Memory safety is the best way to address a large aspect of the threats posed by frontier models.
It's one thing to forget an Authorize attribute. That's a coaching event and procedure update. It's another altogether to not be able to see a dormant use-after-free bug because your brain can't hold the entire codebase and product roadmap at once. You can't coach a human developer on that. We all miss things this deep in the rabbit hole. The 2nd best option is to avoid this space of possibilities altogether.
I've been brewing on this topic since Mythos preview was announced. As Mythos got finally released, then banned, then released again under U.S. government control, it was time to finally flesh it out and use it as a way to exit the lurker-zone on HN !
I was actually pleased to see OpenAI openly (although timidly) complaining about the situation in their latest announcement, framing it as an unsustainable system.
One can only guess the outrage in the news if the Chinese government had been the first to pull this kind of stunt.
> outrage in the news if the Chinese government had been the first to pull this kind of stunt.
I suspect that the Chinese government "pulls this kind of stunt" often but just nobody ever hears about it because their society is not free to complain about such a thing publicly.
Democracy cannot be taken for granted. There are always tendencies to drift toward authoritarian. China is authoritarian, full stop. They are capitalism, not communism, but authoritarian. Keep that in mind when discussing what come out of China.
A populist wave electing a shitbird in response to a global economic downturn does not mean democracy is being taken for granted or that no one gives a shit. It's only been a year and a half, we haven't even had the chance to rebuke him in the midterms yet.
There's an alternative viewpoint: democracy is experiencing a revival.
The old "cathedral-style" democracy is dying. People are seeing that the "regular" politicians are just ineffective and kinda boring. The old party-based structures are stifling and prevent changes. People want more direct participation in the governance.
So people are voting for a "new wave" of candidates that promise to work around the old institutions. Right-wingers were the first to harness this, initially with the Tea Party takeover and then Trump came in and crushed the entire Republican Party into his personal fiefdom.
Mamdani is doing the same with the Democratic Party now. After the recent primary victories, he's well-poised to become the left-wing Trump.
If you want historical analogies, the situation is similar to the start of the 20-th century when the wide masses first became politically active. Literacy spread, then radio broadcasts and daily nation-wide newspapers gave people the impression that they're a part of the same entity.
It ended well, with democracy winning over authoritarianism. But the middle part contained a couple of world wars and mass genocides.
You also have government apparatchiks influencing almost every corporate board, not just the state owned enterprises. Every private company that employs at least 3 CCP members is required by law to form a party committee within the company to represent party interests. In smaller companies, they will often simply coordinate with local governments on securing permits, etc, but I’m sure national party leadership communicates directly with the committees at the AI labs.
> I’m sure national party leadership communicates directly with the committees at the AI labs
They do now.
Top AI researchers in China are barred from getting an exit visa [0] (the PRC has done this for other employees as well such as Foxconn China employees who were working on shifting Apple supply chains to India [1]), and "AI Safety" from a national security perspective has been codified as party policy now [2].
The leading Chinese AI labs are also shifing away from open-source AI for commercial reasons, as can be seen with the org changes at Alibaba with the axing of the Qwen team [3][4].
That said, these are called out but it's all in Putonghua and no one on HN actively reads or follows what happens within China. I've noticed most HNers now source information from Reddit which has been dealing with DRAGONBRIDGE deluge for a couple years now, and I've noticed similar tactics being applied on HN as well.
In all honesty, I've found HN's noise to signal ratio to have tanked severely since 2022. Silver lining is that less people that matter are using it as much, so the IW impact is limited.
> Since then, Mythos and it’s safeguard-heavy equivalent
The simple "it's" vs. "its" rule is this:
If you can replace it with "it is" and it sounds weird, it's "its", otherwise it's "it's". In other words, "it's" is 100% of the time an abbreviation of "it is" (or, rarely, "it has"); it's not a possessive form.
Which is of course internally-inconsistent; I say "Peter's toys", not "Peters toys", but we say "its toys" to mean the same thing. /shrug
I only tell you this because I screwed it up for years before looking up the rule and going "... Oh. Duh. But also... Fucking hell, English!" ;)
The fear porn around this all has been horrible. I work in Cybersecurity and Mythos is all the vendors will talk about because they want to sell something. It started the day of the announcement which is what told me it was all BS. They had no information about it yet would happily tell me about all their solutions for it.
Anyone in my profession worth a damn will tell you the vast majority of security issues are related to bad configurations and bad practices + accidents and bad luck. Vulnerable software is a problem but basic defense in depth will either mitigate or drastically reduce attack surface. Mythos does nothing to change that.
The technical debt at companies is the largest security threat. That, and layer 8 which is the people factor. The amount of silliness I've seen from people and companies as a whole is truly hard to verbalize. I've seen banks that gave every employee from the janitor up to the CEO domain admin access due to a crappy application that was written in 2004 that they never updated. I've seen a fortune 250 company write its own internal routing protocol that was basically clear text traffic that dated back to the 1990's and was never retired because, why not. I've seen contractors infect entire fab's in the chip industry because they plugged an infected USB stick into a 30 year old tool that hadn't seen an update in over 20. Then when the fab came back up, they did it again the next day.
Ultimately, Mythos is just another tool in the toolbox. It's great to find new vulns but it is incredibly short sighted to think it will move the needle in any meaningful way in the security industry.
Forget whether it is Mythos or GPT 5.6, or any other specific model. SOTA models have tool likely have the knowledge and capability to create zero days from nearly every discovered and many undiscovered vulnerabilities. In the wrong hands can deploy and generate malware and submarine code that would go undetected behind secured systems. Add in the ability to clone voices, create mass social engineering campaigns.
Yet "Just another tool in the toolbox." I mean, that's not wrong!
Sure but not my point. My point is, saying that LLMs are "just another tool in the box" is a little like saying nuclear weapons are "just another bomb."
We already are using software that is ancient, with many vulnerabilities that are already in the public, we already use insecure software more than we care to admit, if Mythos is gonna help with that, it's gonna make finding (not discovering) these vulnerabilities easier because it already has the knowledge, but the enough intellect to come up with new ones.
Same applies for other LLMs
I keep seeing screen shots of random AI chat bots who have been prompt injected to write code. That car dealership is now paying for the tokens for some script kiddie to pump out python.
Mythos actually does change that calculus. Going forward, with access to a mythos caliber llm actors are not tied to bad configs or lazy admins for access. I get that the bs is real. But it's important for you to not rest on your laurels having recognizing that salesmen sell. You actually have to pay attention to and understand the new developments your field. It's sad that the marketing department odd doing a better job than you in that manner
Mythos finds exploits largely by reading source code.
Your open source dependencies may need to be version bumped quickly, but most companies are not going to be immediately exploitable without a large scale source code leak, and an attacker motivated to spend large amounts of money/compute on finding lucrative exploits (not just any exploits).
To me the reaction has been way overblown, though again, very real for large scale open source projects.
And going forward there's not going to be as many issues due to using models defensively, e.g. this vulnerability spike is likely a one time event.
Yes! Keep your firewalls in order, and do not directly expose your servers and software to the public internet, and you will have done a lot to mitigate mythos style attacks. I've been looking for the nr of remote exploits vs non-remote, and this has not come up in the media. Without a lot of remotes, I would not be so worried.
I've seen things you people wouldn't believe. Attack ships on fire off the shoulder of Orion. I watched C-beams glitter in the dark near the Tannhäuser Gate. All those moments will be lost in time, like tears in rain. Time to die.
Find some pretty good vulnerabilities, and at a very fast speed--one or two weeks ago, mimo-v2.5-pro(some where between v4 flash and pro), released ultra-speed version with 1000 tokens/s. gpt-5.6 sol also has a nominal 750 tokens/s
Ha yeah I totally agree, that's actually one of the future posts I have in draft : the other downfall of GenAI in cyber. You can't outsource learning, and a lot of learning opportunities in the Cybersecurity industry are getting totally ruined by llms (ctf, low hanging fruit bug bounties, foss software getting burnout by AI slop and closing the gate to potential newbie willing to get involved, etc.)
- June 1st 2026: Anthropic files S-1 paperwork with SEC to get ready for IPO
- June 2nd 2026: Anthropic annouces expanding "Project Glasswing" to let people use their new model to enhance security of existing systems
- June 9th 2026: Anthropic releases Mythos model
- June 12th 2026: Model gets export regulations placed on it by US Gov
- June 26th 2026: US gov announces they will let some companies use new model
- August 2026: Anthropic goes IPO
The timing of all of this just seems to be a play to pump the stock. The reality is that in six months GLM-5.3 will be released open source with comparable functionality to their Mythos model. They are trying to cash in before that happens.
I would not be surprised if the US government, the people pulling the strings who actually put the export announcements onto Anthropic, actually have purchased stock in the company to artificially pump up the stock, I would bet money on it.
Nah I spoke to a security researcher who still has access to Mythos. He says it is significantly better than their earlier models for security research. Based on my one-day use of Fable that was also a noticeable step up for coding.
There's absolutely no way Anthropic engineered this to bump their IPO price. That's lunatic conspiracy theory territory.
> I would not be surprised if the US government, the people pulling the strings who actually put the export announcements onto Anthropic, actually have purchased stock in the company to artificially pump up the stock, I would bet money on it.
The same US government that labelled Anthropic as a supply chain risk? This is the most ridiculous idea I've heard all week.
Anthropic losing their ability to release new models to most customers (and thereby revenue, and thereby ability to train new models) makes you think investors will value it more highly than if they could release new models to everyone who wanted to pay them?
Since training/inference/datacenters are a money sink (as you can read in any financial insights of anthropic, openai, etc.) having more customers might actually be detrimental.
Just look at the consumer side: the current attitude of most people is they'd rather not pay the actual cost of the LLM they're using. Therefore the big money is probably in an IPO by boosting your product to be so unfathomably potent, it must be ridiculously valuable to own and control.
It also helps to pretend it's actually too dangerous for the general public: high-paying government contracts only please.
> having more customers might actually be detrimental
That could only be true if serving inference to customers was the least profitable part of the business, and that the training side of the business was the more profitable side of the business? Otherwise unless their huge fixed training costs get cheaper if they lose customers, it's only going to be worse?
With so much cloud being at risk from AI now, soon or in the future, it seems like self-hosting or at least managed custody of your own gear is going to become more of a thing.
the idea is that you don't have half of all companies all share the same liability of a single cloud provider who is half-arsing it because of their monopoly position.
Are there specific examples of where the big hosting companies “half arsed” it worse than the typical self-hoster? And the argument is that overall the big hosters do this more often than self holsters in terms of security?
Memory safety is the best way to address a large aspect of the threats posed by frontier models.
It's one thing to forget an Authorize attribute. That's a coaching event and procedure update. It's another altogether to not be able to see a dormant use-after-free bug because your brain can't hold the entire codebase and product roadmap at once. You can't coach a human developer on that. We all miss things this deep in the rabbit hole. The 2nd best option is to avoid this space of possibilities altogether.
I've been brewing on this topic since Mythos preview was announced. As Mythos got finally released, then banned, then released again under U.S. government control, it was time to finally flesh it out and use it as a way to exit the lurker-zone on HN !
"Released" is doing some heavy lifting here.
Fair, let's say a heavily staggered come back.
I was actually pleased to see OpenAI openly (although timidly) complaining about the situation in their latest announcement, framing it as an unsustainable system.
One can only guess the outrage in the news if the Chinese government had been the first to pull this kind of stunt.
> outrage in the news if the Chinese government had been the first to pull this kind of stunt.
I suspect that the Chinese government "pulls this kind of stunt" often but just nobody ever hears about it because their society is not free to complain about such a thing publicly.
Ah so you can see the future of discourse in the US
Democracy cannot be taken for granted. There are always tendencies to drift toward authoritarian. China is authoritarian, full stop. They are capitalism, not communism, but authoritarian. Keep that in mind when discussing what come out of China.
We actively take it for granted in the US AND we’re actively watching it slip away. No one seems to give a shit.
A populist wave electing a shitbird in response to a global economic downturn does not mean democracy is being taken for granted or that no one gives a shit. It's only been a year and a half, we haven't even had the chance to rebuke him in the midterms yet.
There's an alternative viewpoint: democracy is experiencing a revival.
The old "cathedral-style" democracy is dying. People are seeing that the "regular" politicians are just ineffective and kinda boring. The old party-based structures are stifling and prevent changes. People want more direct participation in the governance.
So people are voting for a "new wave" of candidates that promise to work around the old institutions. Right-wingers were the first to harness this, initially with the Tea Party takeover and then Trump came in and crushed the entire Republican Party into his personal fiefdom.
Mamdani is doing the same with the Democratic Party now. After the recent primary victories, he's well-poised to become the left-wing Trump.
If you want historical analogies, the situation is similar to the start of the 20-th century when the wide masses first became politically active. Literacy spread, then radio broadcasts and daily nation-wide newspapers gave people the impression that they're a part of the same entity.
It ended well, with democracy winning over authoritarianism. But the middle part contained a couple of world wars and mass genocides.
Right wingers dont repreaemt democracy. They are openly and actively trying to change it to authoritariam dictatorship.
Mamdani is NOT doing the same nor like Trump. For all the scaremongering, he is pragmatic politic with policies full of compromises.
There ia no symmetry between what those parties do.
It seems our government still has a lot to learn.
At this point, it has a lot to re-learn, as the Trump administration has been systematically lobotomizing it for 18 months.
You also have government apparatchiks influencing almost every corporate board, not just the state owned enterprises. Every private company that employs at least 3 CCP members is required by law to form a party committee within the company to represent party interests. In smaller companies, they will often simply coordinate with local governments on securing permits, etc, but I’m sure national party leadership communicates directly with the committees at the AI labs.
> I’m sure national party leadership communicates directly with the committees at the AI labs
They do now.
Top AI researchers in China are barred from getting an exit visa [0] (the PRC has done this for other employees as well such as Foxconn China employees who were working on shifting Apple supply chains to India [1]), and "AI Safety" from a national security perspective has been codified as party policy now [2].
The leading Chinese AI labs are also shifing away from open-source AI for commercial reasons, as can be seen with the org changes at Alibaba with the axing of the Qwen team [3][4].
That said, these are called out but it's all in Putonghua and no one on HN actively reads or follows what happens within China. I've noticed most HNers now source information from Reddit which has been dealing with DRAGONBRIDGE deluge for a couple years now, and I've noticed similar tactics being applied on HN as well.
In all honesty, I've found HN's noise to signal ratio to have tanked severely since 2022. Silver lining is that less people that matter are using it as much, so the IW impact is limited.
[0] - https://www.bloomberg.com/news/articles/2026-05-26/china-exp...
[1] - https://www.bloomberg.com/news/articles/2025-01-17/china-mov...
[2] - http://theory.people.com.cn/n1/2026/0616/c40531-40741238.htm...
[3] - https://m.guancha.cn/economy/2026_06_12_820253.shtml
[4] - https://www.ft.com/content/b39da303-3188-447b-8b65-3dd8dad8b...
Any recommendations / alternatives for higher signal to noise ratio?
Everything is offline now. Public boards like HN are from a bygone era of the Internet.
Offline where though?
SF, NYC, Austin, Seattle, Boston, DC, Beijing, Bangalore, London, Hyderabad, Tel Aviv, Singapore, and other major tech and finance hubs.
> their society is not free to complain about such a thing publicly
wuh?
wuh? what? The Chinese government tightly controls every aspect of their technology industry and all public discourse around it.
I hope you’re not this nice in real life!
FYI:
> Since then, Mythos and it’s safeguard-heavy equivalent
The simple "it's" vs. "its" rule is this:
If you can replace it with "it is" and it sounds weird, it's "its", otherwise it's "it's". In other words, "it's" is 100% of the time an abbreviation of "it is" (or, rarely, "it has"); it's not a possessive form.
Which is of course internally-inconsistent; I say "Peter's toys", not "Peters toys", but we say "its toys" to mean the same thing. /shrug
I only tell you this because I screwed it up for years before looking up the rule and going "... Oh. Duh. But also... Fucking hell, English!" ;)
The fear porn around this all has been horrible. I work in Cybersecurity and Mythos is all the vendors will talk about because they want to sell something. It started the day of the announcement which is what told me it was all BS. They had no information about it yet would happily tell me about all their solutions for it.
Anyone in my profession worth a damn will tell you the vast majority of security issues are related to bad configurations and bad practices + accidents and bad luck. Vulnerable software is a problem but basic defense in depth will either mitigate or drastically reduce attack surface. Mythos does nothing to change that.
The technical debt at companies is the largest security threat. That, and layer 8 which is the people factor. The amount of silliness I've seen from people and companies as a whole is truly hard to verbalize. I've seen banks that gave every employee from the janitor up to the CEO domain admin access due to a crappy application that was written in 2004 that they never updated. I've seen a fortune 250 company write its own internal routing protocol that was basically clear text traffic that dated back to the 1990's and was never retired because, why not. I've seen contractors infect entire fab's in the chip industry because they plugged an infected USB stick into a 30 year old tool that hadn't seen an update in over 20. Then when the fab came back up, they did it again the next day.
Ultimately, Mythos is just another tool in the toolbox. It's great to find new vulns but it is incredibly short sighted to think it will move the needle in any meaningful way in the security industry.
Forget whether it is Mythos or GPT 5.6, or any other specific model. SOTA models have tool likely have the knowledge and capability to create zero days from nearly every discovered and many undiscovered vulnerabilities. In the wrong hands can deploy and generate malware and submarine code that would go undetected behind secured systems. Add in the ability to clone voices, create mass social engineering campaigns.
Yet "Just another tool in the toolbox." I mean, that's not wrong!
You think this is not happening with open weight models?
Sure but not my point. My point is, saying that LLMs are "just another tool in the box" is a little like saying nuclear weapons are "just another bomb."
We already are using software that is ancient, with many vulnerabilities that are already in the public, we already use insecure software more than we care to admit, if Mythos is gonna help with that, it's gonna make finding (not discovering) these vulnerabilities easier because it already has the knowledge, but the enough intellect to come up with new ones. Same applies for other LLMs
All of this, but you forgot that ai opens up new vectors.
AI itself is a security risk: https://www.404media.co/hackers-simply-asked-meta-ai-to-give...
I keep seeing screen shots of random AI chat bots who have been prompt injected to write code. That car dealership is now paying for the tokens for some script kiddie to pump out python.
Does depth matter when you can automate attacks with intelligent agents?
Will the intelligent agents be plugging the infected USB sticks in?
Mythos actually does change that calculus. Going forward, with access to a mythos caliber llm actors are not tied to bad configs or lazy admins for access. I get that the bs is real. But it's important for you to not rest on your laurels having recognizing that salesmen sell. You actually have to pay attention to and understand the new developments your field. It's sad that the marketing department odd doing a better job than you in that manner
Mythos finds exploits largely by reading source code.
Your open source dependencies may need to be version bumped quickly, but most companies are not going to be immediately exploitable without a large scale source code leak, and an attacker motivated to spend large amounts of money/compute on finding lucrative exploits (not just any exploits).
To me the reaction has been way overblown, though again, very real for large scale open source projects.
And going forward there's not going to be as many issues due to using models defensively, e.g. this vulnerability spike is likely a one time event.
So the fear porn is a bit much.
They can exploit binaries too eg see this vulnerability in github https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-38...
Yes! Keep your firewalls in order, and do not directly expose your servers and software to the public internet, and you will have done a lot to mitigate mythos style attacks. I've been looking for the nr of remote exploits vs non-remote, and this has not come up in the media. Without a lot of remotes, I would not be so worried.
I've seen things you people wouldn't believe. Attack ships on fire off the shoulder of Orion. I watched C-beams glitter in the dark near the Tannhäuser Gate. All those moments will be lost in time, like tears in rain. Time to die.
Anthropic: It seems you feel our work is not a benefit to the public.
Me: LLMs are like any other machine. They're either a benefit or a hazard. If they're a benefit, it's not my problem.
The genie is out of the bottle, folks. You can find some pretty good vulnerabilities even with models like Deepseek V4 Flash.
Find some pretty good vulnerabilities, and at a very fast speed--one or two weeks ago, mimo-v2.5-pro(some where between v4 flash and pro), released ultra-speed version with 1000 tokens/s. gpt-5.6 sol also has a nominal 750 tokens/s
The CCC talk in December showed me how good llms are at ctf.
Ctf fundamentaly have to change.
It also showed how critical it is to use llms now.
A lot has changed in just 12 month tbh.
If you still don't invest time and money into adding llms to your security you didn't hear the bang.
Ha yeah I totally agree, that's actually one of the future posts I have in draft : the other downfall of GenAI in cyber. You can't outsource learning, and a lot of learning opportunities in the Cybersecurity industry are getting totally ruined by llms (ctf, low hanging fruit bug bounties, foss software getting burnout by AI slop and closing the gate to potential newbie willing to get involved, etc.)
I'd be interested in a link to that talk if it's recorded
Maybe this one? https://media.ccc.de/v/39c3-breaking-bots-cheating-at-blue-t...
Hoping op will confirm.
Yes!
:)
This is a great read! I never realized the scale of the effort to find that BSD vulnerability- helps put things in perspective
So funny both this and https://news.ycombinator.com/item?id=48698617 are on the front page at the same time.
Comments are saying the vulns in that thread aren’t very impressive.
Those look like mostly nonsense/trivial findings
it all looks suspicious:
The timing of all of this just seems to be a play to pump the stock. The reality is that in six months GLM-5.3 will be released open source with comparable functionality to their Mythos model. They are trying to cash in before that happens.
I would not be surprised if the US government, the people pulling the strings who actually put the export announcements onto Anthropic, actually have purchased stock in the company to artificially pump up the stock, I would bet money on it.
Nah I spoke to a security researcher who still has access to Mythos. He says it is significantly better than their earlier models for security research. Based on my one-day use of Fable that was also a noticeable step up for coding.
There's absolutely no way Anthropic engineered this to bump their IPO price. That's lunatic conspiracy theory territory.
> I would not be surprised if the US government, the people pulling the strings who actually put the export announcements onto Anthropic, actually have purchased stock in the company to artificially pump up the stock, I would bet money on it.
The same US government that labelled Anthropic as a supply chain risk? This is the most ridiculous idea I've heard all week.
Anthropic losing their ability to release new models to most customers (and thereby revenue, and thereby ability to train new models) makes you think investors will value it more highly than if they could release new models to everyone who wanted to pay them?
Since training/inference/datacenters are a money sink (as you can read in any financial insights of anthropic, openai, etc.) having more customers might actually be detrimental.
Just look at the consumer side: the current attitude of most people is they'd rather not pay the actual cost of the LLM they're using. Therefore the big money is probably in an IPO by boosting your product to be so unfathomably potent, it must be ridiculously valuable to own and control.
It also helps to pretend it's actually too dangerous for the general public: high-paying government contracts only please.
> having more customers might actually be detrimental
That could only be true if serving inference to customers was the least profitable part of the business, and that the training side of the business was the more profitable side of the business? Otherwise unless their huge fixed training costs get cheaper if they lose customers, it's only going to be worse?
With so much cloud being at risk from AI now, soon or in the future, it seems like self-hosting or at least managed custody of your own gear is going to become more of a thing.
Is the idea that self hosters tend to make less security mistakes than the big hosting companies?
the idea is that you don't have half of all companies all share the same liability of a single cloud provider who is half-arsing it because of their monopoly position.
Are there specific examples of where the big hosting companies “half arsed” it worse than the typical self-hoster? And the argument is that overall the big hosters do this more often than self holsters in terms of security?
But what if Opus 7.1 is real smart - as what Mythos was promised to be?
Or an Opus 9.0
Will Cybersecurity ever start to be an issue?