Christian Stöcker2d ago
That does sound very concerning. And in this case, I don‘t think it is just hype. Otherwise they would not share this stuff with Google, Amazon, Microsoft, Oracle et al.
#Anthropic #MythosPreview #AI #Zerodays
Show threadschrotthaufen
@chrisstoecker @ll1t I’ve seen some better than fuzzing results with Codex, and couple of minutes (instead of hours) till solved with help from LLMs in ctfs, so I’m leaning towards “not complete hype.” But if Anthropic want to actually prove it’s not just hot air, they should provide working PoCs to the impacted parties, who in turn could tell the public whether the PoCs actually work or not. Can’t argue with a (root) shell.
Apr 7 at 7:16pmWeb
Show threadlit2d ago

@schrotthaufen they do apparently, naturally with projects with some visibility like Firefox. This is also not blind prompting but Opus orchestrated by persons that have some intuition where in the codebase it’s worthwhile and will yield the desired results, but still. For instance: https://blog.mozilla.org/en/firefox/hardening-firefox-anthropic-red-team/

@chrisstoecker

Hardening Firefox with Anthropic’s Red Team  | The Mozilla Blog

For more than two decades, Firefox has been one of the most scrutinized and security-hardened codebases on the web. Open source means our code is visible,