Can I bring your attention to one of the best security write-ups I’ve read in a long while.

Reply to Can I bring your attention to one of the best security write-ups I’ve read in a long while. on Wed, 22 Apr 2026 04:33:20 GMT

badsamurai@infosec.exchange — Wed, 22 Apr 2026 04:33:20 GMT

@simonzerafa @catsalad @SecurityWriter @mttaggart

Davi for the take-down!

So sweet, so easy on the eyes, but hideous on the inside
Whole life spreading lies, but you can't hide, baby, nice try
I'm 'bout to switch up these vibes, I finally opened my eyes
It's time to kick you straight back into the night

https://youtu.be/l8Dr7vzMSVE

#kpdh

Reply to Can I bring your attention to one of the best security write-ups I’ve read in a long while. on Wed, 22 Apr 2026 04:25:03 GMT

simonzerafa@infosec.exchange — Wed, 22 Apr 2026 04:25:03 GMT

@catsalad @SecurityWriter @mttaggart

The Myth of Mythos ‍️

Reply to Can I bring your attention to one of the best security write-ups I’ve read in a long while. on Tue, 21 Apr 2026 22:06:04 GMT

tezoatlipoca@mas.to — Tue, 21 Apr 2026 22:06:04 GMT

@semitones @SecurityWriter @mttaggart
Selling memberships wasn't the best characterization; but they're restricting use of their new model to "select" OS and infrastructure partners _first_, before general availability so these partners can fix things FIRST.

Of course I am not a cybersecurity export, NOR an AI expert, so perhaps I lack the technical qualifications to tell if Ottenheimer is full of shit, but from what I DO know of software it made sense.

Reply to Can I bring your attention to one of the best security write-ups I’ve read in a long while. on Tue, 21 Apr 2026 22:02:06 GMT

semitones@tiny.tilde.website — Tue, 21 Apr 2026 22:02:06 GMT

@tezoatlipoca @SecurityWriter @mttaggart ah that makes Sense!! Did not realize they were selling memberships

Reply to Can I bring your attention to one of the best security write-ups I’ve read in a long while. on Tue, 21 Apr 2026 21:55:20 GMT

tezoatlipoca@mas.to — Tue, 21 Apr 2026 21:55:20 GMT

@semitones @SecurityWriter @mttaggart

Anthropic's Glasswing is selling tickets to an exclusive club. Oh look, our Mythos model can find all these vulnerabilities in the softwares you use (it can't). You want secure software right? Well, better pay us $ for membership so you can stay on top of vulnerabilities WE discover.

Generally some having access and others NOT having access leads to abuse.

Problem is, as Ottenheimer lays out, Mythos doesn't actually do what Anthropic sales is claiming.

Reply to Can I bring your attention to one of the best security write-ups I’ve read in a long while. on Tue, 21 Apr 2026 21:49:54 GMT

tezoatlipoca@mas.to — Tue, 21 Apr 2026 21:49:54 GMT

@semitones @SecurityWriter @mttaggart The terminology is a bit opaque if you don't live and breathe cubersecurity (I do not), not necessarily AI, but there's a pay off. Basically, Anthropic's claims about their new Claude Mythos AI model finding thousands of vulnerabilities in OS's and software is horseshit. Its no better than their previous Claude model. And their Project Glasswing is just a $VIP$ ticket to Emperor's New Clothesland.

OP's article is as layperson it can be given the subject.

Reply to Can I bring your attention to one of the best security write-ups I’ve read in a long while. on Tue, 21 Apr 2026 21:47:39 GMT

ftranschel@norden.social — Tue, 21 Apr 2026 21:47:39 GMT

@semitones @SecurityWriter @mttaggart Now, many CEOs are four years into their pivot, feel the same and couldn't care less.

So kudos to you

(Yes, it is a very specific thing to read. But believe me: It could have been *waaaay* more technical if it wasn't for the excellent writing )

Reply to Can I bring your attention to one of the best security write-ups I’ve read in a long while. on Tue, 21 Apr 2026 21:24:10 GMT

semitones@tiny.tilde.website — Tue, 21 Apr 2026 21:24:10 GMT

@SecurityWriter @mttaggart Can someone explain this part?

> Anthropic has established, without discussion and without pushback, that a private company can unilaterally classify a capability as too dangerous for the public, grant selective access to the largest incumbents in the affected industry, and construct a parallel disclosure regime outside any democratic accountability structure. That precedent is exclusivity for abuse. [...]
The model is not the story. A cartel is the story.

Reply to Can I bring your attention to one of the best security write-ups I’ve read in a long while. on Tue, 21 Apr 2026 21:20:45 GMT

semitones@tiny.tilde.website — Tue, 21 Apr 2026 21:20:45 GMT

@SecurityWriter @mttaggart

> The verified facts in the document are real: XBOW topped HackerOne’s leaderboard, DARPA AIxCC found 54 vulnerabilities in four hours, Google Big Sleep found 20 zero-days in open source, Sysdig documented an AI attack reaching admin in eight minutes. Every one of those is independently confirmed by the organization that did the work, with named researchers, reproducible results, or public competition records. Every one of those also predates Mythos...

I had no idea

Reply to Can I bring your attention to one of the best security write-ups I’ve read in a long while. on Tue, 21 Apr 2026 21:04:49 GMT

semitones@tiny.tilde.website — Tue, 21 Apr 2026 21:04:49 GMT

@SecurityWriter @mttaggart I am 3 paragraphs in and I have no idea what's going on... I guess I should have learned more about ai

Reply to Can I bring your attention to one of the best security write-ups I’ve read in a long while. on Tue, 21 Apr 2026 20:59:28 GMT

catsalad@infosec.exchange — Tue, 21 Apr 2026 20:59:28 GMT

@SecurityWriter @mttaggart

Whomp. Whomp. Sad trombone.