Kevin Beaumont21h ago
I’ve had a bunch of people ask my thoughts on Anthropic’s Mythos. I’ve read the research paper they released and the numbers, and basically I agree with @malwaretech’s take. It’s marketing. The cybersecurity industry is historically very good at marketing cyber pearl harbour and the need to buy magic boxes.
Show threadKevin Beaumont21h ago
Companion video https://youtu.be/fM7GIIylXqI
Is Cybersecurity Over?

YouTube
Show threadKevin Beaumont20h ago

I don't think anybody actually watches videos any more, so here's MWT's core point -

The flagship and lead vuln in the research is a BSD vuln, it cost $20k to discover with Mythos. Anthropic only reached a crash, and the vuln class in 99%+ cases never reaches RCE, just crashes.

So.. cool.. you spent $20k of VC money to find a crash as the flagship vuln. But... uhm... that isn't the end of the world.

The proof is going to be if any of the open source vulns turn out to be important. So far:

Show threadMike Siegel
@GossiTheDog he makes a good point about the subsidized cost. It's like in the early days when Uber was cheap AF to put the taxis out of business. Once they had market share, they cost as much as taxis.
Apr 12 at 10:47amWeb