| ▲ | PedroBatista 6 hours ago |
| The more I live the more I believe people at the top operated in some sort of cult mentality. The level of gullibleness, temporary lack of critical thinking is only matched by their sociopathy and Machiavellianism. I'm sure it's a great big model, but the level of hype and dishonesty is something out of Sam Altman's book. Of course it's because of the upcoming IPO, but that's the end game, for now it's critical to get those private equity guys and bank institutions to believe the gospel and hold the bag, only then the suckers from the secondary markets will be allowed to be suckers too. |
|
| ▲ | icedchai 5 hours ago | parent | next [-] |
| A good percentage of cybersecurity has always been theater. If their model helps to separate the wheat from the chaff, maybe it'll be an improvement. |
| |
| ▲ | bwfan123 4 hours ago | parent | next [-] | | > A good percentage of cybersecurity has always been theater It is great to be in a "best-effort" business where there are no consequences for bad things happening. Cybersecurity is one of those businesses. Web search, feeds and ads are another. Imagine you are selling locks to secure homes. A thief breaks the lock. The lock-maker is not held liable. In fact, they now start selling stronger locks, and lock sales actually improve with more thefts. | |
| ▲ | guzfip 4 hours ago | parent | prev | next [-] | | It sounds like it’ll just kill the wheat and the chaff. Still probably a benefit depending on your philosophy. | |
| ▲ | SpicyLemonZest 4 hours ago | parent | prev [-] | | I'm definitely optimistic that the long-term trajectory is positive. All important software can undergo extensive penetration testing with cutting-edge vulnerability research techniques before launch? Sounds great. The problem is what goes wrong on the pathway to there. |
|
|
| ▲ | colechristensen 5 hours ago | parent | prev | next [-] |
| There's a serious problem with being very popular/prominent/powerful and becoming surrounded by sycophants out of a sort of survival of the fittest and then developing a progressively more distorted view of reality as a result. When everything can appear to be made to work to the person at the center they start making progressively worse decisions which are consequence free because of the sway they already have. (this is a big reason why "disruptor" startups work) |
|
| ▲ | xvector 3 hours ago | parent | prev | next [-] |
| Will you eat your words when major vuln disclosures come out 3-4 months from now? |
| |
| ▲ | ofjcihen 3 hours ago | parent [-] | | Will you eat your words when you find out major vuln disclosures have been happening for decades? | | |
| ▲ | scottyah 3 hours ago | parent [-] | | They obviously meant on an unprecedented scale. | | |
| ▲ | ofjcihen 3 hours ago | parent [-] | | Sure, and healthy skepticism before proof is a sign of wisdom. Which makes taking claims from companies at face value…? |
|
|
|
|
| ▲ | downrightmike 4 hours ago | parent | prev | next [-] |
| Need to dump the bag on retail investors and pensions before they implode |
|
| ▲ | reducesuffering 5 hours ago | parent | prev [-] |
| Or, you're wrong. And the smartest AI Research Scientists and the top banking officials are both correctly worried about the ramifications. That's what you'd expect if there really was an issue here. Are you aware of the deep seated bugs in critical software that were already uncovered with Mythos? Are you able to steelman the issue here at all? |
| |
| ▲ | alephnerd 5 hours ago | parent | next [-] | | > Are you aware of the deep seated bugs in critical software that were already uncovered with Mythos This. 100% this. A large portion of the industry is under NDA right now, but most of the F500 have already already deployed or started deploying foundational models for AppSec usecases all the way back in 2023. Sev1 vulns have already been detected using "older" foundation models like Opus 4.x Of course the noise is significant, but that's something you already faced with DAST, SAST, and other products, and is why most security teams are also pairing models with experienced security professionals to adjudicate and treat foundation model results as another threat intel feed. | |
| ▲ | colechristensen 5 hours ago | parent | prev [-] | | Two things can be true. Historically bad security that people just got by with matched with powerful tools that aren't any better than the best people, but now can be deployed by mediocre people. | | |
| ▲ | SpicyLemonZest 4 hours ago | parent [-] | | Which is exactly what Anthropic understands the situation to be. They state at the beginning of the Glasswing blogpost that Mythos is not better than the best vulnerability researchers. But it doesn't have to be to become a tremendously big deal. | | |
| ▲ | cestith 3 hours ago | parent [-] | | There is not just a lower barrier to entry. The best use of a tool will still be made by the most knowledgeable users. So we’re looking at lowering the bar some, but another big deal is the scale at which the top experts can work. That might actually be the longer lever. Imagine a top expert burning tokens across whole repo histories of a few dozen projects looking for likely but unconfirmed flaws, then having the model flag and rank those suspects for their own review in triaged order. |
|
|
|
