So, wait, the whole “Mythos AI is so powerful it can find exploits in any software” thing requires both access to the source code and thousands of runs to find anything remotely actionable? This is the “too dangerous to release” model they’ve been hyping up?
Is that really it?
Idk what 0-day exploits are going for these days, but from what I recall it could be north of a million USD depending on the scope and impact.
In comparison: spending 10k USD to find a 0-day RCE in a popular open source program seems like a bargain. I think it's less about the efficiency of the system and more about: "What are the odds an attacker with a credit card could make this your problem?"
@yosh @baldur The market price of a 0-day shouldn't be equated to the cost of finding a 0-day - the gap is the markup, and you can expect that to be astronomical for a "product" that's only getting sold a handful of times to extremely rich malefactors.
IOW, that price of an LLM-found 0-Day (which required expert human oversight anyway) might well be the same, or even greater, than just paying experts with a fuzzer and a decompiler.
And the humans boil fewer lakes
Baldur Bjarnason
yosh
Seachaint