Josephine Wolff

Thanks so much for having us.

So I think that when we sort of think about the risks that Mythos presents, to me, it's less of a, oh my gosh, whichever, you know, powerful country with significant cyber capabilities gets this first is going to be a real risk because they're already a real risk.

And they're already the people with the time and the resources and the expertise to find these zero-day vulnerabilities.

So I think that that to me is less of a step change, right?

Then the idea of sort of who are the people who did not previously have access to these kinds of capabilities who might get them now?

And how would that change the landscape in which we've been able to say, you know, OK, well, this is a thing that only China could do or only China and Russia and North Korea, whatever the list is.

Right.

I think we're going to have to change our thinking on that.

in pretty significant ways, doesn't mean that we shouldn't be worried about who has access to these tools.

I think Anthropic has definitely hyped some things unnecessarily, but I think they're right to be sort of thoughtful and careful about that.

And in the world that I think we're looking to, the world that I hope we're looking to, let me start there, is one in which cyber defense is as easy as cyber offense.

And that, I think, would be a radically different one from any we've ever lived in before, in which I say to you, look, finding all of the zero-day vulnerabilities, patching all of them is the work of a few hours, just like trying to exploit them.

And China has much more secure infrastructure than it ever did before, and the United States has much more secure infrastructure than it ever did before, and so do a whole bunch of other countries and a whole bunch of other companies.

And finding a vulnerability that has not already been found by these AI tools is really, really hard and really, really rare.

And I think that, to me, is a much better world to live in than the one that it feels like we're sort of heading towards right now of every country is sort of trying to develop more and more offensive cyber capabilities and plant more little footholds and malware in each other's critical infrastructure and try to exploit the fact that none of those systems are perfectly secure.

I think a tool like Mythos allows us to imagine a future in which actually the default is your critical infrastructure is secure and there's a very, very small number of actors who can possibly compromise it.

So I think the zero-day piece refers to the idea between the time when it's been discovered and being exploited.

So the time people have had to patch it prior to actually exploitation occurring.

And the idea is if I try to exploit a vulnerability that we've known about for a year, some people may still be vulnerable, right?

Some people may not have downloaded their patches.