AI finds thousands of zero-day exploits... including in FreeBSD.

blackbird9

blackbird9

Anthropic Claude Mythos...
thehackernews.com

Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

Claude Mythos finds thousands of zero-days as Anthropic launches Project Glasswing, enhancing defenses but exposing AI security risks.
thehackernews.com thehackernews.com

www.tomshardware.com

Anthropic's latest AI model identifies 'thousands of zero-day vulnerabilities' in 'every major operating system and every major web browser' — Claude Mythos Preview sparks race to fix critical bugs, some unpatched for decades

Anthropic holds back its most advanced model yet to allow companies and institutions to prepare.
www.tomshardware.com www.tomshardware.com

Quote: "Mythos Preview, Anthropic claimed, has already discovered thousands of high-severity zero-day vulnerabilities in every major operating system and web browser. Some of these include a now-patched 27-year-old bug in OpenBSD, a 16-year-old flaw in FFmpeg, and a memory-corrupting vulnerability in a memory-safe virtual machine monitor."
 
counterpoint: this is marketing bullshit by a company that lies to prop up its value, and acts like a protection racket

Jenniferplusplus (@jenniferplusplus@hachyderm.io)

There's one very important thing I would like everyone to try to remember this week, and it is that AI companies are full of shit Only rarely do their claims actually bear scrutiny, and those are only the mildest of claims they make. So, anthropic is claiming that their new, secret, unreleased...
hachyderm.io hachyderm.io

they are drowning us in slop reports, and then trying to sell us slop-based solutions to manage all of it. shit behavior from garbage capitalists.
 
Yes I just realised I may have been guilty of re-posting the same thing... although that was specifically about freebsd.
forums.freebsd.org

Claude Code cracks FreeBSD within four hours

For about four hours, Nicholas Carlini worked on FreeBSD supported by Anthropic’s Claude. Carlini states that Claude performed a large part of the work autonomously, from identifying the vulnerability to the finished exploit. ☄️...
forums.freebsd.org forums.freebsd.org
I thought the articles about mythos were interesting anyway. It even made the BBC evening news here, which is pretty unusual...
 
atax1a said:
yes, i'm sure if you sift through enough of the sewage, you'll find one or two pieces of corn. nothing about this is healthy or sustainable or worthwhile.
Click to expand...

I'm talking about running CC on my own code by myself. There was less than 50% BS in there so far.

I have no experience being the target of third parties doing it on my code.
 
There should be a notable increase in compromised systems worldwide due to Claude hacking business. Is there any statisctical graph about it?

I don't think it works like this. Software exploitation is a method that requires human reasoning naturally. Any hole that can be found with software only can't be impressive. The knowledge to find it already existed and can be found with logic.
 
Correct me if I'm wrong, but Anthropic doesn't publish the holes right now, and the reports are from a LLM not even accessible by the public yet?
 
cracauer@ said:
Correct me if I'm wrong, but Anthropic doesn't publish the holes right now, and the reports are from a LLM not even accessible by the public yet?
Click to expand...
They are just bug-hunting for p&r? It wouldn't surprise me. Find public software and run professional security audits
 
"i have a scary bogeyman of an AI that will end computer security!!" okay, can we see it? "no".

again, this is just corporate asswipes trying to force their way in to make you pay attention to their slop. it's a show of force by technocratic fascists.
 
cracauer@ said:
Correct me if I'm wrong, but Anthropic doesn't publish the holes right now, and the reports are from a LLM not even accessible by the public yet?
Click to expand...
yes, but "The model will be used by a small set of organizations, including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, along with Anthropic, to secure critical software."

So before release it, they will patch important software infrastructure.
 
From what I heard I'm not sure they intend ever to release it. Instead they will sell it to industry partner companies to identify and fix exploits, but will not release it for general use. That was the gist of the news report I heard earlier. They consider it too dangerous to put it out on general release.

I'm sure the opposition is working on the same kind of thing...
 
Finding bugs or exploits in software seems an extremely simple task for a very sophisticated contrivance whose specialty is recognizing patterns. I'm not impressed at all. They are just feeding their little machine the baby food it knows how to chew well, so it can shine. Oh, look how well our little machine chews its baby food! It's just more Anthropic being good at niche marketing. Nothing new.

Also, I wonder where the escalation in naming will lead. What comes after "Mythos"? "Deity," perhaps?

I'm anti-talking-about-AI now. I'm very fed up with the thing. There are other things happening in the world. (Yes, yes, yes, I'm being contradictory, but how do you protest protests?).

And now, sports.
 
This would be relatively "safe" use-case of AI / LLM, compared with using codes generated by AI / LLM that has possible fatal copyright issues in the future.

But special attentions is mandatory for false-positives.
There should be warned dangerous codes near the hardware level that should be unavoidable to make some devices to just work.
 
You must log in or register to reply here.
Back
Top