Cal Newport
๐ค SpeakerAppearances Over Time
Podcast Appearances
They're better able to produce multi-step software goals, and so they can better build software to exploit them.
This is a real issue, but it's not new with Mythos, right?
But Mythos was presented as if some Rubicon had been passed.
But there was a couple things I noticed right off the bat.
One, they made the mistake of listing
a bunch of the exploits that they, vulnerabilities they had found to try to brag.
Look at this thing in FreeBSD.
Look at this thing in FFPG or whatever.
Like they showed all these exploits they found.
They didn't count on a lot of security researchers said, well, wait a second.
Why don't I get like a much smaller, cheaper model aiming at that same source code and say, can you find any vulnerabilities?
they could find the same ones.
So the evidence that it's finding vulnerabilities better, we don't have any way of knowing that's true.
And if anything, we actually are getting a lot of reports that they were paying big bounties for security researchers.
I'm going to give you access to mythos.
I'm going to pay you
for any bugs you can report that you found with it.
So they had security researchers, just who knows how many false positives were coming out of that.
And then on the exploitation side, we only really have one study.
It comes from AISI, who I do not trust, but it's the only independent study.