Mastodawn

That does sound very concerning. And in this case, I don‘t think it is just hype. Otherwise they would not share this stuff with Google, Amazon, Microsoft, Oracle et al.
#Anthropic #MythosPreview #AI #Zerodays

Show thread

Eberhard Wolff 2d ago

@chrisstoecker Why would this unlike all the other stuff be no hype? I have lost count of the number of instances where AI was supposed to be an incredible threat to everything.

Show thread

Johannes Link 2d ago

@ewolff @chrisstoecker Security holes share complicated but (I assume) characteristic patterns. Why don’t find humans them easily? Because you often need a longish sequence of steps to reveal them. This could be a sweet spot for generative models. The claim has been made for a couple of exploits in the preceding months.

Show thread

JoeHenzi 2d ago

@jlink @ewolff @chrisstoecker This isn't only hype. ChatGPT has teased AGI for 2 years. Both companies leak stupid things like how Claude is "anxious" to garner buzz. I am largely suspect of Claude, they have astroturfed the entire internet about their capabilities.

However, these tools have been finding exploits from the start, they are getting even better, cases are documented, piling up. Agreed - they are finding things others aren't, bypassing fuzzing. They are equally good at writing defects and buggy code - but I don't think this is only hype.

Anthropic says they are monitoring usage now they have realized this is dangerous. Using their API to probe things like the Linux kernel will get their attention they claim.

Show thread

Eberhard Wolff 2d ago

@JoeHenzi @jlink @chrisstoecker I want to see these “thousands of high severity vulnerabilities” and why they are considered high severity. Security is not exempt from scientific methods. Show the data, publish a peer-reviewed paper. In this state, is just marketing by an AI company.

Show thread