Can I bring your attention to one of the best security write-ups I’ve read in a long while.
-
RE: https://infosec.exchange/@flyingpenguin/116399482954754093
Can I bring your attention to one of the best security write-ups I’ve read in a long while.
Bravo, Davi.
@mttaggart flagged this one to me.
@SecurityWriter @mttaggart I am 3 paragraphs in and I have no idea what's going on...
I guess I should have learned more about ai -
RE: https://infosec.exchange/@flyingpenguin/116399482954754093
Can I bring your attention to one of the best security write-ups I’ve read in a long while.
Bravo, Davi.
@mttaggart flagged this one to me.
> The verified facts in the document are real: XBOW topped HackerOne’s leaderboard, DARPA AIxCC found 54 vulnerabilities in four hours, Google Big Sleep found 20 zero-days in open source, Sysdig documented an AI attack reaching admin in eight minutes. Every one of those is independently confirmed by the organization that did the work, with named researchers, reproducible results, or public competition records. Every one of those also predates Mythos...
I had no idea
-
RE: https://infosec.exchange/@flyingpenguin/116399482954754093
Can I bring your attention to one of the best security write-ups I’ve read in a long while.
Bravo, Davi.
@mttaggart flagged this one to me.
@SecurityWriter @mttaggart Can someone explain this part?
> Anthropic has established, without discussion and without pushback, that a private company can unilaterally classify a capability as too dangerous for the public, grant selective access to the largest incumbents in the affected industry, and construct a parallel disclosure regime outside any democratic accountability structure. That precedent is exclusivity for abuse. [...]
The model is not the story. A cartel is the story. -
R relay@relay.publicsquare.global shared this topic
-
@SecurityWriter @mttaggart I am 3 paragraphs in and I have no idea what's going on...
I guess I should have learned more about ai@semitones @SecurityWriter @mttaggart Now, many CEOs are four years into their pivot, feel the same and couldn't care less.
So kudos to you
(Yes, it is a very specific thing to read. But believe me: It could have been *waaaay* more technical if it wasn't for the excellent writing
) -
@SecurityWriter @mttaggart I am 3 paragraphs in and I have no idea what's going on...
I guess I should have learned more about ai@semitones @SecurityWriter @mttaggart The terminology is a bit opaque if you don't live and breathe cubersecurity (I do not), not necessarily AI, but there's a pay off. Basically, Anthropic's claims about their new Claude Mythos AI model finding thousands of vulnerabilities in OS's and software is horseshit. Its no better than their previous Claude model. And their Project Glasswing is just a $VIP$ ticket to Emperor's New Clothesland.
OP's article is as layperson it can be given the subject.
-
@SecurityWriter @mttaggart Can someone explain this part?
> Anthropic has established, without discussion and without pushback, that a private company can unilaterally classify a capability as too dangerous for the public, grant selective access to the largest incumbents in the affected industry, and construct a parallel disclosure regime outside any democratic accountability structure. That precedent is exclusivity for abuse. [...]
The model is not the story. A cartel is the story.@semitones @SecurityWriter @mttaggart
Anthropic's Glasswing is selling tickets to an exclusive club. Oh look, our Mythos model can find all these vulnerabilities in the softwares you use (it can't). You want secure software right? Well, better pay us $ for membership so you can stay on top of vulnerabilities WE discover.
Generally some having access and others NOT having access leads to abuse.
Problem is, as Ottenheimer lays out, Mythos doesn't actually do what Anthropic sales is claiming.
-
@semitones @SecurityWriter @mttaggart
Anthropic's Glasswing is selling tickets to an exclusive club. Oh look, our Mythos model can find all these vulnerabilities in the softwares you use (it can't). You want secure software right? Well, better pay us $ for membership so you can stay on top of vulnerabilities WE discover.
Generally some having access and others NOT having access leads to abuse.
Problem is, as Ottenheimer lays out, Mythos doesn't actually do what Anthropic sales is claiming.
@tezoatlipoca @SecurityWriter @mttaggart ah that makes Sense!! Did not realize they were selling memberships
-
@tezoatlipoca @SecurityWriter @mttaggart ah that makes Sense!! Did not realize they were selling memberships
@semitones @SecurityWriter @mttaggart
Selling memberships wasn't the best characterization; but they're restricting use of their new model to "select" OS and infrastructure partners _first_, before general availability so these partners can fix things FIRST.Of course I am not a cybersecurity export, NOR an AI expert, so perhaps I lack the technical qualifications to tell if Ottenheimer is full of shit, but from what I DO know of software it made sense.
-
Whomp. Whomp. Sad trombone.
@catsalad @SecurityWriter @mttaggart
The Myth of Mythos
️ -
@catsalad @SecurityWriter @mttaggart
The Myth of Mythos
️@simonzerafa @catsalad @SecurityWriter @mttaggart
Davi for the take-down!
So sweet, so easy on the eyes, but hideous on the inside
Whole life spreading lies, but you can't hide, baby, nice try
I'm 'bout to switch up these vibes, I finally opened my eyes
It's time to kick you straight back into the night -
R relay@relay.infosec.exchange shared this topic
