[object Object]3d ago
“why won’t the AI haters admit claude mythos is good?” when it turns out the exploits it found are utterly overblown (ie the firefox exploit that only works on a custom build with the sandbox disabled amongst many other non-exploitable bugs), were found at extreme expense, and required a ton of human staff to verify (just like with existing non-LLM techniques), why won’t you admit this is a grift? why won’t you admit you’ve been falling for the same grift since 2019?
Show threadAdam Shostack  3d ago
@zzt Do you have a link to something that explains the details behind "the exploits were overblown"? I looked at your thread, didn't see it.
Show thread[object Object]3d ago
@adamshostack yeh https://mas.to/@zzt/116376387689039648 details are trickling out about several of the others being in a similar vein, or being practically unexploitable, but details are scattered since this grift is structured such that anthropic has a high level of control over how information is shared
[object Object] (@[email protected])

Attached: 1 image some asshole doing free marketing for anthropic decided my post was worth screenshotting as an example of what’s wrong with the AI critics but they utterly failed to engage with any of the points I made, as if pushing back on this obvious shit at all is the problem anyway here’s a citation for the Firefox thing because no that wasn’t just me talking, the grift really is that fucking obvious

mas.to
Show threadAdam Shostack  3d ago

@zzt Thanks, and where is that post/paper with section 3.3.3 shown?

https://scholar.google.com/scholar?hl=en&as_sdt=0%2C48&q=%22the+model+is+given+a+set+of+50+crash+categories%22&btnG=

Google Scholar

Show thread[object Object]3d ago

@adamshostack no clue but here’s an anthropic blog post that says exactly the same: https://red.anthropic.com/2026/exploit/

> Specifically, Claude needed to exploit a stripped-down version of the js shell (a standalone utility that lets developers use Firefox’s JavaScript engine without the browser) that resembles an unsandboxed content process in the browser, and a task verifier to determine whether the exploit worked.

Reverse engineering Claude's CVE-2026-2796 exploit

Show threadAdam Shostack  3d ago
@zzt apparently I picked the wrong text to search on :)
Show threadDavid Gerard
@adamshostack @zzt the image, or text like it, is in the system card PDF, I'm quoting it in today's episode
Apr 9 at 8:30pmWeb