I was relieved this podcast correctly views Mythos as unverifiable marketing.

Reply to I was relieved this podcast correctly views Mythos as unverifiable marketing. on Fri, 10 Apr 2026 13:33:36 GMT

ulldma@infosec.exchange — Fri, 10 Apr 2026 13:33:36 GMT

@neilmadden I hear what you‘re saying.
Just one more thing
I think the reason why they call it „dangerous“ is that is has gotten much better at developing working exploits than previous models.

Sorry same source
https://red.anthropic.com/2026/mythos-preview/

Reply to I was relieved this podcast correctly views Mythos as unverifiable marketing. on Fri, 10 Apr 2026 12:39:33 GMT

neilmadden@infosec.exchange — Fri, 10 Apr 2026 12:39:33 GMT

@ulldma sure, but lots of other tools find vulnerabilities. There are lots to find. Is Mythos better than those? Who knows. Probably better at finding some, worse at others. Given the high costs involved, I can see it being added onto a yearly pentest engagement, but I doubt it’s going to really change much. It’s another tool in the arsenal, not a game-changer IMO. Finding an obscure crash-DoS in a niche OS TCP stack is not earth-shattering. Nice to find, sure, but the sky is not falling. It’s an evolutionary advance, not revolutionary.

Reply to I was relieved this podcast correctly views Mythos as unverifiable marketing. on Fri, 10 Apr 2026 11:23:37 GMT

ulldma@infosec.exchange — Fri, 10 Apr 2026 11:23:37 GMT

@neilmadden I‘m likely misunderstanding what you‘re saying (so keep that in mind ).

My question is: even if it‘s not verifiable directly. Isn‘t the trajectory pretty clear? I think there are a lot of samples out there of publicly released LLM finding and exploiting vulnerabilities. And the development is moving at a fast pace.

(But I too am happy when journalists actually question things)