HN

Need help?
<- Back
Expanding Project Glasswing

Expanding Project Glasswing

surprisetalk

Comments (178)

  • airstrike
    I'll share the first-hand account I recently got from someone else.> We've used it at work> it is... not as hype as everyone is concerned about> I'd argue the framework around it for security scanning is the arguably more useful side of the tool, definitely doesnt take a huge model to get all the issues it flagged on our systems> For us, it absolutely flooded us with noise> I mean hundreds if not thousands of false positives or minor issues or not applicable> For every one reasonable issue> The biggest issue it created was the execs treated every issue it produced like it was a drop everything and fix the issue type deal> I'm talking company wide drop all things "we need to patch nginx because this module that no one uses and is disabled by default has this RCE vulnerability™> Or "all ec2 AMIs need to be upgraded because it flagged a a version specific docker vulnerability", it flagged every single machine with docker regardless of if the actual vulnerability was relevant> Vulnerability was with a very specific Auth plugin configuration you could enable with docker and specifically the Mosley docker compatible tool, but it is clear it only knew there was a vulnerability in docker, not if it was applicable or not> Meanwhile dirtyfrag and friends not a single peep from btw despite it allowing for container escape> Idk, I was underwhelmed with the quality of the reporting it gave really. If the company allowed me to get information about all the infrastructure in our entire organisation to run Claude over it repeatedly looking for recent CVEs I'm sure I could produce the same results...
  • mekpro
    It’s clear that Anthropic has run out of the compute capacity needed to serve Mythos publicly.They’re using security concerns to mask their inability to deliver the model at scale, while still trying to maintain their lead over OpenAI. As a result, they’ve chosen to release it privately under the banner of an “ethical” rollout.
  • waffleiron
    Not so sure I would want a company that does not see any issues with mass surveillance of my country [1] to have access to critical infrastructure or its source code where I live.[1] https://www.anthropic.com/news/statement-department-of-war :> But using these systems for mass domestic surveillance is incompatible with democratic values.
  • ianm218
    In case the topic of memory safety is interesting to anyone I've been experimenting with using AI agents to port common web infra projects to safe/ performant Rust. Somewhat inspired by the Bun port - was thinking that at some point memory safety might be such a big deal that people just need drop in replacements.- Valkey/ Redis port here https://github.com/ianm199/valdr (passes ~99% of single node test suite, real prod features like replication/ clustering/ HA early or not implemented) - Further along port of Lua 5.1-5.5 https://github.com/ianm199/lua-rs-port/tree/main - I have a less developed nginx version that would be the north star - These projects are very alpha at the momentIf anyone is interested in getting involved in this or has done similar experiments I'd love to collaborate! There is so much variation in how you can run these large scale agent fleets I don't think anyone has a perfect system yet.
  • mentalgear
    Here's my big fear: Even IF (and that's a BIG if) we get all critical vulnerabilities fixed in tech (before adversarial/state-actors turn up with open attack models) - we still have (in at least a year) models that will be so good in social engineering that they can still (given enough tokens) gain access to whatever system they want.If society can't trust banks and other institutions to safely control their data, what follows ?Do we we collectivelly switch off the internet?
  • aliljet
    Is this just one giant marketing plot?
  • 827a
    GPT-5.5-Cyber has already at least hit if not surpassed Mythos capability in cyber tasks. The only reason they're holding back is because once its out everyone would realize that its capabilities were a step change in March, but are not anymore, yet it costs significantly more and is much slower.
  • aspectop
    i think anthropic is being performative here, creating a hype for mythos and not releasing. i guess this is all a marketing thing to sell a security specialized AI to enterprise and startups at a way larger cost coz security market is deep in money.
  • 3asdkab
    So, they expand the program to US "ally" governments and corporations.These entities will now give all their IP to an American company that only promises not to spy on Americans.Subsequently, the NSA can audit the leaked sources manually and find real exploits.
  • tantalor
  • merrvk
    Got to say, Anthropic have hell of a marketing team.
  • CephalopodMD
    This is either a chuffed up PR move or an extremely generous alpha fold "publish all the proteins" moment
  • bushido
    This feels more and more like a marketing/scarcity play for the largest global corps.Will likely give them time to expand capacity as well. And make them harder to dislodge in these orgs.
  • yanis_t
    Is there any evidence Mythos is qualitatively better than the Opus 4.x?I'm afraid that the usual mantra that "we just need more scale" that worked well for attracting investments, is not working anymore - bigger models provide marginal improvements while naturally get much more expensive to run.Is this why both Anthropic and OpenAI are rushing for IPOs this year?
  • cassianoleal
    In the meantime, not everyone with actual access to the model are all that impressed.https://cyberplace.social/@GossiTheDog/116679693992983945
  • iamniels
    Whats currently an open source project which comes closest to Mythos capabilities?
  • anon
    undefined
  • andrewjneumann
    They keep writing like they stand to profit from this or something. Too many “coulds” in there for me too, this could be an amazing advancement and it could be nothing… normally we look at data and last headline I saw was 25 “high” vulnerabilities at the cost of $1 million in tokens.No comparison to human teams, and I’m sure that $1 million in tokens was used by humans, in a team. So like most AI, they’ve developed a tool that capable people can use to be better, but unlike most tools, they’re claiming this to be outright magic. The magic is the hype train.
  • jofzar
    > The organizations in this new group are based in more than 15 countriesI mean most nasdaq tech companies would be in 13+ countries, why are they writing this like it's a big number, is hilariously small?
  • aplthrowaway67
    How "altruistic" of them. If only Anthropic extended this level of care to the environment or the economy.
  • fontain
    “Mythos Preview continues a long-term trend that we’ve been warning about for some time: within 6 to 12 months […]”The only trend Mythos continues is Anthropic’s trend of warning that disaster is always 6 to 12 months away.
  • jb_briant
    Step 1: claim you created a tool so dangerous you can't release itStep2: offer to test it, but only for the biggest companies in the worldStep 3: onboard those big players on your tooling and productStep 4: profitThis is genius.
  • maipen
    I don't get how this is event front page of HN.
  • cmxch
    That’s fine as long as I can identify and reject any Mythos derived patch as being irreproducible.
  • philipwhiuk
    It would have been nice to have a list of the 150, but I guess it would make them a hacking target?
  • catigula
    I still find it funny that GPT-5.5 is just as good as Mythos and yet Anthropic likes to make things worse than they actually are.
  • 3sk_ask8
    Anthropic has the marketing of a weight loss product.- They still claim 10000 issues, but they found only one in curl.- They did not find rsync issues but Claude rather introduced rsync issues.- Facebook is a member of this cult program but Mythos did not find the account takeover flaw.- Mythos did not find the issues in Anthropic's own Bun rewrite.They will not release Mythos because it would be exposed as a fraud before the IPO.
  • andai
    [dead]
  • frays
    [flagged]
  • cyanydeez
    Expanding Project Glasswing (IPO)
  • testfrequency
    Mythos gives BIG Tesla FSD energy, I’m over it
  • mrbonner
    Maybe it is just me: I feel Anthropic most recent product announcements resemble more and more like what IBM tactic was at its high. For instance, the Watson AI hype after it defeated Kasparov. The difference is IBM actually wanted and let businesses buy and use Watson as opposed to time released like what Anthropic does to even boost the hype higher.