• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Project Glasswing --Securing critical software for the AI era

P

philb2

2[H]4U
Joined
May 26, 2021
Messages
3,376
https://www.anthropic.com/glasswing?utm_source=substack&utm_medium=email

Today we’re announcing Project Glasswing, a new initiative that brings together Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks in an effort to secure the world’s most critical software.​

We formed Project Glasswing because of capabilities we’ve observed in a new frontier model trained by Anthropic that we believe could reshape cybersecurity. Claude Mythos2 Preview is a general-purpose, unreleased frontier model that reveals a stark fact: AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.

Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser. Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely. The fallout—for economies, public safety, and national security—could be severe. Project Glasswing is an urgent attempt to put these capabilities to work for defensive purposes.


I have to applaude Anthropic here. But am I the only one alarmed by the mere existence of Mythos AI? Should there be DOD/CIA level of security for hosting this model?
Should Anthropic offer a MAAS (Mythos As A Service) for selected US and Western European companies? With even access to the model outputs secured?
If Anthropic couild develop such a model what about OpenAI or Gemini? What about the Chinese group that developed Deepmind? Imagine if Deepmind makes its model available to the "Axis of Evil," China, Russia, North Korea, Iran?

Should Microsoft and other companies use Mythos as part of their regular QA cycle?
 
Turns out Mythos was all marketing. Color me shocked. Staying that AI bubble as much as they can.
 
philb2 said:

Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks​

Click to expand...

from this list, how many have had security breaches?
 
sunruh said:
from this list, how many have had security breaches?
Click to expand...
All of them. Maybe not publicly, but all of them. For every incident we know about, I would wager there are one or more that each has paid the ransom to make go away.
 
4saken said:
Turns out Mythos was all marketing. Color me shocked. Staying that AI bubble as much as they can.
Click to expand...
Look overall AI is certainly overhyped, if not a bubble. But we should all take Mythos seriously. I'm guessing that all these companies mentioned in the press release do. Do you hear any of them saying, "Not us!?"
 
philb2 said:
Look overall AI is certainly overhyped, if not a bubble. But we should all take Mythos seriously. I'm guessing that all these companies mentioned in the press release do. Do you hear any of them saying, "Not us!?"
Click to expand...
Just going off what was released yesterday, post the few days ago of the original news. says as much, just not plainly. Of course none would say not us. They all are exchanging $$ on the big bet.
 
4saken said:
Just going off what was released yesterday, post the few days ago of the original news. says as much, just not plainly. Of course none would say not us. They all are exchanging $$ on the big bet.
Click to expand...
I dunno if I'd say it was "all marketing." Mythos found a 27 year old OpenBSD vuln that simply by connecting to the system you could crash it. A 16 year old bug in FFMPEG. Multiple exploits of the Linux kernel to form a chain of exploits to gain full control over the computer. That's not "all marketing".

Opus 4.6 could find bugs but not exploit them very well at all. Supposedly Mythos absolutely creates working exploits a very high percentage of the time when asked.

While some of this needs to be taken with a grain of salt, if AI will be amazing at anything it will be examining code, exploiting code, and fixing code.

Project Glasswing is certainly something to keep an eye on.
 
Vermillion said:
I dunno if I'd say it was "all marketing." Mythos found a 27 year old OpenBSD vuln that simply by connecting to the system you could crash it. A 16 year old bug in FFMPEG. Multiple exploits of the Linux kernel to form a chain of exploits to gain full control over the computer. That's not "all marketing".

Opus 4.6 could find bugs but not exploit them very well at all. Supposedly Mythos absolutely creates working exploits a very high percentage of the time when asked.

While some of this needs to be taken with a grain of salt, if AI will be amazing at anything it will be examining code, exploiting code, and fixing code.

Project Glasswing is certainly something to keep an eye on.
Click to expand...
I'm only referring to the "we can't let this loose". Mythos will be obsolete by year end, it will always be cat and mouse. But the bluster right now, is pure marketing, anthro vs openAI to gain share. Too much money to lose. Nothing in regard to AI itself, and where it is going.
 
Vermillion said:
Project Glasswing is certainly something to keep an eye on.
Click to expand...
I'm sure all the other AI companies are now having "big" meetings in response. I'm worried that Deepmind may do an open source equivalent of Mythos. In which case,fergeddidaboutit for effective data security. And no more safe e-commerce or online banking, etc., etc. and back to travel agencies that print out your airline tickets.
 
If its so hot, you could run it in a loop, find bug, patch bug, check patch, if no bug release patch. They *could* be releasing an endless stream of patches...
 
You must log in or register to reply here.
Back
Top