I found out my employer doesn’t have access to Mythos.
-
@GossiTheDog mythos has found at least one critical vulnerability: the infosec industry is utterly vulnerable to hype, and extremely unlikely to examine the origins or methodology behind vulnerability disclosures that authorities (regardless of their poor reputation) claim are earth-shatteringly critical
@zzt @GossiTheDog I'm pretty sure this vulnerability has been known for many years, though.
-
@GossiTheDog mythos has found at least one critical vulnerability: the infosec industry is utterly vulnerable to hype, and extremely unlikely to examine the origins or methodology behind vulnerability disclosures that authorities (regardless of their poor reputation) claim are earth-shatteringly critical
@zzt @GossiTheDog If this provides the industry with its "drink bleach" moment, I'm more than happy to watch the show.
-
@zzt @GossiTheDog I'm pretty sure this vulnerability has been known for many years, though.
@Standard_Phil @GossiTheDog absolutely, no points to anthropic for originality but full points for weaponizing the vulnerability to its fullest
-
@Standard_Phil @GossiTheDog absolutely, no points to anthropic for originality but full points for weaponizing the vulnerability to its fullest
@zzt @GossiTheDog Very fair point, they do deserve some credit here.
-
Mythos is not great btw. Running it over a bunch of code, it’s similar findings to tools from a few years ago. It’s marketing, essentially. Viral marketing as people doing the marketing are companies and governments.
It’s really good at finding vulns in vibe coded stuff from Claude.. because apparently AI must be both the cause and solution to all life’s problems, like beer.
@GossiTheDog the marketing was so obvious even at the moment they first announced mythos.
"We have a super AI, it's the best at everything but we're not gonna let you see"
It's just like a preteen saying
"I have a supermodel girlfriend, she loves me more than anything but you can't meet her because she goes to another school" -
@zzt @GossiTheDog I'm pretty sure this vulnerability has been known for many years, though.
-
@GossiTheDog @Standard_Phil perfection
-
Mythos is not great btw. Running it over a bunch of code, it’s similar findings to tools from a few years ago. It’s marketing, essentially. Viral marketing as people doing the marketing are companies and governments.
It’s really good at finding vulns in vibe coded stuff from Claude.. because apparently AI must be both the cause and solution to all life’s problems, like beer.
-
@GossiTheDog @zzt
We don't deserve to have you, Kevin. -
@GossiTheDog the marketing was so obvious even at the moment they first announced mythos.
"We have a super AI, it's the best at everything but we're not gonna let you see"
It's just like a preteen saying
"I have a supermodel girlfriend, she loves me more than anything but you can't meet her because she goes to another school"@Kiloku @GossiTheDog My girlfriend is so hot and smart and loves me more than anything in the world and we have amazing sex together and she’s rich but you can’t see pictures of her because she’s shy and you can’t hear her beautiful voice because she lives in a different timezone and you can’t meet her because she’s Canadian. But she’s the best girlfriend ever!!!1
Now please believe me because it’s true.
-
Mythos is not great btw. Running it over a bunch of code, it’s similar findings to tools from a few years ago. It’s marketing, essentially. Viral marketing as people doing the marketing are companies and governments.
It’s really good at finding vulns in vibe coded stuff from Claude.. because apparently AI must be both the cause and solution to all life’s problems, like beer.
-
I found out my employer doesn’t have access to Mythos. I do.
@GossiTheDog Jack Ryan, time traveler
-
@GossiTheDog@cyberplace.social @Standard_Phil@infosec.exchange @zzt@mas.to Mythos did find that recent ActivityPub vulnerability which is interesting. I’m not trying to shill it or anything I just think it’s interesting
https://w.on-t.work/activitypub/may-2026-vulnerability#the-ellephamt-in-the-room -
@GossiTheDog "they feed us poison so we buy their medicine"
@reiddragon @GossiTheDog which is just an another poison
-
Mythos is not great btw. Running it over a bunch of code, it’s similar findings to tools from a few years ago. It’s marketing, essentially. Viral marketing as people doing the marketing are companies and governments.
It’s really good at finding vulns in vibe coded stuff from Claude.. because apparently AI must be both the cause and solution to all life’s problems, like beer.
@GossiTheDog My first hot take to “We are not releasing Mythos because it’s too good” was that they were hiding something. Or they needed to convince large companies that it was sooooo good that they better pony up. “You’ve never had coke this pure, not sure it’s safe to sell it to you.”
-
Mythos is not great btw. Running it over a bunch of code, it’s similar findings to tools from a few years ago. It’s marketing, essentially. Viral marketing as people doing the marketing are companies and governments.
It’s really good at finding vulns in vibe coded stuff from Claude.. because apparently AI must be both the cause and solution to all life’s problems, like beer.
-
Mythos is not great btw. Running it over a bunch of code, it’s similar findings to tools from a few years ago. It’s marketing, essentially. Viral marketing as people doing the marketing are companies and governments.
It’s really good at finding vulns in vibe coded stuff from Claude.. because apparently AI must be both the cause and solution to all life’s problems, like beer.
@GossiTheDog Can you run it on my honeypots to see if it finds anything worthwhile?
(Basically, any repo there that has "honey" or "pot" in the name.)
-
@GossiTheDog My first hot take to “We are not releasing Mythos because it’s too good” was that they were hiding something. Or they needed to convince large companies that it was sooooo good that they better pony up. “You’ve never had coke this pure, not sure it’s safe to sell it to you.”
@bplein @GossiTheDog CISOs suched it up like no tomorrow. Every day I have to listen my bosses how utterly powerful Mythos is and we need some AI tool to counter it.
On the other hand they're surprised that all sorts of low level shit walks through our perimeter. I have to keep repeating we need zero-trust but nothing gets done.
Spending money on shiny expensive AI tool
Implementing free zero-trust policies -
R relay@relay.an.exchange shared this topic
-
@GossiTheDog mythos has found at least one critical vulnerability: the infosec industry is utterly vulnerable to hype, and extremely unlikely to examine the origins or methodology behind vulnerability disclosures that authorities (regardless of their poor reputation) claim are earth-shatteringly critical
@zzt @GossiTheDog anyone who was paying attention already knew that, though. The security circus is nothing new, it's the inevitable result of the primary talent pool for infosec being obnoxious teenage skiddies swapping 31337 h4x0r reputation points in exchange for vulnerabilities of widely varying credibility
-
@zzt @GossiTheDog anyone who was paying attention already knew that, though. The security circus is nothing new, it's the inevitable result of the primary talent pool for infosec being obnoxious teenage skiddies swapping 31337 h4x0r reputation points in exchange for vulnerabilities of widely varying credibility
@zzt @GossiTheDog see also heartbleed and the endless circus brand-and-logo vulnerabilities afterwards, stuff like the grsec nonsense, etc, going back as far as you care to look.
