Security efforts are not evenly distributed, even within a single project. This includes both the thinking that the developers put in, and the scrutiny given to a piece of code by researchers.
The initial batch of publicly disclosed vulnerabilities by Mythos demonstrates that perfectly. None of the bugs themselves are especially interesting or complex, in my opinion. They were found by applying effort to a very large amount of code which included under-scrutinized areas, where bugs hid. Yes, even in projects like Linux and OpenBSD there are many pieces of code that aren't that properly vetted, because of the finite amount of developer/researcher time allotted.
The fact that this effort is much cheaper does indeed change things. But really strong sandboxing solutions, such as gvisor or firecracker, do a really good job of having very little attack surface, all of which is heavily scrutinized.
Until we see more of the bugs that were found, it remains to be seen whether or not the post's premise about sandboxes is correct.
I dunno, it's not obvious to me that it shift the balance that way. It's always kind of been the case that a sufficiently determined attacker is going to be able to spend way more effort than you put into secure a system to break into it. If anyone can find the holes that includes the people defending the system. This might actually make the state-level threats are less scary than they were before.
Hopefully, this will finally lead to a shift in thinking so that security practices like those used in GrapheneOS become more widespread in the future. Most software developers simply patch security vulnerabilities as soon as they become aware of them rather than taking preventive measures where possible. Finding an exploit that works in Vanadium on GrapheneOS is significantly harder than on standard Android running Chrome.
There are now projects in the desktop space such as Secureblue which aim to adopt security practices similar to those of GrapheneOS. They have Trivalent which is inspired by Vanadium and applications use the hardened_malloc familiar from GrapheneOS by default.
> Hopefully, this will finally lead to a shift in thinking so that security practices like those used in GrapheneOS become more widespread in the future. Most software developers simply patch security vulnerabilities as soon as they become aware of them rather than taking preventive measures where possible.
Working in this space, I'm worried the future is even more reactive than today. Today I can get teams to review for security the architecture before implementing, and to review the implementation for security before shipping.
As teams move (more specifically, are forced to move) to vibe coding the whole thing, nobody knows what the design is or what the implementation looks like. Vibe all the way because the CEO says so or you're fired. This means the only place to catch vulnerabilities becomes after the fact, which is usually too late.
I tried to read the article and what I got out of it was that the author believes that the deal that keeps the internet safe is that we just don't try to break it hard enough. Ignoring all the state actors who do that all the time.
Seems something of a unusual take on the state of the world
This is how a lot of the world works. Certain things aren't done very much because it takes a lot of human effort to do those things and that creates a status-quo.
For example a lot more people would sue eachother for petty things if it suddenly became very easy and cost efficiant. Its not, so they dont.
Another example of AI doing this exact type of thing in another realm: In the past convincing someone you were somebody they should give money to for a scam was very possible to do, but also difficult and not very cost efficiant. You could try to impersonate someone's daughter or a police officer, but it took a lot of effort to get it right.
Now, with voice mimicking ai, deepfakes, social media to mine for personal info, etc its not as difficult and so, very likely, its becoming a bigger problem than it was.
Really? I think that's pretty much accurate. If you've ever visited a website whose authors you don't know and trust, you've exposed yourself to potential attacks and trusted in sandboxing to keep your computer safe.
I see this as a Brandolini's Law 2.0, a software supplemental really. Where-as before it was:
> The amount of energy needed to refute bullshit is an order of magnitude bigger than that needed to produce it.
Now the energy needed to secure against exploits is orders of magnitude bigger than the effort needed to secure it.
The combination of deep expertise + infinite patience of the LLM meeting the vastly increasing surface of software has a certain apocalyptic chaos gods ruin to it all, just as well known bias for mistruth to unfairly propogate itself bedevils this good planet.
Watch the Fireship video. They tested it on a Spidermonkey sandbox that had safety features disabled. The "exploits" are basically useless in real life.
> According to Anthropic, Mythos Preview successfully generates a working exploit for Firefox's JS shell in 72.4% of trials
Why are AI people so dramatic? Ok, there is yet another JS sandbox escape - not the first one, not the last one. It will be patched, and the bar will be raised for a bit... at least until the next exploit is found.
If anything, AI will make _weaponized_ exploits less likely. Before, one had to find a talented person, and get pretty lucky too. If this AI is as good as promised, you can have dependabot-style exploit finder running 24/7 for the 1/10th cost of a single FTE. If it's really that good, I'd expect that all browser authors adopt those into their development process.
This is instead another great advertisement for Rust. Anthropic really got the Mythos marketing scarecrows out once again.
Dario is trying to scare you to buying into his IPO and you're over-estimating the capability of Mythos...because he said so? With no independent reviews on the research and with many security researchers and experts accusing them of blatant scaremongering.
This is Anthropic's latest attempt to frame local models and to get them banned as they stand to be a threat against their business model.
I honestly think this argument (that cheap vulnerabilities means more zero days) is backwards. Making vulnerability detection cheaper shifts the balance in favor of the good guys, because it dilutes the size of the black market that the discoverers might otherwise be tempted to sell into.
Stated differently: right now black hat hacking is a valuable skill that can be turned into money easily. Once everyone can do it the incentives shift and the black hats will disappear. And that leaves the next most incentivized group in control of the market, who are presumably the software vendors.
Basically Microsoft and Google and company used to have to pay bug bounties and pray. Now it's practical just to throw a few million dollars at Anthropic instead.
No, you have not been safe all this time. Every security person I know has known for ages that you need to run NoScript to block all javascript if you want to be remotely secure on the web. We also know about all the 0days found on all browsers every year. Same for mobile devices. You have always been insecure. AI just makes it slightly faster to do what hackers have been doing for ages.
BTW: Mythos is not new. OpenAI literally released a press release 1 month ago talking about GPT 5.4's redteaming features being so powerful they require ID verification to use it, and will use heuristics to downgrade you if you look like you're doing something shady. I guess everyone's got a short-term memory, or Anthropic's PR is so good that people genuinely don't understand that OpenAI's models are superior to Anthropic's.
61 comments
The initial batch of publicly disclosed vulnerabilities by Mythos demonstrates that perfectly. None of the bugs themselves are especially interesting or complex, in my opinion. They were found by applying effort to a very large amount of code which included under-scrutinized areas, where bugs hid. Yes, even in projects like Linux and OpenBSD there are many pieces of code that aren't that properly vetted, because of the finite amount of developer/researcher time allotted.
The fact that this effort is much cheaper does indeed change things. But really strong sandboxing solutions, such as gvisor or firecracker, do a really good job of having very little attack surface, all of which is heavily scrutinized.
Until we see more of the bugs that were found, it remains to be seen whether or not the post's premise about sandboxes is correct.
> Hopefully, this will finally lead to a shift in thinking so that security practices like those used in GrapheneOS become more widespread in the future. Most software developers simply patch security vulnerabilities as soon as they become aware of them rather than taking preventive measures where possible.
Working in this space, I'm worried the future is even more reactive than today. Today I can get teams to review for security the architecture before implementing, and to review the implementation for security before shipping.
As teams move (more specifically, are forced to move) to vibe coding the whole thing, nobody knows what the design is or what the implementation looks like. Vibe all the way because the CEO says so or you're fired. This means the only place to catch vulnerabilities becomes after the fact, which is usually too late.
Seems something of a unusual take on the state of the world
For example a lot more people would sue eachother for petty things if it suddenly became very easy and cost efficiant. Its not, so they dont.
Another example of AI doing this exact type of thing in another realm: In the past convincing someone you were somebody they should give money to for a scam was very possible to do, but also difficult and not very cost efficiant. You could try to impersonate someone's daughter or a police officer, but it took a lot of effort to get it right.
Now, with voice mimicking ai, deepfakes, social media to mine for personal info, etc its not as difficult and so, very likely, its becoming a bigger problem than it was.
Are folks going to actually go back and fix things that were only secure because they were or buried in layers of obfuscation and obscurity?
Probably not. And that’s the real cyber security risk. Short term profit always wins.
> The amount of energy needed to refute bullshit is an order of magnitude bigger than that needed to produce it.
Now the energy needed to secure against exploits is orders of magnitude bigger than the effort needed to secure it.
The combination of deep expertise + infinite patience of the LLM meeting the vastly increasing surface of software has a certain apocalyptic chaos gods ruin to it all, just as well known bias for mistruth to unfairly propogate itself bedevils this good planet.
> the deal has been simple: you click a link, arbitrary code runs on your device, and a stack of sandboxes keeps that code from doing anything nasty.
At most, Mythos has reminded us that this "deal" is subject to frequent cycles of being compromised-and-patched.
From time to time, I have run browsers configured for opt-in javascript (eg, umatrix), but man it's a lot of work to live that way.
> According to Anthropic, Mythos Preview successfully generates a working exploit for Firefox's JS shell in 72.4% of trials
Why are AI people so dramatic? Ok, there is yet another JS sandbox escape - not the first one, not the last one. It will be patched, and the bar will be raised for a bit... at least until the next exploit is found.
If anything, AI will make _weaponized_ exploits less likely. Before, one had to find a talented person, and get pretty lucky too. If this AI is as good as promised, you can have dependabot-style exploit finder running 24/7 for the 1/10th cost of a single FTE. If it's really that good, I'd expect that all browser authors adopt those into their development process.
Dario is trying to scare you to buying into his IPO and you're over-estimating the capability of Mythos...because he said so? With no independent reviews on the research and with many security researchers and experts accusing them of blatant scaremongering.
This is Anthropic's latest attempt to frame local models and to get them banned as they stand to be a threat against their business model.
Stated differently: right now black hat hacking is a valuable skill that can be turned into money easily. Once everyone can do it the incentives shift and the black hats will disappear. And that leaves the next most incentivized group in control of the market, who are presumably the software vendors.
Basically Microsoft and Google and company used to have to pay bug bounties and pray. Now it's practical just to throw a few million dollars at Anthropic instead.
>Anthropic just launched a model so good it scapes every know sandboxed.
No, they launched a card with that capability written on.
BTW: Mythos is not new. OpenAI literally released a press release 1 month ago talking about GPT 5.4's redteaming features being so powerful they require ID verification to use it, and will use heuristics to downgrade you if you look like you're doing something shady. I guess everyone's got a short-term memory, or Anthropic's PR is so good that people genuinely don't understand that OpenAI's models are superior to Anthropic's.