
Mythos smythos! How to find 0day with lesser models
From Risky Business Features by Risky Business Media
May 8, 2026 · 1h 28m
About this episode
James Wilson chats with Niels Provos about using older AI models to hunt for 0day vulnerabilities.
In this podcast James Wilson chats with Niels Provos about his research into using older AI models to successfully hunt for 0day vulnerabilities. Niels has had a long and prolific career in cybersecurity, having worked as a Distinguished Engineer at Google and then heading up security at Stripe. His interest in AI bug hunting was piqued recently when one of the Mythos 0day vulnerabilities that received lots of attention happened to be in code he wrote for the OpenBSD project 27 years ago. It got him thinking: Are these frontier models really that magical? Or could we replicate their findings with some clever orchestration instead of relying on the model’s smarts to find bugs with a single prompt? As it turns out, this was worth looking into. Niels’ orchestration framework, Iron Curtain, works extremely well. This episode is also available on YouTube
People in this episode
Host: James Wilson
Guest: Niels Provos
Topics covered
- AI models
- 0day vulnerabilities
- cybersecurity
- bug hunting
- orchestration framework
Keywords
- 0day
- vulnerabilities
- AI
- cybersecurity
- bug hunting
- Iron Curtain
- Mythos
Mentioned in this episode
Organizations: Google, Stripe, OpenBSD
Products: Iron Curtain
More episodes of Risky Business Features
- Why NPM v12 won’t stop supply chain attacks · June 12, 2026 · 39 min
- Everything is getting much worse, much faster · June 5, 2026 · 23 min
- Solo podcast: A deep dive on TeamPCP · June 2, 2026 · 1h 4m
- How to survive supply chain attacks · May 25, 2026 · 37 min
- How the CopyFail disclosure went sideways · May 21, 2026 · 19 min
- NCSC’s Ollie Whitehouse on surviving the "bugpocalypse" · May 18, 2026 · 29 min
Explore listener stats, chart rankings, contacts and more on the Risky Business Features podcast page.