Apparently #Anthropic has some new #Claude #Mythos #AI that's really good at finding #cybersecurity vulnerabilities.
-
Apparently #Anthropic has some new #Claude #Mythos #AI that's really good at finding #cybersecurity vulnerabilities.
Most people: “OMG! It's the end of the world!!!”
Me: “Yay! It's #security o'clock! If it knows where all the vulnerabilities are, then we can fix 'em! Now we won't be so helpless against all those sleazy cybercrime gangs and spooky spies, because goodness knows if the AI can find these vulnerabilities then so can those creeps.”
-
Apparently #Anthropic has some new #Claude #Mythos #AI that's really good at finding #cybersecurity vulnerabilities.
Most people: “OMG! It's the end of the world!!!”
Me: “Yay! It's #security o'clock! If it knows where all the vulnerabilities are, then we can fix 'em! Now we won't be so helpless against all those sleazy cybercrime gangs and spooky spies, because goodness knows if the AI can find these vulnerabilities then so can those creeps.”
@argv_minus_one It's also important to note that this is not some magical cybersecurity robot.
Claude is doing something that vulnerability researchers do all the time, just on projects that haven't been hardened or in code that hasn't been looked at.
Vuln research takes time, money, and expertise. While it's cool we've got a bot that can do that now, it's not new, it's just novel.
The projects that #mythos is finding vulnerabilities in (like the BSD kernel issue) are projects that can't afford vulnerability researchers or audit companies.
-
@argv_minus_one It's also important to note that this is not some magical cybersecurity robot.
Claude is doing something that vulnerability researchers do all the time, just on projects that haven't been hardened or in code that hasn't been looked at.
Vuln research takes time, money, and expertise. While it's cool we've got a bot that can do that now, it's not new, it's just novel.
The projects that #mythos is finding vulnerabilities in (like the BSD kernel issue) are projects that can't afford vulnerability researchers or audit companies.
Right. And the bad guys—the aforementioned spies and cybercriminals—*can* afford vulnerability researchers. Hopefully these vulnerability-scanning bots will level the proverbial playing field.
-
Right. And the bad guys—the aforementioned spies and cybercriminals—*can* afford vulnerability researchers. Hopefully these vulnerability-scanning bots will level the proverbial playing field.
@argv_minus_one hopefully, yah.
I totally agree and don’t think it’s this big cybersecurity reckoning. When tokens get cheaper, this will be a great tool for good and the bad guys will just be… the same.
-
R relay@relay.infosec.exchange shared this topic
