Security efforts are not evenly distributed, even within a single project. This includes both the thinking that the developers put in, and the scrutiny given to a piece of code by researchers.
The initial batch of publicly disclosed vulnerabilities by Mythos demonstrates that perfectly. None of the bugs themselves are especially interesting or complex, in my opinion. They were found by applying effort to a very large amount of code which included under-scrutinized areas, where bugs hid. Yes, even in projects like Linux and OpenBSD there are many pieces of code that aren't that properly vetted, because of the finite amount of developer/researcher time allotted.
The fact that this effort is much cheaper does indeed change things. But really strong sandboxing solutions, such as gvisor or firecracker, do a really good job of having very little attack surface, all of which is heavily scrutinized.
Until we see more of the bugs that were found, it remains to be seen whether or not the post's premise about sandboxes is correct.
I dunno, it's not obvious to me that it shift the balance that way. It's always kind of been the case that a sufficiently determined attacker is going to be able to spend way more effort than you put into secure a system to break into it. If anyone can find the holes that includes the people defending the system. This might actually make the state-level threats are less scary than they were before.
> According to Anthropic, Mythos Preview successfully generates a working exploit for Firefox's JS shell in 72.4% of trials
Why are AI people so dramatic? Ok, there is yet another JS sandbox escape - not the first one, not the last one. It will be patched, and the bar will be raised for a bit... at least until the next exploit is found.
If anything, AI will make _weaponized_ exploits less likely. Before, one had to find a talented person, and get pretty lucky too. If this AI is as good as promised, you can have dependabot-style exploit finder running 24/7 for the 1/10th cost of a single FTE. If it's really that good, I'd expect that all browser authors adopt those into their development process.
> Before, one had to find a talented person, and get pretty lucky too. If this AI is as good as promised, you can have dependabot-style exploit finder running 24/7 for the 1/10th cost of a single FTE
Not you. EVERYONE doing ANY kind of software will have to, because else attacker can just pick and choose targets to point their exploit-bot
Which has always been the case. Attackers only have to find one exploit in the weakest part of the system, and usually that's more a function of grunt work than it is being particularly sophisticated.
That's not at all clear. JS escape exploits have high value in our current Internet so there's going to be a lot of prior art. It's not surprising at all that this is what their model found and it's not a statistic that immediately suggest it has any broader implications.
Further, Opus identified most of the vulnerabilities itself already. It just couldn’t exploit them.
Mythos seems much, much more creative and self directed, but I’m not yet convinced the core capabilities are significantly higher than what’s possible today.
The full price of finding the vulnerabilities was also something like $20k. That’s a price point that brings a skilled professional in to accomplish the same task.
Ding ding ding, and this is why you are hearing about it. It is marketing for enterprise to pay a premium for the next model, with maybe a wakeup call to enforcement agencies as well (which is also marketing).
Codegen for many companies is much less continuous. Security is always on, and always a motivator.
All software has bugs. What this tells me is that the actors with the best models (and Anthropic apparently has one so good and expensive it is outstripping compute supply) they will find the exploits first and probably the ones that are hardest to find
So yeah, dependabot, but the richest actors will have the best bits and they probably won’t share the ones they can find that nobody else’s models can
> What this tells me is that the actors with the best models (and Anthropic apparently has one so good and expensive it is outstripping compute supply) they will find the exploits first and probably the ones that are hardest to find
Presumably we would not give the AI models to the "good guys" because then they would also find and patch these vulnerabilities?
Someone's "good guys" are just someone "bad guys". Access to a valuable resource/tool that provides some sort of power and utility will be just another contended item.
Anthropic is saying exactly what you're saying. They don't believe that software security is permanently ruined. They just want to ensure that good defensive techniques like the ones you describe are developed before large numbers of attackers get their hands on the technology.
You’re asking why people are being “dramatic” about an automated system that can do what highly specialized experts get paid hundreds of thousands of dollars to do?
It’s just fascinating to see how AI’s accomplishments are being systematically downplayed. I guess when an AI proves that P!=NP, I’m going to read on this forum “so what, mathematicians prove conjectures all the time, and also, we pretty much always knew this was true anyway”.
I am sceptical because AI companies, and anthropic in particular, like to overplay their achievements and build undeserved hype. I also don't understand all the caveats (maybe official announcement is more clear what this really means).
But yeah, if their model can reliably write an exploit for novel bugs (starting from a crash, not a vulnerable line of code) then it's very significant. I guess we'll see, right?
edit: Actually the original post IS dramatic: "Has Mythos just broken the deal that kept the internet safe? For nearly 20 years the deal has been simple: you click a link, arbitrary code runs on your device, and a stack of sandboxes keeps that code from doing anything nasty". Browser exploits have existed before, and this capability helps defenders as much as it helps attackers, it's not like JS is going anywhere.
It would be warranted if Mythos could jailbreak an up-to-date iPhone. (Maybe it can?) That would actually also be nice, “please rewrite without Liquid Glass”.
* It's possible - very likely even - that even if somehow P=NP, the fastest algorithm for any NP problem turns out to be something like n^1000, which is technically P, but not practical in any way.
* The proof may not be constructive, so we may just know that P=NP but it won't help us actually create an algorithm in P (nitpick: technically if P=NP there's a construction to create an algorithm that solves any NP problem in P time, but it's extremely slow - for example it involves iterating over all possible programs).
I tried to read the article and what I got out of it was that the author believes that the deal that keeps the internet safe is that we just don't try to break it hard enough. Ignoring all the state actors who do that all the time.
Seems something of a unusual take on the state of the world
This is how a lot of the world works. Certain things aren't done very much because it takes a lot of human effort to do those things and that creates a status-quo.
For example a lot more people would sue eachother for petty things if it suddenly became very easy and cost efficiant. Its not, so they dont.
Another example of AI doing this exact type of thing in another realm: In the past convincing someone you were somebody they should give money to for a scam was very possible to do, but also difficult and not very cost efficiant. You could try to impersonate someone's daughter or a police officer, but it took a lot of effort to get it right.
Now, with voice mimicking ai, deepfakes, social media to mine for personal info, etc its not as difficult and so, very likely, its becoming a bigger problem than it was.
Really? I think that's pretty much accurate. If you've ever visited a website whose authors you don't know and trust, you've exposed yourself to potential attacks and trusted in sandboxing to keep your computer safe.
This is instead another great advertisement for Rust. Anthropic really got the Mythos marketing scarecrows out once again.
Dario is trying to scare you to buying into his IPO and you're over-estimating the capability of Mythos...because he said so? With no independent reviews on the research and with many security researchers and experts accusing them of blatant scaremongering.
This is Anthropic's latest attempt to frame local models and to get them banned as they stand to be a threat against their business model.
The irony is that Rust is less memory safe than C compiled with Fil-C. Fil-C is actually, absolutely memory safe, whereas Rust is only sorta memory safe, if you don't use unsafe which you have to do for syscalls etc.
The double irony here is that the many projects being rewritten in Rust introduces a ton of new bugs simply due to the rewriting process, on top of using up a lot of dev effort
token usage go up, said companies $TICKER price go up, shareholder value delivered.
when shareholders are basically the same, and this companies have a legal obligation to fulfill their interests...is it a conspiracy? shareholders certainly conspire to achieve their goals, smarty
I see this as a Brandolini's Law 2.0, a software supplemental really. Where-as before it was:
> The amount of energy needed to refute bullshit is an order of magnitude bigger than that needed to produce it.
Now the energy needed to secure against exploits is orders of magnitude bigger than the effort needed to secure it.
The combination of deep expertise + infinite patience of the LLM meeting the vastly increasing surface of software has a certain apocalyptic chaos gods ruin to it all, just as well known bias for mistruth to unfairly propogate itself bedevils this good planet.
I honestly think this argument (that cheap vulnerabilities means more zero days) is backwards. Making vulnerability detection cheaper shifts the balance in favor of the good guys, because it dilutes the size of the black market that the discoverers might otherwise be tempted to sell into.
Stated differently: right now black hat hacking is a valuable skill that can be turned into money easily. Once everyone can do it the incentives shift and the black hats will disappear. And that leaves the next most incentivized group in control of the market, who are presumably the software vendors.
Basically Microsoft and Google and company used to have to pay bug bounties and pray. Now it's practical just to throw a few million dollars at Anthropic instead.
Sorry, this guy is a hack and this is cope. Most of the things he's saying re: Mythos are objectively false.
- Open source models found the same bugs? Sure, if you tell them "here is a file which may contain a vulnerability, look for a bug in how function XYZ handles ABC"
- It's all mostly false positives? According to Anth, each suspected vulnerability came with a bug report and working PoC...
- "Humans had to fix the things"? As in, he thinks models are incapable of writing the patch?
> Open source models found the same bugs? Sure, if you tell them "here is a for which may contain a vulnerability, look for a big in how function XYZ handles ABC"
In one of Anthropic's blog post, they describe that that's basically what they did too. They run the agent many times, each time specifying a different file to focus on. [1]
From my experience as a security researcher, manually finding a fishy file and sicking even sonnet 4.5 yields great results for most memory corruption bugs.
No comments otherwise. I don't have a clue as to who that guy is, and I haven't watched the video yet. You might be right overall.
No, you have not been safe all this time. Every security person I know has known for ages that you need to run NoScript to block all javascript if you want to be remotely secure on the web. We also know about all the 0days found on all browsers every year. Same for mobile devices. You have always been insecure. AI just makes it slightly faster to do what hackers have been doing for ages.
BTW: Mythos is not new. OpenAI literally released a press release 1 month ago talking about GPT 5.4's redteaming features being so powerful they require ID verification to use it, and will use heuristics to downgrade you if you look like you're doing something shady. I guess everyone's got a short-term memory, or Anthropic's PR is so good that people genuinely don't understand that OpenAI's models are superior to Anthropic's.
I've been mystified by how sticky Anthropic's marketing is for a while. It's really surprising given how poorly they run community relations compared with OAI, and how they're just now starting to be transparent.
The claim that you need to disable JavaScript to be secure is bullshit anyway, otherwise disabling JavaScript would be standard practice in any security-critical environment such as high-level government offices, which it most certainly isn’t.
The initial batch of publicly disclosed vulnerabilities by Mythos demonstrates that perfectly. None of the bugs themselves are especially interesting or complex, in my opinion. They were found by applying effort to a very large amount of code which included under-scrutinized areas, where bugs hid. Yes, even in projects like Linux and OpenBSD there are many pieces of code that aren't that properly vetted, because of the finite amount of developer/researcher time allotted.
The fact that this effort is much cheaper does indeed change things. But really strong sandboxing solutions, such as gvisor or firecracker, do a really good job of having very little attack surface, all of which is heavily scrutinized.
Until we see more of the bugs that were found, it remains to be seen whether or not the post's premise about sandboxes is correct.
Are folks going to actually go back and fix things that were only secure because they were or buried in layers of obfuscation and obscurity?
Probably not. And that’s the real cyber security risk. Short term profit always wins.
Why are AI people so dramatic? Ok, there is yet another JS sandbox escape - not the first one, not the last one. It will be patched, and the bar will be raised for a bit... at least until the next exploit is found.
If anything, AI will make _weaponized_ exploits less likely. Before, one had to find a talented person, and get pretty lucky too. If this AI is as good as promised, you can have dependabot-style exploit finder running 24/7 for the 1/10th cost of a single FTE. If it's really that good, I'd expect that all browser authors adopt those into their development process.
Not you. EVERYONE doing ANY kind of software will have to, because else attacker can just pick and choose targets to point their exploit-bot
That's not at all clear. JS escape exploits have high value in our current Internet so there's going to be a lot of prior art. It's not surprising at all that this is what their model found and it's not a statistic that immediately suggest it has any broader implications.
Mythos seems much, much more creative and self directed, but I’m not yet convinced the core capabilities are significantly higher than what’s possible today.
The full price of finding the vulnerabilities was also something like $20k. That’s a price point that brings a skilled professional in to accomplish the same task.
Codegen for many companies is much less continuous. Security is always on, and always a motivator.
So yeah, dependabot, but the richest actors will have the best bits and they probably won’t share the ones they can find that nobody else’s models can
Presumably we would not give the AI models to the "good guys" because then they would also find and patch these vulnerabilities?
It’s just fascinating to see how AI’s accomplishments are being systematically downplayed. I guess when an AI proves that P!=NP, I’m going to read on this forum “so what, mathematicians prove conjectures all the time, and also, we pretty much always knew this was true anyway”.
But yeah, if their model can reliably write an exploit for novel bugs (starting from a crash, not a vulnerable line of code) then it's very significant. I guess we'll see, right?
edit: Actually the original post IS dramatic: "Has Mythos just broken the deal that kept the internet safe? For nearly 20 years the deal has been simple: you click a link, arbitrary code runs on your device, and a stack of sandboxes keeps that code from doing anything nasty". Browser exploits have existed before, and this capability helps defenders as much as it helps attackers, it's not like JS is going anywhere.
What would be the practical impacts of this discovery?
Would it become crackable, or just theoretically crackable?
E.g. it's one thing to show it's possible to fly to Mars, it's another thing to actually do it.
* It's possible - very likely even - that even if somehow P=NP, the fastest algorithm for any NP problem turns out to be something like n^1000, which is technically P, but not practical in any way.
* The proof may not be constructive, so we may just know that P=NP but it won't help us actually create an algorithm in P (nitpick: technically if P=NP there's a construction to create an algorithm that solves any NP problem in P time, but it's extremely slow - for example it involves iterating over all possible programs).
We already operate on the assumption that P ≠ NP, so little would change if that were proved.
Seems something of a unusual take on the state of the world
For example a lot more people would sue eachother for petty things if it suddenly became very easy and cost efficiant. Its not, so they dont.
Another example of AI doing this exact type of thing in another realm: In the past convincing someone you were somebody they should give money to for a scam was very possible to do, but also difficult and not very cost efficiant. You could try to impersonate someone's daughter or a police officer, but it took a lot of effort to get it right.
Now, with voice mimicking ai, deepfakes, social media to mine for personal info, etc its not as difficult and so, very likely, its becoming a bigger problem than it was.
Dario is trying to scare you to buying into his IPO and you're over-estimating the capability of Mythos...because he said so? With no independent reviews on the research and with many security researchers and experts accusing them of blatant scaremongering.
This is Anthropic's latest attempt to frame local models and to get them banned as they stand to be a threat against their business model.
The double irony here is that the many projects being rewritten in Rust introduces a ton of new bugs simply due to the rewriting process, on top of using up a lot of dev effort
No, they launched a card with that capability written on.
when shareholders are basically the same, and this companies have a legal obligation to fulfill their interests...is it a conspiracy? shareholders certainly conspire to achieve their goals, smarty
> The amount of energy needed to refute bullshit is an order of magnitude bigger than that needed to produce it.
Now the energy needed to secure against exploits is orders of magnitude bigger than the effort needed to secure it.
The combination of deep expertise + infinite patience of the LLM meeting the vastly increasing surface of software has a certain apocalyptic chaos gods ruin to it all, just as well known bias for mistruth to unfairly propogate itself bedevils this good planet.
At most, Mythos has reminded us that this "deal" is subject to frequent cycles of being compromised-and-patched.
From time to time, I have run browsers configured for opt-in javascript (eg, umatrix), but man it's a lot of work to live that way.
Stated differently: right now black hat hacking is a valuable skill that can be turned into money easily. Once everyone can do it the incentives shift and the black hats will disappear. And that leaves the next most incentivized group in control of the market, who are presumably the software vendors.
Basically Microsoft and Google and company used to have to pay bug bounties and pray. Now it's practical just to throw a few million dollars at Anthropic instead.
- Open source models found the same bugs? Sure, if you tell them "here is a file which may contain a vulnerability, look for a bug in how function XYZ handles ABC"
- It's all mostly false positives? According to Anth, each suspected vulnerability came with a bug report and working PoC...
- "Humans had to fix the things"? As in, he thinks models are incapable of writing the patch?
In one of Anthropic's blog post, they describe that that's basically what they did too. They run the agent many times, each time specifying a different file to focus on. [1]
From my experience as a security researcher, manually finding a fishy file and sicking even sonnet 4.5 yields great results for most memory corruption bugs.
No comments otherwise. I don't have a clue as to who that guy is, and I haven't watched the video yet. You might be right overall.
[1] https://red.anthropic.com/2026/mythos-preview/
BTW: Mythos is not new. OpenAI literally released a press release 1 month ago talking about GPT 5.4's redteaming features being so powerful they require ID verification to use it, and will use heuristics to downgrade you if you look like you're doing something shady. I guess everyone's got a short-term memory, or Anthropic's PR is so good that people genuinely don't understand that OpenAI's models are superior to Anthropic's.
That is a provocative statement that would be especially interesting if you were to add some supporting evidence.
"BTW: Mythos is not new. OpenAI literally released a press release 1 month ago " these two sentences make no semantic sense together