training platform. These disruptions ran for roughly twenty hours.
1 May 2026, 12:44 UTC. Service Restored.
The group claiming responsibility for the attack said it used a paid service. They named one tool they had rented: a commercial denial-of-service product called Beamed, sold under multiple TLDs, with beamed.su serving as the marketing and blog site and beamed.st serving as the customer login portal. The April 2026 blog post “How to Bypass Cloudflare with Advanced Stresser Methods” advertises three named techniques for defeating Cloudflare protection, including residential IP rotation and manual “endpoint hunting” to locate origin servers. Beamed is explicit about what it sells:
Cloudflare acts as a reverse proxy, hiding the origin server’s IP address. Many low-quality booters fail against “Under Attack Mode” or Bot Fight Mode. Beamed.su employs several advanced techniques to effectively stress test websites protected by Cloudflare and similar CDNs.
The blog post hosting this paragraph is itself served by Cloudflare. The product sold is Cloudflare bypass. The hosting provider for the seller is Cloudflare.
A week after the attack, beamed.su and beamed.st remain online. Both resolve to Cloudflare AS13335 addresses. Canonical’s two repository endpoints, security.ubuntu.com and archive.ubuntu.com, also resolve to Cloudflare AS13335 addresses, as a paid customer relationship.
Cloudflare fronts attackers for free and bills the victims for relief.
The question I repeatedly have been asked is whether what just happened amounts to blackmail, and how the actor that claimed responsibility (a self-described pro-Iranian group calling itself the Islamic Cyber Resistance in Iraq, also styled as 313 Team) ends up renting attack capacity from a service whose front-end infrastructure is operated by the same company that Canonical eventually paid for relief.
Beamed’s consumer-facing domains are registered through a registrar called Immaterialism Limited, which sells domain registration on a flat-rate basis and via a JSON API. Cheap, automated registration with zero friction is typically associated with abuse hosting. Immateriali.sm is itself proxied through Cloudflare nameservers (tani.ns.cloudflare.com and trey.ns.cloudflare.com).
Immaterialism Limited is registered at Companies House in the United Kingdom under company number 15738452. It was incorporated on 24 May 2024 with one director, Nicole Priscila Fernandez Chaves of Costa Rica (date of birth March 1993), at a mass-mailbox address on Great Portland Street in London.
On 11 April 2025 Fernandez Chaves resigned the directorship while retaining 75 percent or more of the economic interest. The replacement director was Naomi Susan Colvin, a British national resident in England, appointed at the same address.
Colvin is the former Director of the Courage Foundation, the legal-defence vehicle whose trustees have included Julian Assange, John Pilger, Vivienne Westwood, and Renata Avila, and which has supported beneficiaries including WikiLeaks and Barrett Brown. Her current role is UK and Ireland Programme Director at Blueprint for Free Speech, working on whistleblower protection and anti-SLAPP litigation. The legal campaign that prevented the extradition of Lauri Love to the United States ran under her direction. She is a longstanding activist.
On 26 February 2026 Immaterialism Limited filed two changes at Companies House on the same day: a registered office change (from 85 Great Portland Street to 167-169 Great Portland Street) and a change of details for Fernandez Chaves as person with significant control.
The next day, 27 February 2026, the routing infrastructure that announces Beamed’s IP space and that of related services moved jurisdiction.
The autonomous system that announces Materialism’s address space is AS39287. RIPE allocated this AS number on 24 January 2006. Its routing identity has been preserved continuously since then, but its registered operator and the country of record have changed twice.
From around 2017 to roughly 2020, AS39287 was held by Privactually Ltd, a Cypriot company, and operated under the name FLATTR-AS. Flattr was the micropayments project of Peter Sunde Kolmosoppi, one of the founders of The Pirate Bay. The abuse contact for prefixes under that registration was abuse@shelter.st.
From 2020 to 2026, the same AS number was reassigned to ab stract ltd, a Finnish company at Urho Kekkosen katu 4-6E in Helsinki. Its maintainer object on the RIPE record was BKP-MNT. Named person of record: Peter Kolmisoppi (handle “brokep”), another founder of The Pirate Bay, with a Malmö postal address and the email noc@brokep.com. The authoritative nameservers for the operator’s domain abstract.fi were the three Njalla nameservers at njalla.fo, njalla.no, and njalla.in. Njalla is the privacy-as-a-service domain proxy founded by Peter Sunde and operated through 1337 Services LLC in St. Kitts and Nevis. Some prefixes under ab stract carried abuse contacts at cyberdyne.is.
Reassignment on 27 February
On 27 February 2026, at 12:11:48 UTC, RIPE recorded the third reassignment. AS39287 became the property of Materialism s.r.l., a Romanian company at Bulevardul Metalurgiei in Bucharest, operating under the name “materialism.” A Materialism RIPE membership had been provisioned five months earlier, on 30 September 2024, and had then sat dormant. The reassignment included the IPv4 prefix 45.158.116.0/22 and the IPv6 prefixes 2001:67c:2354::/48 and 2a02:6f8::/32, the last of which was originally allocated in August 2008 under the prior regime.
The peering arrangements were preserved across all three transitions. AS39287 has continued to import from and export to AS42708 (Telia), AS37560 (GTT), AS12552 (GlobalConnect), AS34244 (Voxility), and AS54990, in identical configuration, from the FLATTR period to the materialism period. The same routes leave the same upstream networks. The visible operator name is the variable.
The IANA list of accredited domain registrars also shows that the customer base of Immateriali.sm includes 1337 Services LLC, the trading entity behind Njalla. The registrar end of the chain and the privacy-proxy end are accordingly under the same alumni cluster.
1337 Services. Yeah, I know.
Cert rotation on 27 February
The relevant certificate transparency record for Canonical’s repository endpoints shows the following entries during the same 24-hour window in which the routing reassignment occurred.
At 06:14:03 UTC on 27 February, Let’s Encrypt issued a fresh apex certificate for archive.ubuntu.com.
At 19:13:35 UTC on the same day, Let’s Encrypt issued a fresh apex certificate for security.ubuntu.com. The 2026 certificate transparency record for that hostname before this entry contains regional mirror certificates only. An apex certificate at security.ubuntu.com does not appear earlier in the visible log.
At 22:14:03 UTC on the same day, a fresh certificate was issued for clouds.archive.ubuntu.com.
In the following nine days the same pattern repeated for azure.archive.ubuntu.com, wildcard-gce.archive.ubuntu.com, and wildcard-ec2.archive.ubuntu.com. Each new certificate was issued for the apex hostname rather than for a regional mirror.
A valid origin certificate on the apex hostname is a precondition for putting that hostname behind a content delivery network without breaking encryption between the network and the origin. The certificate has to exist at the origin before the network can be told to fetch from there.
The synchrony of these two events on 27 February has not yet been explained.
The Attack Timeline
The minute-by-minute log of the incident is taken from Canonical’s own status.canonical.com page, snapshotted into Ubuntu Discourse thread 81470 by a user at approximately 22:52 UTC on 30 April. All times below are UTC. Where original sources used Pacific Daylight Time or British Summer Time, conversion is given inline.
So the security advisory feed went dark within three minutes of the start, and the marketing apex within ten. The two hosts that were not yet attacked at this point were security.ubuntu.com and archive.ubuntu.com, the two endpoints whose unavailability breaks apt update on every Ubuntu installation worldwide.
This is notable to me because an attacker held the repository endpoints in reserve for three hours, and then activated them late.
From 19:40 UTC for the next seventy minutes, both repository endpoints flapped repeatedly between Down and Operational on the status board. The status log records five Down/Operational transitions on security.ubuntu.com and four on archive.ubuntu.com during that period.
This pattern is consistent with a mitigation being attempted at the origin (rate limits, geographic filters, traffic scrubbing) and failing under sustained load at the announced 3.5 Tbps scale.
After this 44-second window neither host appears Down again in the captured snapshot, which extends to 22:52 UTC. The flapping stops cleanly. The two endpoints stabilise together, less than a minute apart, four hours and seventeen minutes into the attack.
The currently resolved state of those two hostnames matches the destination implied by that stabilisation. As of this writing, security.ubuntu.com and archive.ubuntu.com both resolve to 104.20.28.246 and 172.66.152.176, which are addresses now being operated by Cloudflare under AS13335.
The other affected hosts (ubuntu.com, canonical.com, launchpad.net, snapcraft.io, login.ubuntu.com) all still resolve to Canonical’s own AS41231 space at 185.125.189.x and 185.125.190.x. The authoritative nameservers for ubuntu.com remain ns1.canonical.com, ns2.canonical.com, and ns3.canonical.com.
The selective Cloudflare onboarding
Canonical handed Cloudflare exactly two A records: the two records the attacker had targeted for repository denial. Everything else stayed on Canonical’s iron and weathered the attack under whatever mitigation was already in place.
The non-repository hosts continued flapping through the end of the snapshot. They eventually came back through some combination of upstream filtering and the attack subsiding.
Canonical’s first public acknowledgement was posted at 07:13 UTC on 1 May, ten hours after the repository endpoints had been made stable behind Cloudflare. Full restoration of all components was confirmed at 12:44 UTC on 1 May, roughly twenty hours after onset.
Naming what happened
No ransom payment moved by any visible channel.
Cryptocurrency flows of the relevant magnitude are absent from the public record.
A demand letter has not surfaced.
Negotiation, if any occurred, was conducted in private.
What did move was a paid subscription.
Canonical’s two highest-value endpoints, the ones whose denial creates a worldwide failure of automated security updates, transitioned to a service relationship with a vendor whose other current customers include the booter operation that was attacking them.
This transaction concluded without requiring Cloudflare to issue any demand. Beamed’s continued availability for hire is the demand. The outage clock running on Canonical’s own infrastructure is the deadline. The protector collects on both sides while remaining, at every individual moment, content-neutral and within the letter of its terms of service. Whether Cloudflare designed this position or arrived at it through the aggregation of unrelated customer decisions is, from the perspective of how a racket operates, immaterial. It works the same either way.
Any historian should be able to call this out as the same architecture we’ve all seen before.
Moses Annenberg’s General News Bureau in the 1930s sold timely race-track results to bookmakers across the United States. Bookmakers who subscribed survived. Bookmakers who declined the subscription found their odds-setting capacity destroyed by competitors who had subscribed.
Annenberg’s revenue depended on his monopoly over the verification of race results, which made every unauthorised bookmaker dependent on his wire to operate. The federal government broke that monopoly through tax prosecution in 1939, and successor wire services were raided into the 1940s. Mayor LaGuardia in 1942 wasn’t messing around:
Nine men were arrested yesterday in raids on a fifth-floor suite of offices at 126 Liberty Street and in apartments in an eighty-five-family house at 834 Penfield Street, the Bronx, in what the police called a “million-dollar-a-year wire service for poolroom bookmakers and other gamblers on horse racing in New York, New Jersey, Westchester and Nassau County.”
The DDOS-protection market reads today as roughly the same position with respect to the booter market. Cloudflare’s revenue depends on its position as the verifier of whether a service is reachable on the public internet. When the same company is also the booter’s hosting provider, the threat and protection roles have been merged into a single revenue stream.
What distinguishes this particular incident is how the public record appears to be laundered. Companies House holds the corporate paperwork. RIPE’s database holds the routing reassignment. Certificate transparency logs capture the rotation date for the apex certificates. Canonical’s own status page captures the minute the records changed.
Every part of it is the public registry or a corporate disclosure. Even the 27 February cluster is on the public record. On that day three preparations completed within a single calendar window. Materialism s.r.l. took ownership of AS39287 and the long-held IPv6 prefix that came with it. Immaterialism Limited filed its Companies House paperwork. And on Canonical’s side, the two apex hostnames that would later be moved behind a content delivery network had their origin certificates renewed.
The four-hour gap between the onset of the attack and the appearance of Cloudflare addresses on Canonical’s repository hostnames is the interval during which the purchasing decision moved. I imagine engineers moving from “hold the line” against attacks routed through Cloudflare to “sign the Cloudflare contract.” Roughly the time it took for the cost of continued outage to exceed the deal Cloudflare offered.
The new customer relationship was visible at 20:50:29 UTC on 30 April 2026.
It should surprise exactly nobody that the American market turns on McDonalds and Coca-Cola instead of a rare steak with a glass of wine or even clean water. Likewise, if you are asking students if they want to be a skilled chef or a fast-food worker, it maybe misses the point entirely, dear MIT lecturer in fiction and nonfiction writing.
Playing the AI-detection game drags me into a surveillance mindset that undermines the workshop environment. If you use AI, it reveals your orientation toward writing. Do you want to make art, or just turn in text? Do you want to actually learn how to write, or just pretend to do so?
Even if you actually learn how to write, what billionaire is going to hire you? You learn the humanities and the billionaire suddenly doesn’t have an iron grip. Which one of the billionaires wants more than waves of desperate disposable humans to just turn in their text and go die? Do you think that’s how Putin or Hegseth plans to win their similar wars? Teaching skills, independent thought and capable minds, becomes a revolutionary act in Trump’s dumb vision of America. You will need to also prepare kids to be called frustrated, angry, and any number of emotive terms by the coin-operated MAGA machine that pushes a no-skill labor meat grinder market run by the emotionless AI oligarchs.
Related: Trump spirals into AI slop and FOX news now calls him the AI president.
…forever this administration and Trump will be the AI president. [The harms to humanity] all came on his watch.