[object Object]
“why won’t the AI haters admit claude mythos is good?” when it turns out the exploits it found are utterly overblown (ie the firefox exploit that only works on a custom build with the sandbox disabled amongst many other non-exploitable bugs), were found at extreme expense, and required a ton of human staff to verify (just like with existing non-LLM techniques), why won’t you admit this is a grift? why won’t you admit you’ve been falling for the same grift since 2019?
Apr 9 at 6:00pmWeb
Show thread[object Object]3d ago

some asshole doing free marketing for anthropic decided my post was worth screenshotting as an example of what’s wrong with the AI critics but they utterly failed to engage with any of the points I made, as if pushing back on this obvious shit at all is the problem

anyway here’s a citation for the Firefox thing because no that wasn’t just me talking, the grift really is that fucking obvious

Show thread[object Object]3d ago

“but how can the mythos announcement be a grift when a set of people I trust are very confident it’s not?” please consider the literal definition of “con man” and the quality of the evidence you accept. if someone you trust is telling you to ignore concrete evidence of a grift, it may be time to reconsider that trust relationship.

as with previous financial grifts like MLMs, Ponzi schemes, and cryptocurrencies, note also that many of the con men involved are also victims of the grift.

Show thread[object Object]3d ago

if you’re a fan or friend of any of the people who’ve been taken in by this or any other LLM grift, the best favor you can do for them is to push back on what they’re saying and doing. make it very clear you will not compromise on the truth.

if they are a victim of this grift, your pushback might be the perspective they need to stop being a victim. if they are profiting from the grift, you will be helping to prevent other people from being made into victims.

Show thread[object Object]3d ago
just be warned: regardless of whether the person you’re engaging with is a victim of grift or a perpetrator, engaging with them will very likely be exhausting by design. you’re unlikely to see positive results immediately, if ever. you may lose friendships. hopefully your friends come back ruggedized against bullshit, but it’s not guaranteed they will.
Show threadeuroplus 3d ago
@zzt @davidgerard this was a point of contention (at times towards heated) with my ex-wife which we had to stop talking about because we ultimately had bigger issues to deal with.
Show threadRycochet3d ago
@zzt Anthropic have an almost Theranos level of unearned media sycophancy, with people who should know better desperately trying to make a good AI company by reporting everything they say as fact and fawning because the people in charge look like better people when compared to Sam 'Captain Eyeballscan' Altman.
Show threadflere-imsaho 🇺🇦3d ago
@Rycochet @zzt and quickly reaches the therac-25 level of safety.
Show threadAlanna 🏳️‍🌈🏳️‍⚧️3d ago
@mawhrin @Rycochet @zzt Theranos are hilarious to me. They're the company everyone believed in 2015 when no one took the start up I was co-founder of seriously, despite the fact we had actual science behind it.
Show threadthe gripe ibis2d ago
@kelpana @mawhrin @Rycochet @zzt the free market is so rational
Show threadflere-imsaho 🇺🇦2d ago
@thegarbagebird @kelpana @Rycochet @zzt it's because we're dealing with the rational free market with full information, the only kind of market that exists in economy.
Show threadthe gripe ibis2d ago

@mawhrin oh you're right, if the market has correct information, it will obviously act correctly based upon that information. that's why we live in a meritocracy, where people are rewarded for their ability, not for ideological or circumstantial reasons

@kelpana @Rycochet @zzt

Show threadDan Sugalski3d ago
@Rycochet @zzt I admit it would be really nice if at some point the media came to the realization that everyone involved in a story or industry can be horrible. Douchebaggery is not, alas, a zero sum game.
Show threadBen Rosengart1d ago
@Rycochet @zzt the Lyft of LLMs
Show threadTheMagicalC2d ago

@zzt good post, but I feel like you can’t call that a citation since there isn’t a link, title, or author. Here’s a link to Anthropic’s blog post where they restate this in a footnote.

https://red.anthropic.com/2026/mythos-preview/#ftnt_ref1

Claude Mythos Preview \ red.anthropic.com

Show threadRoger BW 😷3d ago
@zzt Because then the money stops going round and round.
Show threadDavid Gerard3d ago
@RogerBW @zzt look, Anthropic are doing this for the good of humanity! Or a portion thereof
Show threadgaytabase3d ago

@davidgerard @RogerBW @zzt what, refusing to release it?

it's so dangerous. we should put a moratorium on the whole industry. regulate us so heavily that only those of us lining up IPOs can be in the market, er i mean TO SAVE HUMANITY

Show threadAdam Shostack  3d ago
@zzt Do you have a link to something that explains the details behind "the exploits were overblown"? I looked at your thread, didn't see it.
Show thread[object Object]3d ago
@adamshostack yeh https://mas.to/@zzt/116376387689039648 details are trickling out about several of the others being in a similar vein, or being practically unexploitable, but details are scattered since this grift is structured such that anthropic has a high level of control over how information is shared
[object Object] (@[email protected])

Attached: 1 image some asshole doing free marketing for anthropic decided my post was worth screenshotting as an example of what’s wrong with the AI critics but they utterly failed to engage with any of the points I made, as if pushing back on this obvious shit at all is the problem anyway here’s a citation for the Firefox thing because no that wasn’t just me talking, the grift really is that fucking obvious

mas.to
Show threadAdam Shostack  3d ago

@zzt Thanks, and where is that post/paper with section 3.3.3 shown?

https://scholar.google.com/scholar?hl=en&as_sdt=0%2C48&q=%22the+model+is+given+a+set+of+50+crash+categories%22&btnG=

Google Scholar

Show thread[object Object]3d ago

@adamshostack no clue but here’s an anthropic blog post that says exactly the same: https://red.anthropic.com/2026/exploit/

> Specifically, Claude needed to exploit a stripped-down version of the js shell (a standalone utility that lets developers use Firefox’s JavaScript engine without the browser) that resembles an unsandboxed content process in the browser, and a task verifier to determine whether the exploit worked.

Reverse engineering Claude's CVE-2026-2796 exploit

Show threadAdam Shostack  3d ago
@zzt apparently I picked the wrong text to search on :)
Show threadDavid Gerard3d ago
@adamshostack @zzt the image, or text like it, is in the system card PDF, I'm quoting it in today's episode
Show threadBruce Simpson, Ph.D.3d ago
@adamshostack @zzt It's Metasploit 2026... pay no need to the misAnthropic marketing BS and the timing is wayyy too convenient after "undercover.ts"
Show threadBruce Simpson, Ph.D.3d ago
@adamshostack @zzt Also the Gary Marcus post on this just dropped: https://garymarcus.substack.com/p/three-reasons-to-think-that-the-claude
Three reasons to think that the Claude Mythos announcement from Anthropic was overblown

No need to panic just yet

Marcus on AI
Show thread[object Object]3d ago
@bms48 @adamshostack pivot (from @davidgerard) too: https://circumstances.run/@davidgerard/116376955586380741
David Gerard (@[email protected])

Attached: 1 image Claude Mythos: the AI hacking model too good to release! Allegedly Your expensive static checker https://www.youtube.com/watch?v=-c1DC-gNizQ&list=UU9rJrMVgcXTfa8xuMnbhAEA - video https://pivottoai.libsyn.com/20260409-claude-mythos-the-ai-hacking-model-too-good-to-release-allegedly - podcast time: 7 min 07 sec

GSV Sleeper Service
Show threadDavid Gerard3d ago
@zzt @bms48 @adamshostack and from Mo Bitar https://www.youtube.com/watch?v=mcN1VTTIjQs
Claude Mythos is Delusional

YouTube
Show threadBruce Simpson, Ph.D.3d ago
@davidgerard @zzt @adamshostack Let Gary Marcus bring the kryptonite too! https://garymarcus.substack.com/p/three-reasons-to-think-that-the-claude
Three reasons to think that the Claude Mythos announcement from Anthropic was overblown

No need to panic just yet

Marcus on AI
Show threadSeñor Rolando3d ago
@zzt You have some source / link for that info?
Show thread[object Object]3d ago
@sr_rolando yeh https://mas.to/@zzt/116376387689039648
[object Object] (@[email protected])

Attached: 1 image some asshole doing free marketing for anthropic decided my post was worth screenshotting as an example of what’s wrong with the AI critics but they utterly failed to engage with any of the points I made, as if pushing back on this obvious shit at all is the problem anyway here’s a citation for the Firefox thing because no that wasn’t just me talking, the grift really is that fucking obvious

mas.to
Show threadmx alex tax1a - 2020 (6)3d ago
@zzt yep, we hear scuttlebutt that, while a whole bunch of mozilla's security bugs were found with claude, we really aren't hearing about how much crap they have to sift through to find them. "but it sure does find security bugs". 🤡
Show threadLeni3d ago
@zzt CC @malteengeler
Show threadBen Askins3d ago
@zzt who hurt you?
Show thread[object Object]3d ago
@genlevel ahahaha don’t act like your bullshit is popular here you fucking weirdo
Show threadBen Askins3d ago

For context, I was responding to the attached. I only briefly caught the venom filled response, but anti-AI dogma is as revealing of people’s ridiculously heightened emotions around this technology just as much as the pro-AI dogma.

Be moderate, be reasonable, use it where it makes sense.

If your identity is so attached to being against something, go talk to a therapist.

Show threadWhyrl2d ago
@zzt @bersl2 Cultists never admit that they were wrong
Show threadgaytabase2d ago
@zzt why won't the ai lovers admit fuzzing is good?
Show threadMoses Izumi2d ago
@zzt
Who even runs Firefoxes without the sandbox these days?

Flatpaks that fall back on bubblewrap?
People running netbook-friendly distros? (tinycore, puppy linux, etc.)
Haiku?
Show threadRebane2d ago

@zzt i agree with your general statement, but requiring a custom build with sandbox disabled is pretty standard in the browser exploitation world

i see using llms to find vulns in software as just another tool that's gonna find a bunch of stuff initially and less later on, the same way new fuzzing methods come with a surge of new bugs, it's overhyped for sure

Show threadChris Palmer2d ago
@zzt Address Sanitizer builds of the JS shell run in isolation are a norm for browser bug finding. Treating such bugs as potentially exploitable is a maximally cautious and thus wise bug triaging approach. AI is awash in grift, sure, but not this. The Firefox security team agrees these are real bugs.