| |
| ▲ | solenoid0937 2 hours ago | parent | next [-] | | > The software industry’s longstanding convention is to disclose new vulnerabilities 90 days after they’re discovered (or, if a patch is created before the 90 days is up, around 45 days after the patch becomes available). This allows time for end users to update their software before a vulnerability can be exploited by attackers. Our own Coordinated Vulnerability Disclosure policy takes this approach. > However, this means that disclosed vulnerabilities are a lagging indicator of the accelerating frontier of AI models’ cyber capabilities: we’re not yet at the point where we can fully detail our partners’ findings with Mythos Preview without putting end users at risk. Instead, we provide illustrative examples of the model’s performance, along with aggregate statistics on our progress to date. Once patches for the vulnerabilities that Mythos Preview has discovered are widely deployed, we’ll provide much more detail about what we’ve learned. | |
| ▲ | skybrian 2 hours ago | parent | prev [-] | | As the article explains, they mostly haven't been disclosed, because they're not fixed. They're giving people 90 days, or 45 after a patch is made. | | |
| ▲ | gck1 2 hours ago | parent [-] | | > haven't been disclosed, because they're not fixed. That's convinient. But wait, don't they have this amazing AI that can fix all the issues itself with a single /goal command? What's the holdup? | | |
| ▲ | solenoid0937 an hour ago | parent [-] | | You should really read the article, every question asked so far in this thread has been very clearly answered. I miss the days when HN would RTFA. |
|
|
|
