this post was submitted on 23 Apr 2026
176 points (94.9% liked)

Technology

84143 readers
2434 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
176
Anthropic Mythos shaping up as nothingburger (www.theregister.com)
submitted 3 days ago by HaraldvonBlauzahn@feddit.org to c/technology@lemmy.world
38 comments fedilink hide all child comments
 

cross-posted from: https://feddit.org/post/28915273

[...]

That marketing may have outstripped reality. Early reports from Mythos preview users including AWS and Mozilla indicate that while the model is very good and very fast at finding vulnerabilities, and requires less hands-on guidance from security engineers - making it a welcome time-saver for the human teams - it has yet to eclipse human security researchers.

"So far we've found no category or complexity of vulnerability that humans can find that this model can't," Mozilla CTO Bobby Holley said, after revealing that Mythos found 271 vulnerabilities in Firefox 150. Then he added: "We also haven't seen any bugs that couldn't have been found by an elite human researcher." In other words, it's like adding an automated security researcher to your team. Not a zero-day machine that's too dangerous for the world.

you are viewing a single comment's thread
view the rest of the comments
[–] jj4211@lemmy.world 2 points 2 days ago

The document from Anthropic purporting to be a security research work largely leaves things vague (marketing material vague) and declines to use any recognized standard for even possibly hinting about whether to think anything at all. They describe a pretty normal security reality ('thousands of vulnerabilities' but anyone who lives in CVE world knows that was the case before, so nothing to really distinguish from status quo).

Then in their nuanced case study, they had to rip out a specific piece of firefox to torture and remove all the security protections that would have already secured these 'problems'. Then it underperformed existing fuzzer and nearly all of it's successes were based on previously known vulnerabilities that had already been fixed, but they were running the unpatched version to prove it's ability.

Ultimately, the one concrete thing they did was prove that if you fed Mythos two already known vulnerabilities, it was able to figure out how to explicitly exploit those vulnerabilities better than other models. It was worse at finding vulnerabilities, but it could make a demonstrator. Which a human could have done, and that's not the tedious part of security research, the finding is the tedious part. Again, in the real world, these never would have worked, because they had to disable a bunch of protections that already neutered these "issues" before they ever were known.