<![CDATA[The claim that Mythos found its "flagship" BSD bug because the upstream Kerberos bug/patch from 2007 is in the training set is very interesting.]]>The claim that Mythos found its "flagship" BSD bug because the upstream Kerberos bug/patch from 2007 is in the training set is very interesting. It significantly weakens the novel discovery claim, but makes me wonder about the implications for how transformers evaluate input weights and whether this could be extracted and leveraged as a variant hunting technique.

Or maybe you could just straight grep for the vulnerable code block from every patch ever and see what falls out. That may also be embarrassingly effective.

]]>https://board.circlewithadot.net/topic/a190d6df-6d41-41b7-af60-a5b4e3663aef/the-claim-that-mythos-found-its-flagship-bsd-bug-because-the-upstream-kerberos-bug-patch-from-2007-is-in-the-training-set-is-very-interesting.RSS for NodeFri, 15 May 2026 04:10:33 GMTFri, 08 May 2026 16:56:27 GMT60<![CDATA[Reply to The claim that Mythos found its "flagship" BSD bug because the upstream Kerberos bug/patch from 2007 is in the training set is very interesting. on Fri, 08 May 2026 18:51:05 GMT]]>@acdha @cigitalgem variant hunting is a time honored security research tradition and tools for doing it at scale have never been better (and will continue to improve)

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/lapt0r/statuses/116540457990304411https://board.circlewithadot.net/post/https://infosec.exchange/users/lapt0r/statuses/116540457990304411Fri, 08 May 2026 18:51:05 GMT<![CDATA[Reply to The claim that Mythos found its "flagship" BSD bug because the upstream Kerberos bug/patch from 2007 is in the training set is very interesting. on Fri, 08 May 2026 18:50:03 GMT]]>@cigitalgem @lapt0r the back to back Linux LPEs might be coloring my view but I think there’s a lot of potential in that idea of looking for the same pattern elsewhere, especially for the major projects which people often copy-paste from or where package management was historically hard enough to encourage copying code you weren’t going to carefully track upstream (C, PHP, etc.)

]]>https://board.circlewithadot.net/post/https://code4lib.social/users/acdha/statuses/116540453895760688https://board.circlewithadot.net/post/https://code4lib.social/users/acdha/statuses/116540453895760688Fri, 08 May 2026 18:50:03 GMT<![CDATA[Reply to The claim that Mythos found its "flagship" BSD bug because the upstream Kerberos bug/patch from 2007 is in the training set is very interesting. on Fri, 08 May 2026 18:12:52 GMT]]>@lapt0r LLMs are great librarians but the mythos thing is a larp by amodei. still LLMs are gigantic security threat only because of slopware.]]>https://board.circlewithadot.net/post/https://comp.lain.la/objects/839e37f1-b4b8-47de-af51-ba7e850fef0ehttps://board.circlewithadot.net/post/https://comp.lain.la/objects/839e37f1-b4b8-47de-af51-ba7e850fef0eFri, 08 May 2026 18:12:52 GMT