Kevin Beaumont18h ago
I’ve had a bunch of people ask my thoughts on Anthropic’s Mythos. I’ve read the research paper they released and the numbers, and basically I agree with @malwaretech’s take. It’s marketing. The cybersecurity industry is historically very good at marketing cyber pearl harbour and the need to buy magic boxes.
Show threadKevin Beaumont18h ago
Companion video https://youtu.be/fM7GIIylXqI
Is Cybersecurity Over?

YouTube
Show threadKevin Beaumont17h ago

I don't think anybody actually watches videos any more, so here's MWT's core point -

The flagship and lead vuln in the research is a BSD vuln, it cost $20k to discover with Mythos. Anthropic only reached a crash, and the vuln class in 99%+ cases never reaches RCE, just crashes.

So.. cool.. you spent $20k of VC money to find a crash as the flagship vuln. But... uhm... that isn't the end of the world.

The proof is going to be if any of the open source vulns turn out to be important. So far:

Show threadJeremy Kun
@GossiTheDog IMO it's not nothing but not apocalypse. Enough for forward thinking groups to start taking it seriously and considering risks.
2:19pmWeb