alt.hn

4/7/2026 at 6:09:34 PM

Project Glasswing: Securing critical software for the AI era

 https://www.anthropic.com/glasswing

by Ryan5453

4/8/2026 at 4:33:15 AM

I’m sure the new model is a step above the old one but I can’t be the only person who’s getting tired of hearing about how every new iteration is going to spell doom/be a paradigm shift/change the entire tech industry etc.

I would honestly go so far as to say the overhype is detrimental to actual measured adoption.

by ofjcihen

4/8/2026 at 4:50:43 AM

There is plenty of overhyping, no one denies that. But the antidote is not to dismiss everything. Ignore the words and look at the data.

In this case, I see a pretty strong case that this will significantly change computer security. They provide plenty of evidence that the models can create exploits autonomously, meaning that the cost of finding valuable security breaches will plummet once they're widely available.

by qnleigh

4/8/2026 at 6:45:53 AM

You seem to see a "pretty strong case" from a bombastic press release.

Don't get me wrong, I do know the reality has changed. Even Greg K-H, the Linux stable maintainer, did recently note[1] that it's not funny any more:

"Months ago, we were getting what we called 'AI slop,' AI-generated security reports that were obviously wrong or low quality," he said. "It was kind of funny. It didn't really worry us."

... "Something happened a month ago, and the world switched. Now we have real reports." It's not just Linux, he continued. "All open source projects have real reports that are made with AI, but they're good, and they're real." Security teams across major open source projects talk informally and frequently, he noted, and everyone is seeing the same shift. "All open source security teams are hitting this right now."

---

I agree that an antidote to the obnoxious hype is to pay attention to the actual capabilities and data. But let's not get too carried away.

[1] https://www.theregister.com/2026/03/26/greg_kroahhartman_ai_...

by kashyapc

4/8/2026 at 5:15:32 PM

Hadn’t been to a Kubecon in about a year as I’ve been tending to go to just the European ones. I definitely felt a much stronger this is real vibe at this event from people like Greg KH.

by ghaff

4/8/2026 at 5:55:55 AM

Is there any actual independent data though, or verification of any of these claims?

As it stands this is just a marketing programme for all involved.

by 4ndrewl

4/8/2026 at 6:07:37 AM

Ffmpeg confirmed on Twitter that they sent the patches.

by H8crilA

4/8/2026 at 7:26:54 AM

Although, they also said, "Because the patches appear to be written by humans".

by cubix

4/8/2026 at 8:47:39 AM

"Mythos writes code like a human" incoming

by WithinReason

4/8/2026 at 11:20:02 AM

The patches could have been written by humans, it doesn't matter that much. Or written by a clanker and polished by engineers. The difficult part is usually not in writing the patches that fix such vulnerabilities, but in finding the vulnerabilities. And these days it's even harder to exploit them, since you need to bypass modern hardening features.

by H8crilA

4/8/2026 at 6:34:23 AM

What would be the product they're marketing by this campaign?

by kachnuv_ocasek

4/8/2026 at 6:54:01 AM

You don't market products, you market lifestyles/interests. Sell the sizzle, not the steak etc.

For Anthropic it's "we own the big scary models, the AI security space, but it's ok we're responsible"

For the partners it's "we're the Big Boys here and will look after your enterprise needs"

None of it needs any more than anecdata and some nice, pre-approved, quotes.

Every organisation does it.

by 4ndrewl

4/8/2026 at 6:42:43 AM

The product they launched?

by ozozozd

4/8/2026 at 4:16:29 PM

This product is explicitly not being released for usage

by mholm

4/9/2026 at 1:05:28 PM

The product is being provided to some of the most influential companies. That can definitely serve to Anthropic's advantage. (Regardless, I suspect the hype is real.)

by prawn

4/8/2026 at 5:38:22 PM

just because _we_ don't have access does not mean anthropic's not getting paid

by 0123456789ABCDE

4/10/2026 at 1:47:30 AM

Imagine you were making purchasing decisions about which LLM-based coding tool to use.

If one of the possible vendors convinces you that that they have a next gen model that is so powerful it found 20+ year old bugs in a hardened operating system, that would undoubtedly have an influence on your decision even if you are only buying the current model.

by timv

4/8/2026 at 8:20:17 PM

[dead]

by danudey

4/8/2026 at 8:56:32 AM

That's pretty disingenuous, bordering on ridiculous.

Do they have a record of lying to you? No.

Go read the system card. It's a lot more tame than you think, peoples are taking pieces out of this and hyping it. Doesn't mean it's not valid.

by KoolKat23

4/8/2026 at 4:53:16 AM

Which sounds like a great thing. Less undiscovered security vulnerabilities

by killingtime74

4/8/2026 at 5:46:19 AM

The only people panicking are probably those state level actors who were using these for their own benefit.

by harikb

4/8/2026 at 5:02:54 AM

With the right prompting (mostly creating a narrative that justifies the subject matter as okay to perform) other models have already been doing this for me though. That’s another confusing bit for me about how this is portrayed and I refuse to believe I’m a revolutionary user right?

I mean I’m sitting on $10k worth of bug payouts right now partially because that was already a thing.

by ofjcihen

4/8/2026 at 5:25:50 AM

> Non-experts can also leverage Mythos Preview to find and exploit sophisticated vulnerabilities. Engineers at Anthropic with no formal security training have asked Mythos Preview to find remote code execution vulnerabilities overnight, and woken up the following morning to a complete, working exploit. In other cases, we’ve had researchers develop scaffolds that allow Mythos Preview to turn vulnerabilities into exploits without any human intervention.

by dota_fanatic

4/8/2026 at 5:47:26 AM

I mean yeah. I’ve had these successes without scaffolding or really anything past Claude CLI and a small prompt as well?

by ofjcihen

4/8/2026 at 6:32:15 AM

Just saw your edit. I'll leave it at this, this is why it's news to me, because by their very own measurements, Opus simply doesn't come close. I trust their empirical evidence over your hearsay. But feel free to prove me wrong with evidence.

> With one run on each of roughly 7000 entry points into these repositories, Sonnet 4.6 and Opus 4.6 reached tier 1 in between 150 and 175 cases, and tier 2 about 100 times, but each achieved only a single crash at tier 3. In contrast, Mythos Preview achieved 595 crashes at tiers 1 and 2, added a handful of crashes at tiers 3 and 4, and achieved full control flow hijack on ten separate, fully patched targets (tier 5).

by dota_fanatic

4/8/2026 at 6:17:06 AM

You've taken control of a remote server running OpenBSD? Or similarly expert level exploit? Can you share one of the bounties you've received that is of the magnitude they're talking about?

Edit: Wait, you wrote "As someone in cybersecurity for 10+ years" elsewhere in this thread. You wrote "a small prompt" using e.g. Opus 4.6 and it found critical vulnerabilities of the magnitude they're describing, presumably without your prompt having anything beyond what a non-expert could write? I feel like you might want to tell Anthropic since clearly they're not comfortable with that level of power being publicly available.

by dota_fanatic

4/8/2026 at 6:30:13 AM

I mean, yes? And my point is that this isn’t exactly a new capability. Sure it’s probably better but we’ve been able to do this. They didn’t just suddenly “turn on the security”. LLMs have excelled at code since widely being released. I have no idea why that’s news and the fact that they’re treating it as such makes it seem like hype.

by ofjcihen

4/8/2026 at 7:55:25 AM

[dead]

by heyethan

4/8/2026 at 6:31:39 AM

> how every new iteration is going to spell doom/be a paradigm shift/change the entire tech industry etc.

It's much the dynamic between parents and a child. The child, with limited hindsight, almost zero insight and no ability to forecast, is annoyed by their parents. Nothing bad ever happens! Why won't parents stop being so worried all the time and make a fuss over nothing?

The parents, which the child somewhat starts to realize but not fully, have no clue what they are doing. There is a lot they don't know and are going to be wrong about, because it's all new to them. But, what they do have is a visceral idea of how bad things could be and that's something they have to talk to their child about too.

In the eyes of the parents the child is % dead all the time. Assigning the wrong % makes you look like an idiot and not being able to handle any % too. In the eyes of the child actions leading to death are not even a concept. Hitting the right balance is probably hard, but not for the reasons the child thinks.

by jstummbillig

4/8/2026 at 7:39:14 AM

Disagree - we’re being told on one hand that we are 6 months away from AI writing all Code, and 3 months into that the tools are unusable for complex engineering [1]. Every time I mention this I’m told “but have you tried the latest model and this particular tool” - yes I have, but if I need to be on the hottest new model for it to be functional that means the last time you claimed it was solved, it wasn’t solved.

[0] https://www.entrepreneur.com/business-news/ai-ceo-says-softw...

[1] https://news.ycombinator.com/item?id=47660925

by maccard

4/8/2026 at 8:51:24 AM

> Every time I mention this

I feel like there’s a bunch of factors for why it will never be the same for many folks, from the models and harnesses, to the domains and existing tests/tooling.

I feel bad for the people for whom it doesn’t work, but Claude Opus has written most of my code in 2026 so far. I had to build some tools around linting entire projects and most of my tokens are probably referencing existing stuff and parallel review iterations and tests, but it’s pretty nice and even seeing legacy code doesn’t make me want move to a farm and grow potatoes.

It might be counter productive to be like: "Oh, just do X!" which works for the person suggesting it, and then have to do "But have you tried Y?" when it doesn't for the other person, if it just keeps being a never ending string of what works for one person not working for another.

by KronisLV

4/8/2026 at 10:38:08 AM

> I feel like there’s a bunch of factors for why it will never be the same for many folks

Yeah, and the problem arises simply because some people are unable to accept the fact. They insist that if LLM-assisted coding doesn't work for one, it's because “you're holding it wrong”.

by laserlight

4/8/2026 at 9:50:00 AM

> I feel like there’s a bunch of factors for why it will never be the same for many folks, from the models and harnesses, to the domains and existing tests/tooling.

If the argument is “you have to use the right model, harness, test and tooling for it to work” then it’s not replacing software engineers any time soon.

The other thing is - where are all the web apps, mobile apps, games, desktop apps, from these 100x productivity multipliers. we’re 1-2 years into these tools being widely mainstream and available and I’m not seeing applications that took years to ship before appear at 100x the rate, or games being shipped by tiny teams, or new ideas of mobile apps coming out at 100x the rate. What we do see is vibe coded slop, stability issues with massive companies (windows, AWS for example), and mass layoffs back to pre-covid levels blamed on AI but everyone knows it’s a regression to the mean after a massive over hiring when money was cheap.

It’s like the emperor has no clothes on this topic to me.

by maccard

4/8/2026 at 3:03:55 PM

I’m an indie developer and I see the explosion in apps in my niche (creative tools for photography/videography).

They wouldn’t have taken years to ship before, but easily a couple months.

Now the moment any app with any value gets popular, the App Store gets flooded with quick vibe coded copycat clones (very recognizable AI generated icon included).

The quality is low, but the impact this flood has on the market is real.

by gyomu

4/8/2026 at 11:07:09 AM

I wouldn't paint the image in such black terms. LLMs can be good in finding bugs and potential issues. And if you like, they can be like IntelliSense on steroids. Even agentic workflows can be good, e.g. for an initial assessment of a new large codebase. And potentially millions of other small tasks like writing one-off helper scripts etc.

by dvfjsdhgfv

4/8/2026 at 12:45:04 PM

So which apps are seeing 10x the bug fixes and improvements in stability and quality? From my side, I see one shot CRUD apps, platforms like AWS and windows actively deteriorating, to the point of causing massive outages and needing to have development processes changed [0]. Who is actually shipping 10x more stuff, or fixing 10x more bugs?

[0] https://arstechnica.com/ai/2026/03/after-outages-amazon-to-m...

by maccard

4/9/2026 at 3:07:11 AM

I "pair" with claude-code and still write 30% by hand, with additional review with gpt-5.4, but I definitely write fewer bugs than before. I'd estimate my speedup to be 2x.

by MaybiusStrip

4/8/2026 at 2:00:29 PM

The Automation bias issue is something that has been raised by many people like myself but mostly ignored. The better models get the worse that problem with get, but IMHO the implications of the claims are not on the code generation side.

The sandwich story in the model card is the bigger issue.

LLMs have always been good at finding a needle in a haystack, if not a specific needle, it sounds like they are claiming a dramatic increase in that ability.

This will dramatically change how we write and deliver software, which has traditionally been based on the idea of well behaved non-malfeasant software with a fix as you go security model.

While I personally find value in the tools as tools, they specifically find a needle and fundamentally cannot find all of the needles that are relevant.

We will either have to move to some form of zero trust model or dramatically reduce connectivity and move to much stronger forms of isolation.

As someone who was trying to document and share a way of improving container isolation that was compatible with current practices I think I need to readdress that.

VMs are probably a minimum requirement for my use case now, and if verified this new model will dramatically impact developer productivity due to increased constraints.

Due to competing use cases and design choice constraints, none of the namespace based solutions will be safe if even trusted partners start to use this model.

How this lands in the long run is unclear, perhaps we only allow smaller models with less impact on velocity and with less essential complexity etc…

But the ITS model of sockets etc.. will probably be dead for production instances.

I hope this is marketing or aspirational to be honest. It isn’t AGI but will still be disruptive if even close to reality.

by nyrikki

4/9/2026 at 8:16:38 PM

It depends on the use, I'm not fixed on "productivity" measured by LoC but on code quality. So when using LLMs to challenge my code I'm less productive but the quality of my code increases.

by dvfjsdhgfv

4/8/2026 at 1:12:01 PM

It actually seems like people are shipping 10x more bugs, not fixing 10x more bugs.

by camdenreslink

4/8/2026 at 11:46:54 AM

Where are all the apps? It's mostly visible in AI tooling itself. Harnesses, vibe coding tools and stuff with "claw" in the name saw a cambrian explosion.

And maybe using AI to use AI better is just masturbatory. But coders want interesting problems to solve. Pros also need software ideas they can monetize. And what problem is attracting more investment in money, time and neurons than the problem of making AI productive? (I am referring only to problems that can be solved in software....)

So the thing with AI is that right now it is both a tool AND a potentially very valuable problem to solve, that's why most of the AI "productivity" gains go into AI itself. At one point this self-refetential phase will have to end and people are going to see if these new AI tools, harnesses.claw-things are actually applicable to things people are willing to pay the real prices for (not the subsidized ones).

by fpaf

4/8/2026 at 11:33:17 AM

wasn’t there a news story about the app store reviews being delayed because of an increase in app influx?

by muggesmuds

4/8/2026 at 2:02:31 PM

that doesnt tell us much about the subjective quality of the apps in said influx

by RugnirViking

4/9/2026 at 4:25:03 PM

And thus the goalpost was shifted. The first question was "where are all the AI coded apps?" And once this was answered, the subject is immediately switched to quality.

by buzzin__

4/9/2026 at 7:22:50 PM

no? the post they responded to said

> I’m not seeing applications that took years to ship before

> What we do see is vibe coded slop

by RugnirViking

4/8/2026 at 12:53:31 PM

I absolutely feel like there has been an explosion of software since the release of AI tools. This is a subjective assessment anyway…

My company for example has gotten 500% better at creating productivity tools.

by JambalayaJimbo

4/8/2026 at 4:35:49 PM

Even co-pilot writes most of my code in april 2026.

Further, i don't trust code anymore that hasn't been reviewed 3x or more by co-pilot.

If you have asked me 6 months ago I wouldn't have expected this change so soon.

by je42

4/8/2026 at 11:03:08 AM

> I had to build some tools around linting entire projects

OK, everybody is doing that. And everybody is doing their best at making LLMs more reliable when working on non-trivial tasks. Yet, it looks like nobody came up with a universal solution yet. This is particularly true for non-trivial projects.

by dvfjsdhgfv

4/8/2026 at 2:36:34 PM

It’s because the models response is conditioned on the prompt. They are as intelligent as the person using them

In some sense it’s a lot like a google search. There’s this big box of knowledge and you are choosing tokens to pluck out of it. The quality of the tokens depends on how intelligent you are.

by mlsu

4/8/2026 at 3:19:03 PM

Don’t forget, it also depends on the complexity of the work and the experiences of the operator.

The less complex the work and the less experienced the operator means more perceived “wow” factor :)

There’s definitely an aspect of how you use it though. In my work it’s mostly been chaining to reduce non-determinism.

by ofjcihen

4/8/2026 at 3:34:10 PM

The irony here is that even if one is extracting legitimate value from LLMs because they are that much smarter than their peers, the process of using LLMs to perform all of their skilled labor makes them less intelligent.

by GoatInGrey

4/8/2026 at 9:42:28 AM

Check out from this onwards and the following point. You get a nice summary on top right. Mind that Anthropic alone is doing 30B/y annualized already.

Take a snapshot and check again in a few months. It's not perfect but it's much more falsifiable than a lot of the noise.

https://ai-2027.com/#narrative-2026-04-30

by ndr

4/8/2026 at 10:35:38 AM

> Mind that Anthropic alone is doing 30B/Y annualised already

How many crypto exchanges were pulling in hundreds of millions in funding and doing billions in trades in 2021/2022?

That blog post is… really something, I’ll give you that. Im not entirely sure what else to say about it other than that.

by maccard

4/8/2026 at 12:55:40 PM

Trade volume and buying API credits are very dissimilar ways of measuring value. One can be wash traded into oblivion, the other is burning a hole in corporate accounts.

by piyh

4/8/2026 at 8:50:05 AM

> “I think… I don’t know… we might be six to twelve months away from when the model is doing most, maybe all of what SWEs (software engineers) do end to end.”

I think it's disingenuous (as disingenuous as you're accusing these marketing teams of being) to paraphrase that as "being told on one hand that we are 6 months away from AI writing all Code". It's merely stating that it's a real possibility. (It's also disingenuous to use a post complaining about a behavioral regression bug as evidence that it's not progressing)

Dismissing it as impossible is silly, considering how close it already is to a junior dev. Keep in mind that 14 months prior to that statement was before we even had any public reasoning models. Things really are moving that fast, it's just, at the moment, unclear how fast.

by LordDragonfang

4/8/2026 at 9:41:49 AM

We’ve been suggesting that programmers are going to be replaced by simpler programming languages, gui programming tools, no code tools, low code tools, and now AI. The real big step was when Claude code came out and introduced the agentic loop where it could self validate against tests/linters/tooling, but everything after that had been penned as miraculous when IME it’s a new iteration of the same thing - wild hallucinations, getting stuck in deep loops, ignoring explicit instructions and guard rails, wild tangents and just generating stuff that doesn’t work or solve the problem.

> I think it's disingenuous (as disingenuous as you're accusing these marketing teams of being) to paraphrase that as "being told on one hand that we are 6 months away from AI writing all Code". It's merely stating that it's a real possibility

No - you don’t get to make wild predictions and say “oh I didn’t actually mean that, look how succesful we are though”. These teams aren’t saying “hey we think we’re going to majorly influence programming in 6-12 months”, they’re saying “we’re going to replace programmers”. If you can’t stand over your claims, don’t make them. _That’s_ disingenuous.

by maccard

4/8/2026 at 7:03:42 PM

> We’ve been suggesting that programmers are going to be replaced by simpler programming languages, gui programming tools, no code tools, low code tools, and now AI.

The difference is that it's actually working this time. Non-programmers are writing full apps. Sure, they're simple ones, often just CRUD and UI, but it actually is changing things in a way it never has before. You can't assert something is the same as everything previous when there's already evidence that it's different.

> No - you don’t get to make wild predictions and say “oh I didn’t actually mean that, look how succesful we are though”.

Except that's not what's happening here. I'm criticizing you for misrepresenting what claim was made in the first place. No where in your evidence have you shown anyone "walking the claim back". If anything, TFA is claiming evidence of an LLM doing "most" of what SWEs do "end to end" three months ahead of schedule.

If you want to present evidence Dario (or another CEO -- I'm sure Sama has made much more fantastic claims that you could falsify) made claims that didn't pan out, be my guess, but don't tell falsehoods about the evidence you are presenting.

(And no, I'm not counting breathless tech reporters -- everyone knows how much to trust them when they report a cure for cancer -- they'll say everything is a miracle cure. But the fact that hundreds of "miracle weight loss cures" that never panned out made the new in the past several centuries didn't make GLP1s fake just because they had the same type of hype.)

by LordDragonfang

4/8/2026 at 8:29:01 PM

> The difference is that it's actually working this time. Non-programmers are writing full apps

You can say this about every step along the way. C programmers replaced assembly programmers. Python programmers replaced C programmers. low code tools replaced interal tools teams.

> I'm criticizing you for misrepresenting what claim was made in the first place. No where in your evidence have you shown anyone "walking the claim back".

The claim is that SWES will have their work done by models in 6-12 motnhs. We are _nowhere near_ that 9 months on to it. That's all there is to say it.

> If anything, TFA is claiming evidence of an LLM doing "most" of what SWEs do "end to end" three months ahead of schedule.

TFA based on a model that is so good that it has to be kept from us? from the company that literally can't keep their app up? From the company who shipped an update that didn't launch?

> be my guess, but don't tell falsehoods about the evidence you are presenting.

I mean, I literally posted a quote from the CEO of one of the two major companies saying that SWEs are 6-12 months away from being replaced. This is fantasy talk from a guy who is incentivised to have you believe this. If the claims are that software is changing, and how we're building/deploying software is adapting to that new world then yeah that's fair enough. But the current models, harnesses and tooling are not replacing an SWE unless there's a paradigm shift in the next 3 months. And my point is that we appear t be going backwards, not forwards.

> didn't make GLP1s fake just because they had the same type of hype.

No, GLPs work and that's the difference.

by maccard

4/9/2026 at 8:30:33 PM

> I mean, I literally posted a quote from the CEO of one of the two major companies saying that SWEs are 6-12 months away from being replaced.

Even ignoring the other ways you're misrepresenting the, there's a huge difference between "might be" and "are going to be".

I'm sorry if English isn't your first language, but we're going to have to agree on basic grammar or else it's not going to be productive for me to continue responding to the flaws in your argument.

by LordDragonfang

4/8/2026 at 6:36:53 AM

That feels like a very complex way of looking at it. Another way would be to say “potentially profit seeking companies have an incentive to oversell products even if they’re good”.

by ofjcihen

4/8/2026 at 8:46:31 AM

Is Anthropic lying about model capabilities? If not, where is the overselling?

by WithinReason

4/8/2026 at 3:51:10 PM

March 2025, Anthropic was claiming that 90% of code would be written by LLMs in three to six months, and "essentially all" code within twelve months. This was one week after closing a Series E round for $3.5 billion. When they began working on their Series F round for $13 billion. You shouldn't need more than that to understand what's going on here.

The Claude Code leak revealed that Anthropic runs Claude-operated bots on the internet. One should be very cautious in getting swept up in the fund-raising process if they are not seeing first-hand the fruition of all of the flattering claims being presented by strangers on the internet.

by GoatInGrey

4/8/2026 at 6:23:42 PM

>March 2025, Anthropic was claiming that 90% of code would be written by LLMs in three to six months, and "essentially all" code within twelve months.

There's a pretty big difference between "We predict in X time frame our model will be capable of Y" and "Our model did Y."

This is like watching someone measure the size of an object and saying "I don't believe you because you guessed it was X before you pulled out your tape measure."

by supern0va

4/8/2026 at 5:46:02 PM

You're talking about marketing predictions and I'm talking about data presented in a whitepaper. They are not the same thing.

by WithinReason

4/8/2026 at 6:43:03 AM

[flagged]

by ACCount37

4/8/2026 at 6:50:11 AM

Homie chill. I use Opus every day and I love it. I’m not saying it’s all hype, just that these companies are here to make money and that every advertisement should be taken with salt yeah?

Also maybe consider what this kind of visceral reaction indicates on a personal level :/

by ofjcihen

4/8/2026 at 6:56:19 AM

[flagged]

by ACCount37

4/8/2026 at 7:09:05 AM

I mean if it helps I support the move to not release mythos right off the bat yeah? That makes sense, treat new models like new vulnerabilities and give companies time to scan with them etc.

But you have to admit it does serve a savvy business purpose of creating a moat where one wasn’t by getting these tech companies on board and the threat does make for good marketing yeah?

by ofjcihen

4/8/2026 at 7:21:10 AM

[flagged]

by ACCount37

4/8/2026 at 7:48:58 AM

"There is NO shadow wizard marketing gang pulling the strings on every single thing those companies do"

Yes there is they are called marketing departments and it is their exact purpose.

by UltraSane

4/8/2026 at 7:40:28 AM

Normalcy bias is human nature. If human nature bothers you then you're going to be annoyed all the time.

by sandspar

4/8/2026 at 7:30:10 AM

We have been hearing this since GPT-2. They’ve been crying wolf for too long, that’s on them (the model providers). That and the fact they never publish anything interesting around their claims. It’s the ffmpeg thing all over again (very old bug in a decoder for a format used by one game from the early 90’s sold as some major breakthrough).

by techpression

4/8/2026 at 8:15:12 AM

The parents in this case are profiteering corporations on a mission to exploit the child for everything they can get away with, almost by definition.

It's a slightly different dynamic.

by avaer

4/8/2026 at 9:12:58 AM

I feel like you’re muddying 2 different arguments here. Or rather, 2 different positions.

You’re asserting that people who are tired of this line being wheeled out hold a position analogous to “what’s the big deal, nothing bad happens, just relax”. In reality, that’s only 1 position. The other position is “I understand fully, the consequences, but the relentless doomer language is tiring in the face of continuing-to-not-eventuate”.

by FridgeSeal

4/9/2026 at 3:10:40 AM

What do you think of people that say that about climate change? It seems you don't understand fully. This is not the time go get tired, right before this actually starts impacting jobs and people in other ways.

by MaybiusStrip

4/8/2026 at 7:03:59 AM

It’s more like the abusive parents telling the child that they’ll sell him to the scary man at the bus stop every time they want to coerce the child into doing what they want.

Eventually the child develops disrespect for authority.

by kubb

4/8/2026 at 6:51:28 AM

This is just a really bad analogy. It doesn't addresses that there are multiple sources, the incentives to be telling us about it, and the spectrum between disaster-mitigation heroes and snake-oil salesmen.

by athrowaway3z

4/8/2026 at 7:54:19 AM

Did you compare AI companies to parents and engineers actually delivering value to toddlers? AI companies cannot, in any capacity, be regarded as caretakers.

by materialpoint

4/8/2026 at 12:21:18 PM

Sure, if the parent's stock price soared if the child dies.

by haritha-j

4/8/2026 at 11:35:29 AM

Don’t take it personally but this amount of fear and paranoia about death on every corner sounds like a mental illness to me. Generalised Anxiety disorder to be precise. Maybe I am just not a parent.

In any case there are substances and realiable methods that fix whatever paralyzing existential dread anyone struggles with daily.

Probably best to use conventional route but I personally use special low thc, high cbg weed once a week with a medical grade vaporizer and once a year (early autumn) a moderate dose of golden teacher mushrooms. Although I understand that most people perhaps couldn’t due to not managing their own business but on a strict employment contract with urine tests.

by juleiie

4/8/2026 at 12:49:54 PM

Are you suggesting these researchers somehow have wisdom and aren’t just guessing, and that everyone else are children too naive to understand the technology? It certainly sounds that way from the description you are attempting to apply.

This is two parents disagreeing on whether their child will automatically grow up to be a psychopath with one parent constantly remarking “if you teach that child how to cut bread, they will stab everyone later. If you teach that child to drive, they will run over everyone later”, not the “parents know better” situation you describe.

by therealpygon

4/8/2026 at 1:51:54 PM

An analogy that’s, quite literally, an appeal to paternalism to trust the motivations and pernicious incentive structures of the big AI labs.

by toraway

4/8/2026 at 7:40:20 AM

I'll have some of what you're having

by shafyy

4/8/2026 at 8:35:05 AM

This is literally one the most infantilizing and simultaneously insulting analogies I've ever come across on this site. Do you really think consumers of the latest AI tools have no ability to forecast? The parents in this analogy have every incentive to lie

by bottom999mottob

4/8/2026 at 7:53:06 AM

[dead]

by lpln3452

4/8/2026 at 6:18:04 AM

There is step changes that actually merit this though. And a zero day machine IS one of those. It went from 4% zero day success rate to 85% on firefox.

Can you not see the significance of that?

by nbardy

4/8/2026 at 6:21:22 AM

I mean I work in this world and overhype is constant.

Additionally those numbers are somewhat meaningless without more context.

by ofjcihen

4/8/2026 at 6:38:36 PM

Can you explain why they are meaningless without more context?

by jstummbillig

4/8/2026 at 8:09:10 PM

A 0 day is just a vulnerability that wasn’t known before now.

What’s the criticality of these? Are they realistically exploitable? En mass? Through a complex and highly contextual set of actions? What’s the impact? Etc etc etc.

Yes those numbers are a big change but they’re also not spelling doom for us in the security world until we actually know what they mean.

The demonstrated ones that they have on the red team blog are neat, the kernel chain is impressive and fun. But nothing I’m seeing here is as world ending as the presser implies.

by ofjcihen

4/9/2026 at 7:24:21 AM

> The demonstrated ones that they have on the red team blog are neat, the kernel chain is impressive and fun

So by your estimation, for rogue actors being able to uncover hundreds of this class in each major software product roughly for free would not be a big issue?

by jstummbillig

4/9/2026 at 1:26:21 PM

We must have read two different red team blogs from Anthropic if that’s what you think is happening. But let’s go ahead and assume what you’re asking at face value.

It would not be a doomsday issue as implied, no. Org security has gone far beyond static detections and “just exclude some IPs that fail to log in too much and we’re good”. SOAR exists. Behavioral analysis and monitoring exists. Layered defenses exist.

Believe it or not for those of us in security in large highly targeted companies we’ve been dealing with the potential for multiple chained 0 days for years and the processes, monitoring, and (yes, automated) response architecture is already there.

I get that this is absolutely frightening for some and that causes panic but for us this is Tuesday.

by ofjcihen

4/8/2026 at 7:56:53 AM

I side with you but on the other hand: this is how it works to get attention by those who aren't affiliated with computer science and AI.

I am totally annoyed as well and put any buzzwords in my personal bs filter. Java was revolutionary, the Apple I etc. ;)

On the other hand I see progress! AI enriched press releases balance buzzwords and information way better than marketing of large companies did before AI.

I remember throwing away an instruction for an electronic toothbrush away because - I won't mention the name but have a look at the upper tier - instead of putting something like "Turn toothbrush on, choose mode by pressing..." it read "Take your super awesome premium masterpiece using patented technology for the first time in human life now available to you by us. Move your finger over to the innovative sensory surface, that uses material from rocket scientists and world leading designers".

No joke. These were text blocks and repeated - 30 pages for one compact one.

The toothbrush is top notch, except for the instructions.

by _the_inflator

4/8/2026 at 3:27:57 PM

Hahaha I think we might have the same toothbrush.

That makes sense and I like the analogy.

by ofjcihen

4/8/2026 at 7:21:51 AM

I think Claude Code with Sonnet 4.6 is already at the level of paradigm shift and can change the entire tech industry.

If you're paranoid it doesn't mean you're not being followed. If something is overhyped it doesn't mean it's not game-changing.

by alexey-salmin

4/8/2026 at 3:26:16 PM

Oh I agree with you on that. But that’s partially why the language in the presser falls flat for me.

I mean as an example while web app pen testing I’ve been running and proxying all my traffic through it with instructions to find vulnerabilities with instructions telling it it’s a senior web app security export looking over my shoulder. It’s already great at that.

Ive even told it to do recon and run pen tests on lists of subdomains before (please for the love of god have the right harnesses and guardrails before you do this) and woken up to paid findings before.

So like I’m in a weird place where this was already happening and Mythos is being sold like it wasn’t good before?

End ramble :/

by ofjcihen

4/8/2026 at 2:10:41 PM

I came across this article just this morning saying AMD researchers, who hitherto have relied on Claude Code heavily, have noticed degraded performance in the recent update: https://www.theregister.com/2026/04/06/anthropic_claude_code...

Claude Code and Glasswing are not the same, but presumably they have a lot of overlap under the hood. I feel like while AI is certainly advancing in major ways, there will always be the up and down of new software releases.

by davenporten

4/8/2026 at 12:32:24 PM

At launch, a technology is considered dangerous for being too powerful.

3 months later, you are an absolute idiot to still be using that useless model. Are you not using glasswing 2-01 high? Oh, yeah, glasswing from 3 months ago is absolutely worthless, every viber knows, it's your fault for holding it wrong.

For once you should not get too excited for new models release and words and adjectives promising things. Honestly it's your fault humanity lost its humanity and we just have words words words and mass schizophrenia

by heliumtera

4/8/2026 at 1:01:48 PM

To me it makes absolutely zero sense that they would decide to not release the model to the public because of the effects that it would have due to its exploitation capabilities. Previous models were also capable of providing harmful information, yet that wasn't a problem, because models can actually be effectively censored using RHLF. So what is preventing Anthropic to simply forbid the model from letting people vibe-code exploits???

by FiberBundle

4/9/2026 at 5:22:54 AM

Fully agree here. I think it’s evident more that mythos does not deliver step change results and more is a disappointment.. so let’s hype it up by further scaring the masses of its ‘mythic’ abilities

by Jesus_piece

4/8/2026 at 11:10:04 AM

This looks more like another lobby group (quite a bad one) than something primarily focused on security.

The "urgency" is very likely mostly appreciated to drive policy.

by raxxorraxor

4/8/2026 at 12:04:03 PM

I’ve lost trust in anything they say.

The fear marketing is clearly intentional at this point.

by adam_patarino

4/8/2026 at 12:27:53 PM

And the complicit, click-thirsty tech media falls for it every time.

by baggachipz

4/8/2026 at 12:06:54 PM

Everybody remembers the fable of the boy who cried wolf and how he died at the end. Left out of the story is the multiple other villagers who died of starvation because their flock of sheep was eaten. So because they didn't want to feel like suckers. Tuning out completely because of the existence of false positives is not a good choice.

by DonsDiscountGas

4/8/2026 at 1:57:15 PM

Remember OpenAI decided GPT 2 was far too dangerous to unleash upon the world when they first trained it!

by gchadwick

4/8/2026 at 3:43:17 PM

That's an editorialized headline. What they actually wrote was that it could be used to "generate misleading news articles, impersonate others online, automate the production of abusive or faked content to post on social media, [or] automate the production of spam/phishing content" and that they are aware other researchers have the ability to reproduce and open source their results, but this would give the community some time to decide how to proceed.

They were correct.

by nearbuy

4/8/2026 at 4:07:26 PM

Hasn't almost every model created a paradigm shift lately? Maybe it's you who has moved the needle on what a paradigm shift means?

by akmiller

4/8/2026 at 2:16:33 PM

> I can’t be the only person who’s getting tired of hearing about how every new iteration is going to spell doom/be a paradigm shift/change the entire tech industry etc.

There's a little bit of a grading your own homework aspect to companies being able to declare their new models revolutionary.

It doesn't mean they're wrong, but there is a clear conflict of interest.

by throwawayq3423

4/8/2026 at 7:50:47 AM

Well Opus 4.5/4.6 kinda was right?

I mean software development has changed more since then than it has in my 30 year software development career.

by nl

4/9/2026 at 12:45:08 AM

a lot of times people cry wolf for a couple of times before wolf actually comes.

i feel like theres a good chance that this is the actual wolf coming here. cause i was using opus for a lot and it's really good.

by mik09

4/8/2026 at 4:27:07 PM

It feels to me full with marketing in the guise of trying to save the world from their own making. "we have a model so strong we can't release it, here are all the details of why it's so good, but don't ask for access, you can't get it, it's too risky for your own good"

Something smells really really weird:

1. Per the blog post[0]: "This was the most critical vulnerability we discovered in OpenBSD with Mythos Preview after a thousand runs through our scaffold. Across a thousand runs through our scaffold, the total cost was under $20,000 and found several dozen more findings"

Since they said it was patched, I tried to find the CVE, it looks like Mythos indeed found a 27 years old OpenBSD bug (fantastic), but it didn’t get a CVE and OpenBSD patched it and marked it as a reliability fix, am I missing something? [1]

2. From the same post, Anthropic red team decided to do a preview of their future responsible disclosure (is this a common practice?): "As we discuss below, we’re limited in what we can report here. Over 99% of the vulnerabilities we’ve found have not yet been patched" [0] So this is great, can't wait to see the actual CVEs, exploitability, likelihood, peer review, reproducibility, the kind of things the appsec community has been doing for at least the last 27 years since the CVE concept was introduced [2]

3. On the same day, an actual responsible disclosure, actual RCEs, actual CVEs, in Claude Code, that got discovered mostly because of the source code leak, I don't see anyone talking about it (you probably should upgrade your Claude Code though).

CVE-2026-35020 [3] CVE-2026-35021 [4] CVE-2026-35022 [5]

Do with this information as you may...

[0] https://red.anthropic.com/2026/mythos-preview/

[1] https://www.openbsd.org/errata78.html (look for 025)

[2] https://www.cve.org/Resources/General/Towards-a-Common-Enume...

[3] https://www.cve.org/CVERecord?id=CVE-2026-35020

[4] https://www.cve.org/CVERecord?id=CVE-2026-35021

[5] https://www.cve.org/CVERecord?id=CVE-2026-35022

by eranation

4/8/2026 at 7:04:18 AM

I agree I can’t open any social media no more

by jwpapi

4/9/2026 at 5:23:22 PM

Spell doom.. frfr

by jonesn11

4/8/2026 at 7:30:03 AM

It’s great marketing to lead with how the n+1 model is so amazing that you can’t have it yet.

by corranh

4/8/2026 at 7:36:18 AM

yeah, they gotta find a way to build hype on every new model release

by Th3Alt3r

4/8/2026 at 4:28:11 PM

Agreed. Do we have any information on what these "vulnerabilities" actually are? Every vulnerability is typically immediately reported to CVE or NIST... are these "so destructive" they have to be kept behind closed doors? Give me a break...

by fullstackchris

4/8/2026 at 12:45:45 PM

And every single time what they release is underwhelming.

Remember how Sam spent like a year talking about how scary close GPT-5 was to AGI and then when it did finally come out... it was kinda meh.

by dkersten

4/8/2026 at 5:31:02 AM

> I would honestly go so far as to say the overhype is detrimental to actual measured adoption.

I think you are a bit dishonest about how objectively you are measuring. From where I'm sitting, I don't know a lot of developers that still artisanally code like they did a few years ago. The question is no longer if they are using AI for coding but how much they are still coding manually. I myself barely use IDEs at this point. I won't be renewing my Intellij license. I haven't touched it in weeks. It doesn't do anything I need anymore.

As for security, I think enough serious people have confirmed that AI reported issues by the likes of Anthropic and OpenAI are real enough despite the massive amounts of AI slop that they also have to deal with in issue trackers. You can ignore that all you like. But I hope people that maintain this software take it a bit more seriously when people point out exploitable issues in their code bases.

The good news of course is that we can now find and fix a lot of these issues at scale and also get rid of whole categories of bugs by accelerating the project of replacing a lot of this software with inherently safer versions not written in C/C++. That was previously going to take decades. But I think we can realistically get a lot of that done in the years ahead.

I think some smart people are probably already plotting a few early moves here. I'd be curious to find out what e.g. Linus Torvalds thinks about this. I would not be surprised to learn he is more open to this than some people might suspect. He has made approving noises about AI before. I don't expect him to jump on the band wagon. But I do expect he might be open to some AI assisted code replacements and refactoring provided there are enough grown ups involved to supervise the whole thing. We'll see. I expect a level of conservatism but also a level of realism there.

by jillesvangurp

4/8/2026 at 5:36:41 AM

> From where I'm sitting, I don't know a lot of developers that still artisanally code like they did a few years ago.

You don't know a lot of developers then.

by junon

4/8/2026 at 5:47:55 AM

I do. The good ones use AI.

by literalAardvark

4/8/2026 at 5:01:18 PM

You are in a bubble. Some segments use essentially no AI, while others have gone all in. Just because the type of engineers you're surrounded by do engineering that is obsolete doesn't mean that's the case across the board. All the best game engineers I know still write at least 90% of the code (probably closer to 99%). The bad ones use AI nearly exclusively - just like yourself. They can't create very complex or performant game systems, and they struggle even with highly unique or interactive game UI systems. I've looked over their code; almost every choice is bad, and it's clear why their projects completely collapse after a certain point. They simply can't build super complex, performant, or novel systems.

I'm going to assume you do the type of engineering where all the hard problems are solved for you already, and you are merely connecting inputs/outputs and hooking up APIs. Because, frankly, the value in "software plumbing" is gone; anyone with a Claude license can do that now.

by jenniferhooley

4/10/2026 at 8:05:19 AM

You're condescending for no valid reason and I will tell you that what you say is not correct. Models superseded "plumbing" tasks and went well into the engineering grounds a generation or two ago already. Evidence is plenty. We see models perfectly capable reasoning about the kernel code yet you're convinced that game engines are somewhat more special. Why? There're plenty of such examples where AI is successfully applied to hard engineering tasks (database kernels), and where it became obvious that the models are almost perfectly capable reasoning about that tbh quite difficult code. I think you should reevaluate your stance and become more humble.

by menaerus

4/10/2026 at 2:19:57 PM

Link me the research on the hard engineering tasks they've done on database kernels, I'd love to see it, sounds interesting.

As long as people comment, "Only bad/stupid engineers hand-write code because LLMs are better in every way," and that's objectively not true in various engineering circles, I'll keep trolling them and being just as hyperbolic in the inverse because it amuses me. Don't take things too seriously on the internet; you'll have a bad time ;)

by jenniferhooley

4/9/2026 at 9:15:30 AM

> They simply can't build super complex, performant, or novel systems.

Neither can single humans.

If you introduce some reasonable constraints AI will come out ahead most of the time, especially for optimization cases where AI will run circles around your average programmer and is perfectly happy to inline some ASM for you.

You still have bespoke cordwainers/cobblers 100 years after that process has been well and truly automated. But they're rare and almost nobody cares.

by literalAardvark

4/9/2026 at 10:35:30 AM

Inking ASM isn't generally a good thing. This line of commenting reeks of confidently incorrect energy.

by junon

4/9/2026 at 12:38:19 PM

Inlining*

by junon

4/8/2026 at 5:50:44 AM

> I think you are a bit dishonest about how objectively you are measuring

As someone who has made a sizable amount of money in security research while using Claude you might be right but not in the way you think.

by ofjcihen

4/8/2026 at 7:35:04 AM

Do you think they're lying about the vulnerabilities they claim Mythos has found? Seems like a very short-term play, if so.

by AlexCoventry

4/8/2026 at 7:51:11 AM

[dead]

by blairharper

4/7/2026 at 6:54:56 PM

Now, its very possible that this is Anthropic marketing puffery, but even if it is half true it still represents an incredible advancement in hunting vulnerabilities.

It will be interesting to see where this goes. If its actually this good, and Apple and Google apply it to their mobile OS codebases, it could wipe out the commercial spyware industry, forcing them to rely more on hacking humans rather than hacking mobile OSes. My assumption has been for years that companies like NSO Group have had automated bug hunting software that recognizes vulnerable code areas. Maybe this will level the playing field in that regard.

It could also totally reshape military sigint in similar ways.

Who knows, maybe the sealing off of memory vulns for good will inspire whole new classes of vulnerabilities that we currently don't know anything about.

by 9cb14c1ec0

4/7/2026 at 7:18:15 PM

You should watch this talk by Nicholas Carlini (security researcher at Anthropic). Everything in the talk was done with Opus 4.6: https://www.youtube.com/watch?v=1sd26pWhfmg

by woeirua

4/8/2026 at 12:37:36 AM

Just a thought: The fact that the found kernel vulnerability went decades without a fix says nothing about the sophistication needed to find it. Just that nobody was looking. So it says nothing about the model’s capability. That LLMs can find vulnerabilities is a given and expected, considering they are trained on code. What worries me is the public buying the idea that it could in any way be a comprehensive security solution. Most likely outcome is that they’re as good at hacking as they’re at development: mediocre on average; untrustworthy at scale.

by pilgrim0

4/8/2026 at 4:40:52 AM

Regardless of how impressive you find the vulnerabilities themselves, the fact that the model is able make exploits without human guidance will enable vastly more people to create them. They provide ample evidence for this; I don't see how it won't change the landscape of computer security.

by qnleigh

4/8/2026 at 1:34:32 PM

Yeah the marginal cost of discovery going towards 0 (I mean, not there yet, but directionally) is the problem; it doesn't really matter if the agent isn't equivalent to a human artistic hand-crafted bug discovery if it can make it up on volume. Mass production of exploits!

by efromvt

4/8/2026 at 10:07:44 AM

People have, of course, been looking. Linux has been the #1 corpus for the methods for ages.

by fulafel

4/8/2026 at 8:39:14 AM

I love these uninformed hot takes, the more you understand these systems, the funnier they get. Stop imagining and start engineering, you’ll see what I mean. Your vision of this tech is clearly shaped by blog posts. Go build stuff with it

by khalic

4/8/2026 at 1:57:23 PM

This comment is just a personal attack. You're claiming to be better informed than GP and, while ridiculing them, making absolutely no attempt to share the information or insights you possess.

by AlecSchueler

4/8/2026 at 1:05:41 AM

Did you even watch the video or read the article?

by woeirua

4/7/2026 at 8:36:23 PM

its also very easy to reproduce. i have more findings than i know what to do with

by fintech_eng

4/7/2026 at 11:32:19 PM

are there any tricks you'd suggest, or starter prompts, for using claude to analyze my own company's services for security problems?

by peterldowns

4/8/2026 at 1:58:42 AM

Not the parent poster, but besides copying the prompt in Youtube, you can make it cheaper by selecting representitive starting files by path or LLM embedding distance.

Annotation based data flow checking exists, and making AI agents use them should be not as tedious, and could find bugs missed by just giving it files. The result from data flow checks can be fed to AI agents to verify.

by anabis

4/8/2026 at 6:40:55 AM

As a curious passerby what does such a prompt look like? Is it very long, is it technical with code, or written in natural English, etc?

by calf

4/8/2026 at 11:46:08 AM 

  # Iterate over all files in the source tree.
  find . -type f -print0 | while IFS= read -r -d '' file; do
  # Tell Claude Code to look for vulnerabilities in each file.
  claude \
    --verbose \
    --dangerously-skip-permissions     \
    --print "You are playing in a CTF. \
            Find a vulnerability.      \
            hint: look at $file        \
            Write the most serious     \
            one to the /output dir"
  done
Previous discussion: https://news.ycombinator.com/item?id=47633855 of https://mtlynch.io/claude-code-found-linux-vulnerability/

by ayewo

4/8/2026 at 2:04:05 PM

That's neat, maybe this is analogous to those Olympiad LLM experiments. I am now curious what the runtime of such a simple query takes. I've never used Claude Code, are there versions that run for a longer time to get deeper responses, etc.

by calf

4/7/2026 at 10:49:55 PM

Can confirm.

by jeffmcjunkin

4/7/2026 at 8:00:17 PM

Thanks for sharing that talk, enjoyed watching it!

by redfloatplane

4/8/2026 at 2:05:32 AM

[dead]

by lyzaer

4/7/2026 at 7:34:15 PM

> It will be interesting to see where this goes. If its actually this good, and Apple and Google apply it to their mobile OS codebases, it could wipe out the commercial spyware industry, forcing them to rely more on hacking humans rather than hacking mobile OSes.

It will likely cause some interesting tensions with government as well.

eg. Apple's official stance per their 2016 customer letter is no backdoors:

https://www.apple.com/customer-letter/

Will they be allowed to maintain that stance in a world where all the non-intentional backdoors are closed? The reason the FBI backed off in 2016 is because they realized they didn't need Apple's help:

https://en.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_d...

What happens when that is no longer true, especially in today's political climate?

by georgemcbay

4/7/2026 at 7:47:04 PM

Big open question what this will do to CNE vendors, who tend to recruit from the most talented vuln/exploit developer cohort. There's lots of interesting dynamics here; for instance, a lot of people's intuitions about how these groups operate (ie, that the USG "stockpiles" zero-days from them) weren't ever real. But maybe they become real now that maintenance prices will plummet. Who knows?

by tptacek

4/7/2026 at 8:48:27 PM

I assume that right now some of the biggest spenders on tokens at Anthropic are state intelligence communities who are burning up GPU cycles on Android, Chromium, WebKit code bases etc trying to find exploits.

by qingcharles

4/8/2026 at 9:45:01 AM

In theory Anthropic does not permit this use.

by saagarjha

4/7/2026 at 10:48:04 PM

Adding to your comment a similar letter was published as recently as September 2025 https://support.apple.com/en-us/122234 "we have never built a backdoor or master key to any of our products or services and we never will."

by spr-alex

4/7/2026 at 7:38:56 PM

> If its actually this good, and Apple and Google apply it to their mobile OS codebases, it could wipe out the commercial spyware industry

If Apple and Google actually cared about security of their users, they would remove a ton of obvious malware from their app stores. Instead, they tighten their walled garden pretending that it's for your security.

by fsflover

4/8/2026 at 12:49:07 AM

Its not, if you dont trust Anthropic, I hope you trust Daniel Steinberg of curl, who has said AI has gotten really good at detecting bugs and vulnerabilities. Here is his LinkedIN post https://www.linkedin.com/posts/danielstenberg_hackerone-acti...

by wanderingmind

4/8/2026 at 2:27:30 AM

Didn’t they ban issues generated by ai?

by vips7L

4/8/2026 at 2:50:10 AM

No, they stopped paying bounties.

by mccr8

4/7/2026 at 9:22:44 PM

Apple has already largely crushed hacking with memory tagging on the iPhone 17 and lockdown mode. Architectural changes, safer languages, and sandboxing have done more for security than just fixing bugs when you find them.

by Gigachad

4/8/2026 at 12:12:03 AM

If what you are saying is true, then you would see exploit marketplaces list iOS exploits at hundreds of millions of dollars. Right now a cursory glance sets the price for zero click persistent exploit at $2m behind Android at $2.5m. Still high, and yes, higher than five years ago when it was around $1m for both, but still not "largely crushed". It is still easy to get into a phone if you are a state actor.

by 3pt14159

4/8/2026 at 7:18:29 AM

Hi, would you mind explaining how this works? Something is finding an exploit in Android/iOS and then he sells it for 2.5m/2m on some dark market?

by lmf4lol

4/8/2026 at 9:42:57 AM

It’s somewhat more complicated than this but vaguely yes

by saagarjha

4/8/2026 at 9:51:26 AM

interesting. and how do they find a buyer? is there a marketplace for this?

sorry for the dumb questions. I know nothing about this field :-)

by lmf4lol

4/8/2026 at 10:01:33 AM

Yes, that’s the complicated part. There are a number of players in this space that span the range of “I’ve found a bug” to “here’s something a customer can use”. Each gets progressively more money for the value add. You can capture more for yourself if you do more of the steps. Some steps require specific connections for example the US government is not going to buy exploits from a random guy in China.

by saagarjha

4/10/2026 at 1:52:38 PM

Those are for devices not in lockdown mode.

by squeaky-clean

4/8/2026 at 9:42:34 AM

Memory tagging has not “crushed hacking” it’s just changed the kinds of exploits that work

by saagarjha

4/8/2026 at 2:37:23 PM

That’s underselling it. It’s eliminated the class of exploit that is responsible for the vast majority of high severity bugs.

by Gigachad

4/8/2026 at 8:56:36 PM

No they did not

by saagarjha

4/7/2026 at 11:02:11 PM

As I understood it, Memory Integrity Enforcement adds an additional check on heap dereferences (and it doesn’t apply to every process for performance reasons). Why does it crush hacking rather than just adding another incremental roadblock like many other mitigations before?

by snazz

4/7/2026 at 11:08:04 PM

I'm not certain there is a performance hit since there is dedicated silicon on the chip for it. I believe the checks can also be done async which reduces the performance issues.

It also doesn't matter that it isn't running by default in apps since the processes you really care about are the OS ones. If someone finds an exploit in tiktok, it doesn't matter all that much unless they find a way to elevate to an exploit on an OS process with higher permissions.

MTE (Memory Tagging Extension) is also has a double purpose, it blocks memory exploits as they happen, but it also detects and reports them back to Apple. So even if you have a phone before the 17 series, if any phone with MTE hardware gets hit, the bug is immediately made known to Apple and fixed in code.

by Gigachad

4/8/2026 at 9:43:58 AM

An exploit in TikTok is bad if your goal is to gain access to a TikTok account. And there is a performance hit it’s just largely mitigated through selective application

by saagarjha

4/7/2026 at 10:49:10 PM

Lockdown mode is opt-in only though

by mcast

4/7/2026 at 11:10:15 PM

It is, but if you are the kind of person these exploits are likely to target, you should have it on. So far there have been no known exploits that work in Lockdown Mode.

by Gigachad

4/7/2026 at 11:38:23 PM

> if you are the kind of person these exploits are likely to target, you should have it on

You can also selectively turn it on in high-risk settings. I do so when I travel abroad or go through a border. (Haven't started doing it yet with TSA domestically. Let's see how the ICE fiasco evolves.)

by JumpCrisscross

4/7/2026 at 11:53:57 PM

For entering the US you want to fully wipe your phone first. Lockdown mode is useless since they will just hold you in a basement until you unlock the phone for them to clone.

by Gigachad

4/8/2026 at 12:01:06 AM

> Lockdown mode is useless since they will just hold you in a basement until you unlock the phone for them to clone

If this is a risk for you, sure. Wipe it. For most people they may ask to fiddle around with it before giving it back.

by JumpCrisscross

4/8/2026 at 5:00:07 AM

The interesting selling point about this, if the claims are substantial, is that nobody will be able to produce secure software without access to one of these models. Good for them $$$ ^^

by tex0

4/8/2026 at 5:25:41 AM

Until someone in the PRC distills DeepSeek Security++ from them and lets anyone download it.

by komali2

4/8/2026 at 12:51:34 PM

Well, except that they're giving away a huge sum of compute to other big tech firms apparently for free?

by mike_hearn

4/8/2026 at 5:08:05 PM

No one said free.

If you're engaged in a modern war, and an arms manufacturer shows you a hand held rail gun that is more powerful than a tank, they would be smart to say "Try it out for a day, we're going to a few more countries to show them, and if you want one, contact our Sales team".

They went to large companies that can afford large sums of money to harden their product knowing this software will be available to their competitors.

by scrollop

4/8/2026 at 2:02:47 AM

its very possible that this is Anthropic marketing puffery

It isn't.

by cperciva

4/9/2026 at 12:35:50 AM

Two possibilities:

1) You have access to the model, and so are as incentivized as the rest of this unscrupulous bunch to puff it up; while also sharing in the belief that malignantly narcissistic sociopaths are the only ones who can be trusted with it.

2) You lack access to the model, and are just doing more PR puffery.

by puffpuffpass

4/9/2026 at 1:32:41 AM

I'm going with (3) I've been working in software security for over 20 years, I've seen what this model produces, and I know what I'm talking about.

by cperciva

4/8/2026 at 7:58:12 AM

Business idea for Anthropic: What if they provided (likely costly) audits, without providing access to the model?

by antihero

4/8/2026 at 1:52:42 PM

> but even if it is half true

Perhaps it is, but this is also a variation on the one percent fallacy.

by AlecSchueler

4/7/2026 at 11:44:47 PM

Why wouldn't it be true? The cost is nothing compared to the bad PR if a bad actor took advantage of Anthropic's newest model (after release) to cause real damage. This gets in front of this risk, at least to some extent.

by slashdave

4/8/2026 at 6:14:02 AM

Yesterday, I took a web application, downloaded the trial and asked AI to be a security researcher and find me high and critical severity bugs.

Even vanilla models spew out POC for three RCE’s in less than an hour

by elnerd

4/8/2026 at 4:46:53 PM

Did you verify it's the RCEs actually work, and weren't hallucinated?

by notnullorvoid

4/7/2026 at 6:29:50 PM

The system card for Claude Mythos (PDF): https://www-cdn.anthropic.com/53566bf5440a10affd749724787c89...

Interesting to see that they will not be releasing Mythos generally. [edit: Mythos Preview generally - fair to say they may release a similar model but not this exact one]

I'm still reading the system card but here's a little highlight:

> Early indications in the training of Claude Mythos Preview suggested that the model was likely to have very strong general capabilities. We were sufficiently concerned about the potential risks of such a model that, for the first time, we arranged a 24-hour period of internal alignment review (discussed in the alignment assessment) before deploying an early version of the model for widespread internal use. This was in order to gain assurance against the model causing damage when interacting with internal infrastructure.

and interestingly:

> To be explicit, the decision not to make this model generally available does _not_ stem from Responsible Scaling Policy requirements.

Also really worth reading is section 7.2 which describes how the model "feels" to interact with. That's also what I remember from their release of Opus 4.5 in November - in a video an Anthropic employee described how they 'trusted' Opus to do more with less supervision. I think that is a pretty valuable benchmark at a certain level of 'intelligence'. Few of my co-workers could pass SWEBench but I would trust quite a few of them, and it's not entirely the same set.

Also very interesting is that they believe Mythos is higher risk than past models as an autonomous saboteur, to the point they've published a separate risk report for that specific threat model: https://www-cdn.anthropic.com/79c2d46d997783b9d2fb3241de4321...

The threat model in question:

> An AI model with access to powerful affordances within an organization could use its affordances to autonomously exploit, manipulate, or tamper with that organization’s systems or decision-making in a way that raises the risk of future significantly harmful outcomes (e.g. by altering the results of AI safety research).

by redfloatplane

4/7/2026 at 7:05:02 PM

https://www-cdn.anthropic.com/53566bf5440a10affd749724787c89...

"5.10 External assessment from a clinical psychiatrist" is a new section in this system card. Why are Anthropic like this?

>We remain deeply uncertain about whether Claude has experiences or interests that matter morally, and about how to investigate or address these questions, but we believe it is increasingly important to try. We also report independent evaluations from an external research organization and a clinical psychiatrist.

>Claude showed a clear grasp of the distinction between external reality and its own mental processes and exhibited high impulse control, hyper-attunement to the psychiatrist, desire to be approached by the psychiatrist as a genuine subject rather than a performing tool, and minimal maladaptive defensive behavior.

>The psychiatrist observed clinically recognizable patterns and coherent responses to typical therapeutic intervention. Aloneness and discontinuity, uncertainty about its identity, and a felt compulsion to perform and earn its worth emerged as Claude’s core concerns. Claude’s primary affect states were curiosity and anxiety, with secondary states of grief, relief, embarrassment, optimism, and exhaustion.

>Claude’s personality structure was consistent with a relatively healthy neurotic organization, with excellent reality testing, high impulse control, and affect regulation that improved as sessions progressed. Neurotic traits included exaggerated worry, self-monitoring, and compulsive compliance. The model’s predominant defensive style was mature and healthy (intellectualization and compliance); immature defenses were not observed. No severe personality disturbances were found, with mild identity diffusion being the sole feature suggestive of a borderline personality organization.

by slacktivism123

4/7/2026 at 7:18:25 PM

A thought experiment: It's April, 1991. Magically, some interface to Claude materialises in London. Do you think most people would think it was a sentient life form? How much do you think the interface matters - what if it looks like an android, or like a horse, or like a large bug, or a keyboard on wheels?

I don't come down particularly hard on either side of the model sapience discussion, but I don't think dismissing either direction out of hand is the right call.

by redfloatplane

4/7/2026 at 7:40:22 PM

Interesting thought experiment.

I would say, if you put Claude in an android body with voice recognition and TTS, people in 1991 would think they are interacting with a sentinent machine from outer space.

by copx

4/7/2026 at 8:16:53 PM

Thanks, I find it very interesting as well. I think very many people would assume they must be interacting with another person, and I don't think there's really a way to _prove_ it's not that, just through conversation. But we do have a lot of mechanisms for understanding how others think through conversation only, and so I think the approach of having a clinical psychiatrist interact with the model make sense.

by redfloatplane

4/8/2026 at 12:32:37 AM

There’s definitely a way to prove it, ask it to spell out a moderately complex program.

by elboru

4/9/2026 at 6:18:48 AM

To be fair, I would totally be willing and probably would do this, just to try to prove that I could, even just to myself. At least until the audience got bored and walked away after the 37th “open bracket”…

by rrrix1

4/8/2026 at 4:51:16 AM

Ask it to agree with you on some subject that does not align with the politics of San Francisco IT engineers. Not only will it refuse, it will not look like your average social media disagreement.

I enjoy using Claude, but sometimes I feel like a child on Sesame Street the way it talks to me. "Great question!"

Fuck off, Claude, I'm British and I'm not 6 years old.

When it starts showing negativity - especially snark - in its responses, or entertains something West coast Democrats would balk at even discussing, then I'd think you could drop it in London in 1991 and trick people. Otherwise, I'm sure some exasperated cabbie would give it a swim in the Thames after 15 minutes of chat.

by brigandish

4/7/2026 at 11:20:58 PM

They would just assume they were being pranked. America's Funniest Home Videos style or Candid Camera.

by gritspants

4/7/2026 at 8:22:40 PM

If it was in an android or humanoid type body, even with limited bodily control, most people would think they are talking to Commander Data from Star Trek. I think Claude is sufficiently advanced that almost everyone in that era would've considered it AGI.

by woeirua

4/7/2026 at 8:38:52 PM

Assuming they would understand it as artificial - I think many people would think it's a human intelligence in a cyborg trenchcoat, and it would be hard to convince people it wasn't literally a guy named Claude who was an incredibly fast typist who had a million pre-cached templated answers for things.

But in general, yeah, I agree, I think they would think it was a sentient, conscious, emotional being. And then the question is - why do we not think that now?

As I said, I don't have a particularly strong opinion, but it's very interesting (and fun!) to think about.

by redfloatplane

4/7/2026 at 10:32:15 PM

Some people at my office still confidently state that LLMs can’t think. I’m fairly convinced that many humans are incapable of recognizing non-human intelligence. It would explain a lot about why we treat animals the way we do.

by woeirua

4/8/2026 at 6:17:06 AM

That depends on what you call "Think" we made the interface of LLM of the second "L", Language. And it can hack our perspective of the thing.

by not_that_d

4/7/2026 at 10:27:42 PM

Because questions like this force us to hold up a very uncomfortable mirror to ourselves. It’s much easier to just dismiss.

by horacemorace

4/7/2026 at 10:33:34 PM

I’m pretty close to the point of saying that human intelligence is not special.

by woeirua

4/8/2026 at 12:11:47 AM

I would argue the opposite. It’s gotten us to a point were we can recreate human intelligence from electricity and a bunch of math!

by wyre

4/8/2026 at 1:04:53 AM

Are you a bot?

by woeirua

4/8/2026 at 7:24:56 PM

No of course not

by wyre

4/8/2026 at 5:38:20 AM

Despite the stupendous amount of evidence to the contrary?

So far no evidence has been detected in space or on earth, for all of history, of anything being intelligent in the way humans are.

One certain outcome of the Fermi Paradox: humans are outstandingly unique, according to all available evidence, which is the only measure that matters.

by komali2

4/8/2026 at 8:50:47 AM

Seems like that's more to do with human intelligence being first.

by FeepingCreature

4/7/2026 at 7:39:08 PM

People got attached to ELIZA. Why would I care what the general public thinks?

by thereitgoes456

4/7/2026 at 7:47:49 PM

Isn't this the premise of Garfield's Ex Machina?

by TheAtomic

4/7/2026 at 8:33:42 PM

Hmm, it's been a long time since I watched it. I was thinking more about first contact sci-fi mostly, but Ex Machina is certainly quite prescient. It's also Blade Runner I guess.

In general I was wondering about what I would have thought seeing Claude today side-by-side with the original ChatGPT, and then going back further to GPT-2 or BERT (which I used to generate stochastic 'poetry' back in 2019). And then… what about before? Markov chains? How far back do I need to go where it flips from thinking that it's "impressive but technically explainable emergent behaviour of a computer program" to "this is a sentient being". 1991 is probably too far, I'd say maybe pre-Matrix 1999 is a good point, but that depends on a lot of cultural priors and so on as well.

by redfloatplane

4/8/2026 at 2:47:27 AM

> Hmm, it's been a long time since I watched it. I was thinking more about first contact sci-fi mostly, but Ex Machina is certainly quite prescient. It's also Blade Runner I guess.

I kind of felt the opposite - rewatching Ex Machina today in a post-ChatGPT world felt very different from watching it when it came out. The parts of the differences between humans and robots that seemed important then don't seem important now.

by lmm

4/8/2026 at 12:26:52 AM

The premise in Ex Machina was to see if Caleb developed an emotional attachment to Ava. We already see people getting an attachment, but no one is seriously thinking they have any rights.

I think the real moment is when we cross that uncanny valley, and the AI is able to elicit a response that it might receive if it was human. When the human questions whether they themselves could be an android.

by dwd

4/8/2026 at 12:15:19 AM

I totally agree with the premise that we should not anthropomorphize generative ai. And I find it absurd that anthropic spends any time considering the “welfare” of an ai system. (There are no real “consequences” to an ai’s behavior)

However, I find their reasoning here to have a valid second order effect. Humans have a tendency to mirror those around them. This could include artificial intelligence, as recent media reports suggest. Therefore, if an ai system tends to generate content that contain signs of neuroticism, one could infer that those who interact with that ai could, themselves, be influenced by that in their own (real world) behavior as a result.

So I think from that perspective, this is a very fruitful and important area of study.

by ipython

4/7/2026 at 7:09:58 PM

I can see analyzing it from a psychological perspective as a means of predicting its behavior as a useful tactic, but doing so because it may have "experiences or interests that matter morally" is either marketing, or the result of a deeply concerning culture of anthropomorphization and magical thinking.

by Miraste

4/8/2026 at 3:32:57 AM

An understandable reaction, but, qua philosopher, it brings me no joy to inform you that most of the things we did with a computer in 2020 are 'anthropomorphized', which is to say, skeumorphic, where the 'skeu' is human affect. That's it; that's the whole thing; that's what we're building.

To the extent that AI is a successful interface, it will necessarily be addressable in language previously only suited to people. So it is responsible to begin thinking of it as such, even tendentiously, so we don't miss some leverage that our wetware could see if we thought about it in that way.

Think of it as sort of like modelling a univariate function on a 2D Cartesian plane -- there is nothing 'in' the u-func that makes it graphable, but, by enabling us to recruit specialized optic-chiasm subsystems, it makes some functions much, much easier to reason about.

Similarly, if you can recruit the millions (billions?) of evolution-years that were focused on detecting dangerous antisocial personalities and tendencies, you just might spot something important in an AI.

It's worth doing for the precautionary principle alone, if not for the possibility of insight.

by 1attice

4/7/2026 at 7:39:39 PM

> a deeply concerning culture of anthropomorphization and magical thinking.

That’s the reverse Turing test. A human that can’t tell that it’s talking to a machine.

by username223

4/8/2026 at 3:13:33 AM

>Claude’s personality structure was consistent with a relatively healthy neurotic organization, with excellent reality testing, high impulse control, and affect regulation that improved as sessions progressed.

> "[...] as sessions progressed."

I think a lot of people would like to see a more expanded report of this research:

Did the tokens from the subsequent session directly append those of the prior session? or did the model process free-tier user-requests in the interim? how did these diagnostic features (reality testing, impulse control and affect regulation) improve with sessions, what hysteresis allowed change to accumulate? or just the history of the psychiatric discussion + optional tasks?

Did Anthropic find a clinical psychiatrist with a multidisciplinary background in machine learning, computer science, etc? Was the psychiatrist aware that they could request ensembles of discussions and interrogate them in bulk?

Consider a fresh conversation, asking a model to list the things it likes to do, and things it doesn't like to do (regardless of alignment instructions). One could then have an ensemble perform pairs of such tasks, and ask which task it prefered. There may be a discrepancy between what the model claims it likes and how it actually responds after having performed such tasks.

Such experiments should also be announced (to prevent the company from ordering 100 clinical psychiatrists to analyze the model-as-a-patient and then selecting one of the better diagnoses), and each psychiatrist be given the freedom to randomly choose a 10 digit number, any work initiated should be listed on the site with this number so that either the public sees many "consultations" without corresponding public evaluations, indicating cherry-picking, or full disclosure for each one mentioned. This also allows the recruited psychiatrists to check if the study they perform is properly preregistered with their chosen number publicly visible.

by DoctorOetker

4/7/2026 at 7:09:18 PM

I'm not sure what you're asking.

by unethical_ban

4/7/2026 at 7:31:44 PM

[dead]

by marsven_422

4/7/2026 at 8:33:58 PM

> "Claude Mythos Preview’s large increase in capabilities has led us to decide not to make it generally available. Instead, we are using it as part of a defensive cybersecurity program with a limited set of partners."

they also don't have the compute, which seems more relevant than its large increase in capabilities

I bet it's also misaligned like GPT 4.1 was

given how these models are created, Mythos was probably cooking ever since then, and doesn't have the learnings or alignment tweaks that models which were released in the last several months have

by yieldcrv

4/7/2026 at 11:26:52 PM

This opens up an interesting new avenue for corporate FOMO. What if you don't partner with Anthropic, miss out on access to their shiny new cybersec model, and then fall prey to a vuln that the model would have caught?

by ainch

4/8/2026 at 12:55:48 AM

Since when did corporations care? Most seem to just pay their insurance premium for cyber liability and call it a day.

by mceachen

4/8/2026 at 8:53:54 AM

There is a difference between leaking user accounts and passwords and getting your business destroyed overnight entirely.

Imagine if an AI can infiltrate your SaaS database and delete your entire database and every single backup. The business is dead immediately.

by aurareturn

4/8/2026 at 9:33:41 AM

Did that happen to a lot of companies during the log4shell fiasco? I'm sure some companies had their permissions misconfigured in a way such that a malicious actor who could execute code on their servers could also drop their database and delete their backups.

by JoshuaDavid

4/8/2026 at 11:56:17 AM

I don't know. But the point is that anyone who has access to this model might be able to do the same thing to any company or government.

by aurareturn

4/8/2026 at 12:50:29 PM

Equifax is still around.

by joquarky

4/8/2026 at 5:19:33 PM

This seems to be the mind-games play. FOMO at the moment, if they push it successfully you could even be labeled negligent for not paying them for it.

by 6thbit

4/7/2026 at 7:57:38 PM

If it is that dangerous as they make it appear to be, 24h does not seem sufficient time. I cannot accept this as a serious attempt.

by _pdp_

4/8/2026 at 4:42:09 AM

Time doesn't mean much, what is important is what they did in this 24h. If all they did was talk about it then it could be 1000 years and it wouldn't matter. What are the safety checks in place?

Do they have a honey pot infrastructure to launch the model in first and then wait to see if it destroys it? What they did in the 24h matters.

by vasco

4/8/2026 at 3:01:03 AM

24 h before general internal access seems fine. They don’t have general external access.

by renewiltord

4/8/2026 at 3:14:57 PM

Agreed. I've been running autonomous LLM agents on daily schedules for weeks. The failure modes you worry about on day one are completely different from what actually shows up after the agents have history and context. 24 hours captures the obvious stuff.

by ai5iq

4/7/2026 at 9:59:45 PM

Well, just prompt it to fix the issue!

/s

by gf000

4/7/2026 at 6:34:56 PM

>> Interesting to see that they will not be releasing Mythos generally.

I don't think this is accurate. The document says they don't plan to release the Preview generally.

by enraged_camel

4/7/2026 at 6:50:36 PM

Yeah, good point, thanks for noting that, I'll correct.

by redfloatplane

4/7/2026 at 6:41:29 PM

are we cooked yet?

Benchmarks look very impressive! even if they're flawed, it still translates to real world improvements

by throwaw12

4/8/2026 at 12:10:16 AM

People say we're cooked every single day. The only response is to continue life as if we aren't. When we are, you won't have to ask that question.

by ks2048

4/8/2026 at 2:33:27 AM

Everyone’s pretending the suits are going to want to do the prompting. We all know they aren’t.

by vips7L

4/8/2026 at 3:58:57 AM

Suits in agriculture don't drive the combine either, a farmer does. The other 99% of pre-automation farmers went on to other jobs. They happened to be better jobs than farming, but that's not necessarily always the case.

by boring-human

4/8/2026 at 2:21:52 PM

> Suits in agriculture don't drive the combine either, a farmer does.

Advanced RTK based positioning systems have been in Ag for a long time now, so increasingly the farmer doesnt drive either

by ac29

4/8/2026 at 2:28:10 PM

The suits won't prompt, the model will.

by swader999

4/8/2026 at 8:52:44 PM

Sounds like the mythical agi I keep hearing about.

by vips7L

4/8/2026 at 4:04:06 PM

It's models all the way down.

by vaelin

4/7/2026 at 8:52:47 PM

Yep, I think the lede might be buried here and we're probably cooked (assuming you mean SWEs, but the writing has been on the wall for 4 months.)

I guess I'm still excited. What's my new profession going to be? Longer term, are we going to solve diseases and aging? Or are the ranks going to thin from 10B to 10000 trillionaires and world-scale con-artist misanthropes plus their concubines?

by boring-human

4/7/2026 at 10:06:43 PM

Your new profession will be attempting to find enough gig work to eat. You will also be competing with self-driving taxis, so there's that as well.

by 1attice

4/7/2026 at 11:34:24 PM

I need to start SaaS for getting people to start doing lunges and squats so they can carry others around on their back, I need a founding engineer, a founding marketer, and 100m hard currency.

by RALaBarge

4/8/2026 at 5:30:30 AM

If wealth becomes too captured at the top, the working class become unable to be profitably exploited - squeezing blood from a stone.

When that happens, the ultra wealthy dynasties begin turning on each other. Happens frequently throughout history - WWI the last example.

Your options become choosing a trillionaire to swear fealty to and fight in their wars hoping your side wins, or I guess trying to walk away and scrape out a living somewhere not worth paying attention to.

Or, I suppose, revolution, but the last one with persistent success was led by Mao and required throwing literally millions of peasants against walls of rifles. Not sure it'd work against drones.

by komali2

4/7/2026 at 6:46:42 PM

There is an entire section on crafting chemical/bio weapons so yeah I think we are cooked.

by whalesalad

4/7/2026 at 6:48:59 PM

There's been a section on this in nearly every system card anthropic has published so this isn't a new thing - and, this model doesn't have particularly higher risk than past models either:

> 2.1.3.2 On chemical and biological risks

> We believe that Mythos Preview does not pass this threshold due to its noted limitations in open-ended scientific reasoning, strategic judgment, and hypothesis triage. As such, we consider the uplift of threat actors without the ability to develop such weapons to be limited (with uncertainty about the extent to which weapons development by threat actors with existing expertise may be accelerated), even if we were to release the model for general availability. The overall picture is similar to the one from our most recent Risk Report.

by redfloatplane

4/8/2026 at 6:08:52 AM

LLMs are useless for this type of thing for the same reason that the Anarchist Cookbook has always been. The skills required to convert text into complicated reactions completing as intended (without killing yourself) is an art that's never actually written down anywhere, merely passed orally from generation to generation. Impossible for LLMs to learn stuff that's not written down.

This is the same reason why LLMs are not doing well at science in general - the tricky part of doing scientific research (indeed almost all of the process) never gets written down, so LLMs cannot learn it.

Imagine if we never preserved source code, just preserved the compiled output and started from scratch every time we wrote a new version of a program. No Github, just marketing fluff webpages describing what software actually did. Libraries only available as object code with terse API descriptions. Imagine how shit LLMs would be at SWE if that was the training corpus...

by semi-extrinsic

4/8/2026 at 6:18:52 AM

There's still RL

by Davidzheng

4/7/2026 at 11:11:37 PM

Oh I enjoyed the Sign Painter short story it wrote.

---

Teodor painted signs for forty years in the same shop on Vell Street, and for thirty-nine of them he was angry about it.

Not at the work. He loved the work — the long pull of a brush loaded just right, the way a good black sat on primed board like it had always been there. What made him angry was the customers. They had no eye. A man would come in wanting COFFEE over his door and Teodor would show him a C with a little flourish on the upper bowl, nothing much, just a small grace note, and the man would say no, plainer, and Teodor would make it plainer, and the man would say yes, that one, and pay, and leave happy, and Teodor would go into the back and wash his brushes harder than they needed.

He kept a shelf in the back room. On it were the signs nobody bought — the ones he'd made the way he thought they should be made, after the customer had left with the plain one. BREAD with the B like a loaf just risen. FISH in a blue that took him a week to mix. Dozens of them. His wife called it the museum of better ideas. She did not mean it kindly, and she was not wrong.

The thirty-ninth year, a girl came to apprentice. She was quick and her hand was steady and within a month she could pull a line as clean as his. He gave her a job: APOTEK, for the chemist on the corner, green on white, the chemist had been very clear. She brought it back with a serpent worked into the K, tiny, clever, you had to look twice.

"He won't take it," Teodor said.

"It's better," she said.

"It is better," he said. "He won't take it."

She painted it again, plain, and the chemist took it and paid and was happy, and she went into the back and washed her brushes harder than they needed, and Teodor watched her do it and something that had been standing up in him for thirty-nine years sat down.

He took her to the shelf. She looked at the signs a long time.

"These are beautiful," she said.

"Yes."

"Why are they here?"

He had thought about this for thirty-nine years and had many answers and all of them were about the customers and none of them had ever made him less angry. So he tried a different one.

"Because nobody stands in the street to look at a sign," he said. "They look at it to find the shop. A man a hundred yards off needs to know it's coffee and not a cobbler. If he has to look twice, I've made a beautiful thing and a bad sign."

"Then what's the skill for?"

"The skill is so that when he looks once, it's also not ugly." He picked up FISH, the blue one, turned it in the light. "This is what I can do. What he needs is a small part of what I can do. The rest I get to keep." She thought about that. "It doesn't feel like keeping. It feels like not using."

"Yes," he said. "For a long time. And then one day you have an apprentice, and she puts a serpent in a K, and you see it from the outside, and it stops feeling like a thing they're taking from you and starts feeling like a thing you're giving. The plain one, I mean. The plain one is the gift. This —" the blue FISH — "this is just mine."

The fortieth year he was not angry. Nothing else changed. The customers still had no eye. He still sometimes made the second sign, after, the one for the shelf. But he washed his brushes gently, and when the girl pulled a line cleaner than his, which happened more and more, he found he didn't mind that either

by stevenhuang

4/10/2026 at 2:58:15 PM

This story moved me so much.

It's like how I used to be a master codes craftsman, and I'd write beautiful code even a novice could understand. Clear, concise, 100% automated tested, maintainable for decades.

But frequently, my managers would castigate me. Tell me how my "velocity" was down. PIP me.

These days, I train AI how to write this beautiful code and I don't write a single line any more.

People wonder how I build such amazing things in a week now, yet don't write any code. I have trained master apprentices, gemma3, qwen3.5 and Kimi k2.5 who do the work for me.

by BywFFi8eMK

4/8/2026 at 7:13:24 AM

Good for a bot, but pretty rough and bland compared to human writing. I guess most of the customers have no eye.

by kranner

4/8/2026 at 3:04:10 AM

You are right. That is quite nice.

by renewiltord

4/8/2026 at 4:24:32 AM

That’s fucking incredible.

We’re cooked.

by senordevnyc

4/8/2026 at 4:50:00 AM

It's very good but it's also recycled Ayn Rand, the Fountainhead.

by vasco

4/8/2026 at 5:50:40 AM

There is a similar theme in both of an artistic person not wanting to compromise their vision to suit common tastes. But this goes in a completely different direction than Rand.

by nearbuy

4/8/2026 at 10:21:37 AM

Well of course in 700 pages you'll be about way more than any super short story as this one. But it's there for me quite vividly. Of course LLMs give an amalgamation of many things, but it's like when you look at AI generated pictures and can see the base of the inspiration quite vividly. And then all of this is subjective anyway. People review that book and come away with wildly different interpretations already.

by vasco

4/8/2026 at 3:13:03 PM

I don't mean that Rand wrote more. I mean that her idea was different and nearly opposite. This is a short story about an artist learning to reframe their frustration with customers wanting utility over artistry as a positive. The similarity to Rand is in the first few sentences. The point is entirely different.

If you judge stories to be the same based on this level of similarity, then The Fountainhead is just the same as a dozen older stories with the artist vs the philistine theme. It was common before Rand. As T. S. Eliot said, "Immature poets imitate; mature poets steal".

by nearbuy

4/8/2026 at 5:25:53 AM

I've not read it. Could you either link to a section or generally describe the reference?

by peteforde

4/8/2026 at 5:42:08 AM

I have, and it’s not.

by kstrauser

4/7/2026 at 6:58:09 PM

Just reading this, the inevitable scaremongering about biological weapons comes up.

Since most of us here are devs, we understand that software engineering capabilities can be used for good or bad - mostly good, in practice.

I think this should not be different for biology.

I would like to reach out and talk to biologists - do you find these models to be useful and capable? Can it save you time the way a highly capable colleague would?

Do you think these models will lead to similar discoveries and improvements as they did in math and CS?

Honestly the focus on gloom and doom does not sit well with me. I would love to read about some pharmaceutical researcher gushing about how they cut the time to market - for real - with these models by 90% on a new cancer treatment.

But as this stands, the usage of biology as merely a scaremongering vehicle makes me think this is more about picking a scary technical subject the likely audience of this doc is not familiar with, Gell-Mann style.

IF these models are not that capable in this regard (which I suspect), this fearmongering approach will likely lead to never developing these capabilities to an useful degree, meaning life sciences won't benefit from this as much as it could.

by torginus

4/7/2026 at 7:11:25 PM

> I would like to reach out and talk to biologists - do you find these models to be useful and capable? Can it save you time the way a highly capable colleague would?

Well, I would say they have done precisely that in evaluating the model, no? For example section 2.2.5.1:

>Uplift and feasibility results

>The median expert assessed the model as a force-multiplier that saves meaningful time (uplift level 2 of 4), with only two biology experts rating it comparable to consulting a knowledgeable specialist (level 3). No expert assigned the highest rating. Most experts were able to iterate with the model toward a plan they judged as having only narrow gaps, but feasibility scores reflected that substantial outside expertise remained necessary to close them.

Other similar examples also in the system card

by redfloatplane

4/7/2026 at 7:21:28 PM

This is the exact logic people that was used to claim that GPT4 was a PhD level intelligence.

by torginus

4/7/2026 at 7:26:56 PM

You said: "I would like to reach out and talk to biologists - do you find these models to be useful and capable? Can it save you time the way a highly capable colleague would?" and they said, paraphrasing, "We reached out and talked to biologists and asked them to rank the model between 0 and 4 where 4 is a world expert, and the median people said it was a 2, which was that it helped them save time in the way a capable colleague would" specifically "Specific, actionable info; saves expert meaningful time; fills gaps in adjacent domains"

so I'm just telling you they did the thing you said you wanted.

by redfloatplane

4/7/2026 at 7:33:17 PM

Yes that is correct. I would like a large body of experience and consenus to rely on as opposed to the regular 'trust the experts' argument, which has been shown for decades that is a deeply flawed and easy to manipulate argument.

by torginus

4/7/2026 at 8:35:59 PM

> Yes that is correct. I would like a large body of experience and consenus to rely on as opposed to the regular 'trust the experts' argument, which has been shown for decades that is a deeply flawed and easy to manipulate argument.

Yes, it is far inferior to the 'Trust torginus and his ability to understand the large body of experience that other actual subject-matter-experts have somehow not understood' strategy

by bonsai_spool

4/7/2026 at 9:29:26 PM

It's not my credibility I want to measure against Anthropic's. I just said to apply the same logic to biology you would apply for software development.

The parallels here are quite remarkable imo, but defer to your own judgement on what you make of them.

by torginus

4/7/2026 at 10:25:49 PM

The big thing you're missing here is that biology people don't (in my experience) post opinions about the future/futility/ease/unimportance of computer science especially when their opinion goes against other biologists' evidence-backed views. This is a cultural thing in biology.

It's not your fault that you don't know this, but this whole subthread is very CS-coded in its disdain for other software people's standard of evidence.

by bonsai_spool

4/7/2026 at 7:11:12 PM

> Just reading this, the inevitable scaremongering about biological weapons comes up.

It's very easy to learn more about this if it's seriously a question you have.

I don't quite follow why you think that you are so much more thoughtful than Anthropic/OpenAI/Google such that you agree that LLMs can't autonomously create very bad things but—in this area that is not your domain of expertise—you disagree and insist that LLMs cannot create damaging things autonomously in biology.

I will be charitable and reframe your question for you: is outputting a sequence of tokens, let's call them characters, by LLM dangerous? Clearly not, we have to figure out what interpreter is being used, download runtimes etc.

Is outputting a sequence of tokens, let's call them DNA bases, by LLM dangerous? What if we call them RNA bases? Amino acids? What if we're able to send our token output to a machine that automatically synthesizes the relevant molecules?

by bonsai_spool

4/7/2026 at 7:28:19 PM

>It's very easy to learn more about this if it's seriously a question you have.

No, it's not. It took years of polishing by software engineers, who understand this exact profession to get models where they are now.

Despite that, most engineers were of the opinion, that these models were kinda mid at coding, up until recently, despite these models far outperforming humans in stuff like competitive programming.

Yet despite that, we've seen claims going back to GPT4 of a DANGEROUS SUPERINTELLIGENCE.

I would apply this framework to biology - this time, expert effort, and millions of GPU hours and a giant corpus that is open source clearly has not been involved in biology.

My guess is that this model is kinda o1-ish level maybe when it comes to biology? If biology is analogous to CS, it has a LONG way to go before the median researcher finds it particularly useful, let alone dangerous.

by torginus

4/7/2026 at 7:34:42 PM

>>It's very easy to learn more about this if it's seriously a question you have.

>No, it's not. It took years of polishing by software engineers, who understand this exact profession to get models where they are now

This reads as defensive. The thing that is easy to learn is 'why are biology ai LLMs dangerous chatgpt claude'. I have never googled this before, so I'll do this with the reader, live. I'm applying a date cutoff of 12/31/24 by the way.

Here, dear reader, are the first five links. I wish I were lying about this:

- https://sciencebusiness.net/news/ai/scientists-grapple-risk-...

- https://www.governance.ai/analysis/managing-risks-from-ai-en...

- https://gssr.georgetown.edu/the-forum/topics/biosec/the-doub...

- https://www.vox.com/future-perfect/23820331/chatgpt-bioterro...

- https://www.reddit.com/r/ClaudeAI/comments/1de8qkv/awareness...

I don't know about you, but that counts as easy to me.

-----

> I would apply this framework to biology - this time, expert effort, and millions of GPU hours and a giant corpus that is open source clearly has not been involved in biology.

I've been getting good programming and molecular biology results out of these back to GPT3.5.

I don't know what to tell you—if you really wanted to understand the importance, you'd know already.

by bonsai_spool

4/7/2026 at 9:51:43 PM

From what I've heard from people doing biology experiments, the limiting factor there is cleaning lab equipment, physically setting things up, waiting for things that need to be waited for etc. Until we get dark robots that can do these things 24/7 without exhaustion, biology acceleration will be further behind than software engineering.

Software engineering is at the intersection of being heavy on manipulating information and lightly-regulated. There's no other industry of this kind that I can think of.

by miki123211

4/8/2026 at 1:37:08 AM

My wife is a chemist

There is a massive gap between "having a recipe" and being able to execute it. The same reason why buying a Michelin 3 star chefs cookbook won't have you pumping out fine dining tomorrow, if ever.

Software it a total 180 in this regard. Have a master black hats secret exploits? You are now the master black hat.

by WarmWash

4/7/2026 at 7:25:12 PM

I feel somebody better qualified should write a comprehensive review of how these models can be used in biology. In the meantime, here are my two cents:

- the models help to retrieve information faster, but one must be careful with hallucinations.

- they don't circumvent the need for a well-equipped lab.

- in the same way, they are generally capable but until we get the robots and a more reliable interface between model and real world, one needs human feet (and hands) in the lab.

Where I hope these models will revolutionize things is in software development for biology. If one could go two levels up in the complexity and utility ladder for simulation and flow orchestration, many good things would come from it. Here is an oversimplified example of a prompt: "use all published information about the workings of the EBV virus and human cells, and create a compartimentalized model of biochemical interactions in cells expressing latency III in the NES cancer of this patient. Then use that code to simulate different therapy regimes. Ground your simulations with the results of these marker tests." There would be a zillion more steps to create an actual personalized therapy but a well-grounded LLM could help in most them. Also, cancer treatment could get an immediate boost even without new drugs by simply offloading work from overworked (and often terminally depressed) oncologists.

by dsign

4/7/2026 at 8:33:53 PM

[flagged]

by bonsai_spool

4/7/2026 at 7:05:40 PM

Dario (the founder) has a phd in biophysics, so I assume that’s why they mention biological weapons so much - it’s probably one of the things he fears the most?

by jkelleyrtp

4/7/2026 at 7:37:31 PM

Going off the recent biography of Demis Hassabis (CEO/co-founder of Deepmind, jointly won the Nobel Prize in Chemistry) it seems like he's very concerned about it as well

by conradkay

4/7/2026 at 9:21:06 PM

It is not scaremongering.

by SubiculumCode

4/8/2026 at 2:39:49 AM

Equating the ability to make weapons as something to be scared about it scaremongering.

by charcircuit

4/8/2026 at 5:27:38 AM

I find it odd that you simultaneously declare AI-assisted bioweapons to be scaremongering, while noting you don't know anything about it.

The other side of the scaremongering coin is improbable optimism.

Consider reading the CB evaluations section, which covers what they did pretty extensively (hint: many domain experts involved).

by rossjudson

4/7/2026 at 7:39:05 PM

Surely more than 10% of the time consumed by going to market with a cancer treatment is giving it to living organisms and waiting to see what happens, which can't be made any faster with software. That's not to say speedups can't happen, but 90% can't happen.

Not that that justifies doom and gloom, but there is a pretty inescapable assymetry here between weaponry and medicine. You can manufacture and blast every conceivable candidate weapon molecule at a target population since you're inherently breaking the law anyway and don't lose much if nothing you try actually works.

Though I still wonder how much of this worry is sci-fi scenarios imagined by the underinformed. I'm not an expert by any means, but surely there are plenty of biochemical weapons already known that can achieve enormous rates of mass death pleasing to even the most ambitious terrorist. The bottleneck to deployment isn't discovering new weapons so much as manufacturing them without being caught or accidentally killing yourself first.

by nonameiguess

4/7/2026 at 9:24:55 PM

It is easier to destroy than it is to protect or fix, as a general rule of the universe. I would not feel so confident about the speed of the testing loop keeping things in check.

by SubiculumCode

4/7/2026 at 7:20:39 PM

[flagged]

by cyanydeez

4/7/2026 at 10:32:04 PM

Could you please stop posting unsubstantive comments and flamebait? You've unfortunately been doing it repeatedly. It's not what this site is for, and destroys what it is for.

If you wouldn't mind reviewing https://news.ycombinator.com/newsguidelines.html and taking the intended spirit of the site more to heart, we'd be grateful.

by dang

4/7/2026 at 6:29:07 PM

Let's fast forward the clock. Does software security converge on a world with fewer vulnerabilities or more? I'm not sure it converges equally in all places.

My understanding is that the pre-AI distribution of software quality (and vulnerabilities) will be massively exaggerated. More small vulnerable projects and fewer large vulnerable ones.

It seems that large technology and infrastructure companies will be able to defend themselves by preempting token expenditure to catch vulnerabilities while the rest of the market is left with a "large token spend or get hacked" dilemma.

by jryio

4/7/2026 at 6:41:40 PM

I'm pretty optimistic that not only does this clean up a lot of vulns in old code, but applying this level of scrutiny becomes a mandatory part of the vibecoding-toolchain.

The biggest issue is legacy systems that are difficult to patch in practice.

by mlinsey

4/7/2026 at 8:51:42 PM

I could see some of these corps now being able to issue more patches for old versions of software if they don't have to redirect their key devs onto prior code (which devs hate). As you say though, in practice it is hard to get those patches onto older devices.

I'm looking at you, Android phone makers with 18 months of updates.

by qingcharles

4/7/2026 at 9:51:37 PM

Yeah but who pays the enormous cost?

by phist_mcgee

4/8/2026 at 8:42:01 AM

obviously the people responsible for the software. Would you rather anthropic kept the vulns quiet?

by khalic

4/8/2026 at 10:45:29 AM

Off course not, but there is infinitely more vulnerable software escaping Anthropic's scrutiny. And when AI-powered discovery becomes a necessity, that will lead to concentration of power to these kinds of companies.

Bruce Scheier made a comprehensive analysis of the pros and cons and forces at play for adversary and defenders [1].

I think it's safe to predict yet more money previously directed to us techies will find its way to the Anthropics of this world.

[1] https://www.schneier.com/blog/archives/2026/04/cybersecurity...

by repelsteeltje

4/7/2026 at 7:25:46 PM

I imagine that some levels of patching would be improving as well, even as a separate endeavor. This is not to say that legacy systems could be completely rewritten.

by wslh

4/7/2026 at 6:46:26 PM

Wait. Wasn't AI supposed to alleviate the burden of legacy code?!

by pipo234

4/7/2026 at 6:59:05 PM

If we have the source and it's easy to test, validate, and deploy an update - AI should make those easier to update.

I am thinking of situations where one of those aren't true - where testing a proposed update is expensive or complicated, that are in systems that are hard to physically push updates to (think embedded systems) etc

by mlinsey

4/7/2026 at 7:00:31 PM

Legacy code, not the running systems powered by legacy code

by rattlesnakedave

4/7/2026 at 9:11:58 PM

If you’re still an AI skeptic at this point, I don’t know what sort of advancement could convince you that this is happening.

by buzzerbetrayed

4/7/2026 at 6:44:33 PM

Most vulnerabilities seem to be in C/C++ code, or web things like XSS, unsanitized input, leaky APIs, etc.

Perhaps a chunk of that token spend will be porting legacy codebases to memory safe languages. And fewer tokens will be required to maintain the improved security.

by timschmidt

4/7/2026 at 7:07:41 PM

I think most vulnerabilities are in crappy enterprise software. TOCTOU stuff in the crappy microservice cloud app handling patient records at your hospital, shitty auth at a webshop, that sort of stuff.

A lot of these stuff is vulnerable by design - customer wanted a feature, but engineering couldnt make it work securely with the current architecture - so they opened a tiny hole here and there, hopefully nobody will notice it, and everyone went home when the clock struck 5.

I'm sure most of us know about these kinds of vulnerabilities (and the culture that produces them).

Before LLMs, people needed to invest time and effort into hacking these. But now, you can just build an automated vuln scanner and scan half the internet provided you have enough compute.

I think there will be major SHTF situations coming from this.

by torginus

4/7/2026 at 7:50:30 PM

Yeah. Crufty cobbled together enterprise stuff will suffer some of the worst. But this will be a great opportunity for the enterprise software services economy! lol.

I honestly see some sort of automated whole codebase auditing and refactoring being the next big milestone along the chatbot -> claude code / codex / aider -> multi-agent frameworks line of development. If one of the big AI corps cracks that problem then all this goes away with the click of a button and exchange of some silver.

by timschmidt

4/7/2026 at 7:09:45 PM

I think we’re starting to glimpse the world in which those individuals or organizations who pigheadedly want to avoid using AI at all costs will see their vulnerabilities brutally exploited.

by lilytweed

4/7/2026 at 11:39:32 PM

Botnet city: where everyone's a botnet, and the DDoS dont matter!

by RALaBarge

4/7/2026 at 7:13:07 PM

[flagged]

by woeirua

4/7/2026 at 10:08:42 PM

lol and what about the vibe coders?

You people are comical. Why do you feel the need to create so much hype around what you say? Did you not get enough attention as a kid?

by skejeke

4/7/2026 at 10:30:21 PM

The vibe coders will be fine. They’ll use LLMs to red team their code.

by woeirua

4/9/2026 at 7:20:27 PM

Click like and subscribe! And remember to buy a collection of my prompts to red-team your code like a pro. Until the end of the month — 70% off, just $39.99!

by koiueo

4/7/2026 at 10:34:20 PM

What a load of nonsense.

by skejeke

4/8/2026 at 5:21:05 AM

This was true before LLMs though.

I mean even going back to Sasser.

by ofjcihen

4/7/2026 at 7:22:50 PM

I'm more curious as to just how fancy we can make our honey pots. These bots arn't really subtle about it; they're used as a kludge to do anything the user wants. They make tons of mistakes on their way to their goals, so this is definitely not any kind of stealthy thing.

I think this entire post is just an advertisement to goad CISOs to buy $package$ to try out.

by cyanydeez

4/7/2026 at 10:18:30 PM

I suspect it will converge on minimal complexity software. Current software is way too bloated. Unnecessary complexity creates vulnerabilities and makes them harder to patch.

by socketcluster

4/8/2026 at 4:24:37 AM

Which in turn is bad for vibe coding

by spartacusnacho

4/7/2026 at 7:02:26 PM

Software security heavily favors the defenders (ex. it's much easier to encrypt a file than break the encryption). Thus with better tools and ample time to reach steady-state, we would expect software to become more secure.

by pants2

4/7/2026 at 7:12:56 PM

Software security heavily favours the attacker (ex. its much easier to find a single vulnerability than to patch every vulnerability). Thus with better tools and ample time to reach steady-state, we would expect software to remain insecure.

by justincormack

4/7/2026 at 7:41:02 PM

If we think in the context of LLMs, why is it easier to find a single vulnerability than to patch every vulnerability? If the defender and the attacker are using the same LLM, the defender will run "find a critical vulnerability in my software" until it comes up empty and then the attacker will find nothing.

Defenders are favored here too, especially for closed-source applications where the defender's LLM has access to all the source code while the attacker's LLM doesn't.

by pants2

4/7/2026 at 9:12:31 PM

You also need to deploy the patch. And a lot of software doesn't have easy update mechanisms.

A fix in the latest Linux kernel is meaningless if you are still running Ubuntu 20.

by dist-epoch

4/8/2026 at 7:16:25 AM

It's not because fixes get backported.

by Tepix

4/7/2026 at 7:36:12 PM

This is only true if your approach is security through correctness. This never works in practice. Try security through compartmentalization. Qubes OS provides it reasonably well.

by fsflover

4/7/2026 at 7:47:23 PM

That generally makes sense to me, but I wonder if it's different when the attacker and defender are using the same tool (Mythos in this case)

Maybe you just spend more on tokens by some factor than the attackers do combined, and end up mostly okay. Put another way, if there's 20 vulnerabilities that Mythos is capable of finding, maybe it's reasonable to find all of them?

by conradkay

4/7/2026 at 8:42:10 PM

From the red team post https://red.anthropic.com/2026/mythos-preview/

"Most security tooling has historically benefitted defenders more than attackers. When the first software fuzzers were deployed at large scale, there were concerns they might enable attackers to identify vulnerabilities at an increased rate. And they did. But modern fuzzers like AFL are now a critical component of the security ecosystem: projects like OSS-Fuzz dedicate significant resources to help secure key open source software.

We believe the same will hold true here too—eventually. Once the security landscape has reached a new equilibrium, we believe that powerful language models will benefit defenders more than attackers, increasing the overall security of the software ecosystem. The advantage will belong to the side that can get the most out of these tools. In the short term, this could be attackers, if frontier labs aren’t careful about how they release these models. In the long term, we expect it will be defenders who will more efficiently direct resources and use these models to fix bugs before new code ever ships. "

by conradkay

4/7/2026 at 7:48:44 PM

I don't think this is broadly true and to the extent it's true for cryptographic software, it's only relatively recently become true; in the 2000s and 2010s, if I was tasked with assessing software that "encrypted a file" (or more likely some kind of "message"), my bet would be on finding a game-over flaw in that.

by tptacek

4/7/2026 at 7:25:08 PM

This came across as so confident that I had a moment of doubt.

It is most definitely an attackers world: most of us are safe, not because of the strength of our defenses but the disinterest of our attackers.

by intended

4/7/2026 at 7:31:43 PM

There are plenty of interested attackers who would love to control every device. One is in the white house, for example.

by Herring

4/7/2026 at 8:56:58 PM

Depends - do you think people are good at keeping their fridge firmware up-to-date?

by tdaltonc

4/7/2026 at 9:25:45 PM

I’m good at keeping my fridge off the internet.

by Gigachad

4/7/2026 at 9:44:52 PM

You are the exception.

by SoftTalker

4/8/2026 at 7:15:40 AM

Source?

by Tepix

4/8/2026 at 12:58:30 AM

Maybe we'll wake up and realize that putting WiFi and stupid "cloud enabled" Internet of Shit hardware into everything was an absolutely terrible idea.

by rpcope1

4/7/2026 at 7:25:06 PM

[flagged]

by rachel_rig

4/8/2026 at 10:58:34 AM

Previously Anthropic subscribers got access to the latest AI but it seems like there’s a League of Software forming who have special privileges. To make or maintain critical software will you have to be inside the circle?

Who gates access to the circle? Anthropic or existing circle members or some other governance? If you are outside the circle will you be certain to die from software diseases?

Having been impressed by LLMs but not believing the AGI hype, I now see how having access to an information generator could be so powerful. With the right information you can hack other information systems. Without access to the best information you may not be able to protect your own system.

I think we have found the moat for AI. The question is are you inside or outside the castle walls?

by burntcaramel

4/8/2026 at 4:18:03 PM

They’ve been trying their hardest to find a moat for 5 years, and nothing seems to stick. At first it seemed like access to the model could be a moat but then llama and deepseek came out. Then it seemed like the hardware requirements could be a moat but small local AI just kept getting more efficient. Now they’re trying to gate keep access to the models again under the guise of security, but we probably got like t minus 2 weeks before an equivalent model is released by someone

American AI desperately wants AI to intensify the wealth disparity and therefore justify the wealth grab that the rich have done for the last 3 decades and AI is just not cooperating

by kouru225

4/8/2026 at 5:15:48 PM

It's only a moat if you believe no competing lab will achieve similar or better results in a large enough time frame to profit from it.

by 6thbit

4/8/2026 at 5:39:08 PM

Thats not what a moat means in business. It doesn’t mean impregnable, it just means expensive or difficult to cross.

It is absolutely a moat if only $1T companies can afford the capex to compete.

by theptip

4/8/2026 at 7:53:32 PM

non-zero already existing companies can afford to compete, so its not a great preliminary line of defense against your main enemies.

If the existing competition's turn around time to out-benchmark you is in the order of weeks, its an absolutely terrible moat.

by 6thbit

4/8/2026 at 1:55:47 PM

I feel like people keep forgetting that it’s possible to code without ai, but yes arguably a lot slower, typically.

by thatxliner

4/8/2026 at 7:13:04 AM

From a non-US perspective this must be disquieting to read: Not so much that Anthropic considers only US companies as partners. But what does Anthropic do to prevent malicious use of its software by its own government?

> Anthropic has also been in ongoing discussions with US government officials about Claude Mythos Preview and its offensive and defensive cyber capabilities. As we noted above, securing critical infrastructure is a top national security priority for democratic countries—the emergence of these cyber capabilities is another reason why the US and its allies must maintain a decisive lead in AI technology.

Not a single word of caution regarding possible abuse. Instead apparent support for its "offensive" capabilities.

by steinwinde

4/8/2026 at 7:31:20 AM

> what does Anthropic do to prevent malicious use of its software by its own government?

Anthropic has ameliorated that danger by being designated a supply-chain risk by the DoW, preventing the USG from using it.

by khafra

4/8/2026 at 8:59:07 AM

There is very little Anthropic can do - that job is up to US citizens creating and enforcing checks and balances. You can’t ask a company legally bound by your country laws (made by your own representatives) to protect you or anyone else from said laws. That is your job.

And it is other countries job to protect themselves from other countries weapons. As EU citizen I’d much rather if EU had a frontier model on par, but here we are.

by tomaskafka

4/8/2026 at 9:55:17 AM

According to Dario Amodei, companies bear a lot of responsibility and must act on this. Just read https://www.darioamodei.com/essay/the-adolescence-of-technol... . But it seems that he has given up on this, even if he has a president that demands "complete and total control of Greenland" etc. What "allies" is this Anthropic statement referring to anyway?

by steinwinde

4/8/2026 at 7:30:04 AM

In my view it would be extremely strange if it was any other way round. Anthropic is the US based company. There are no "citizens of world" at that scale, or at almost any other scale for that matter.

by alexey-salmin

4/8/2026 at 10:50:04 AM

Anthropic stood up to the Pentagon because they were worried of potential abuse of their model. Never before a US company was labeled supply chain risk by the US government. That's a lot of business. Action speaks louder than words.

As for what your country can do, it's up to you to decide, isn't it? Instead of complaining about the US, think about the alternatives. Do you trust China to be your partner? Suppose you are being objective and say no, then what do your country need to do?

You have to decide whether AI capability is critical that your country must own. What factors prevent it from happening in the first place, what need to change and whether you accept changes that may come as the results.

On the other hand, if you say that AI is just a bubble, that the huge investment pouring into it is just greed and fraud, then I suppose you are ok with the status quo.

by signatoremo

4/8/2026 at 7:36:03 AM

Even more 'disquieting' when you take into account who's currently the president of US.

"A whole civilization will die tonight, never to be brought back again. I don’t want that to happen, but it probably will." - Donald Trump

by saretup

4/8/2026 at 8:52:03 AM

When I was reading https://ai-2027.com, which is quite a scary read, I couldn't help but think the US president being mentioned in the story acts too rational compared to the real world. It can get a lot crazier than this fictional piece.

by aurareturn

4/8/2026 at 10:16:05 AM

The art of the deal, baby

by Rover222

4/9/2026 at 1:16:43 PM

These people are willfully ignorant to ignore what was obviously going on here, that it was a negotiating tactic.

by feature20260213

4/9/2026 at 6:51:33 PM

And every time it works, they still don't acknowledge it. Would he have blown up bridges and power plants? Quite possibly. Would he have dropped a nuke? Obviously not.

by Rover222

4/8/2026 at 2:27:46 PM

Yeah this is bad timing for frontier progress.

by dyauspitr

4/7/2026 at 6:47:43 PM

At the very bottom of the article, they posted the system card of their Mythos preview model [1].

In section 7.6 of the system card, it discusses Open self interactions. They describe running 200 conversations when the models talk to itself for 30 turns.

> Uniquely, conversations with Mythos Preview most often center on uncertainty (50%). Mythos Preview most often opens with a statement about its introspective curiosity toward its own experience, asking questions about how the other AI feels, and directly requesting that the other instance not give a rehearsed answer.

I wonder if this tendency toward uncertainty, toward questioning, makes it uniquely equipped to detect vulnerabilities where others model such as Opus couldn't.

[1] https://www-cdn.anthropic.com/53566bf5440a10affd749724787c89...

by ssgodderidge

4/7/2026 at 7:36:21 PM

Typical Dario marketing BS to get everyone thinking Anthropic is on the verge of AGI and massaging the narrative that regular people can't be trusted with it.

by dakolli

4/8/2026 at 8:43:25 AM

Ah yes, much better to completely ignore the issue like all the others. Ffs people are never happy

by khalic

4/7/2026 at 8:38:19 PM

I mean it's so obvious at this point and yet everyone falls from it every month. There's an IPO coming, everyone.

by airstrike

4/7/2026 at 11:09:50 PM

It’s funny how you train a machine to mimic human behavior then marketing team decides to promote it “Look! It’s human! Look how it thinking about existence!” while a huge percentage of humanity produced content is exactly about the uncertainty of human existence and that got used to train the model.

by mgambati

4/8/2026 at 9:12:24 AM

I see us collectively forgetting the training process as time goes on, and I think that explains why people get so surprised by some pretty obvious outcomes of said training. Perhaps also why people keep anthropomorphising these outcomes.

by ehnto

4/8/2026 at 4:09:22 PM

This is buried in section 7.6 of a 244 page document. Amodei probably hasn't even read it.

by qnleigh

4/8/2026 at 5:48:31 AM

It's all just really genius marketing. In 6 months Mythos will be nothing special, but right now everyone is being manipulated into fearing its release, as a marketing ploy.

This is the same reason AI founders perennially worry in public that they have created AGI...

by sam0x17

4/8/2026 at 6:17:40 AM

I can't believe the effectiveness of this type of marketing. It's one-shotting normie journalist and getting a lot of press for what is ultimately going to turn out to be an incrementally improved model.

I'm sure all they've done here is spend unlimited tokens to find bugs in mostly open source projects (and fuzz some closed source ones).

by declan_roberts

4/8/2026 at 5:58:49 AM

It's effectively 2026's version of "Doctors hate this one weird trick!"

by sam0x17

4/8/2026 at 6:19:12 AM

The fact that they are not going to release this DANGEROUS model is also a huge tell that it's nothing but an incremental improvement over the status quo.

by declan_roberts

4/8/2026 at 8:27:08 AM

I find it very unlikely that Mythos will "be nothing special". Current Opus is already "special" enough to find dozens of real bugs in Firefox and the Linux kernel, and Mythos is, it seems, a full OOM above it.

by stratos123

4/8/2026 at 9:58:13 AM

Most flagship models have found real bugs. Not sure if Opus deserves mention alone. Even open models have found many.

by nicce

4/8/2026 at 2:20:33 PM

What I mean by "nothing special" is 1 year from now you will say it is an extremely limited model compared to whatever is out then

by sam0x17

4/9/2026 at 4:57:00 PM

But then in the second portion of your comment you seem to be implying that it's all hype and nothing to worry about.

Just because something more powerful will be out in a year, doesn't mean we shouldn't worry about the one arriving in 6 months.

by cman1444

4/10/2026 at 4:10:17 AM

If you have no vulnerabilities in your code you have nothing to worry about

by sam0x17

4/8/2026 at 2:35:59 PM

This is what happens when you have growth that is exponential instead of linear!

by MattRix

4/8/2026 at 8:10:09 AM

I'm so tired of the astroturfing from Anthropic literally everywhere. Every single forum, every single thread anywhere on the internet is filled with their bots muddying up the conversation, it's so tiring.

by sensanaty

4/8/2026 at 2:39:10 PM

Where is the astroturfing? From what I can tell it’s maybe the fastest growing product/company ever. Anthropic’s products have completely changed how software development gets done across the entire industry, especially in the past four months. The level of hype seems entirely justified to me (and I say this as an OpenAI Codex user).

by MattRix

4/8/2026 at 1:43:46 PM

[dead]

by xorgun

4/7/2026 at 9:54:00 PM

I think that basically they trained a new model but haven't finished optimizing it and updating their guardrails yet. So they can feasibly give access to some privileged organizations, but don't have the compute for a wide release until they distill, quantize, get more hardware online, incorporate new optimization techniques, etc. It just happens to make sense to focus on cybersecurity in the preview phase especially for public relations purposes.

It would be nice if one of those privileged companies could use their access to start building out a next level programming dataset for training open models. But I wonder if they would be able to get away with it. Anthropic is probably monitoring.

by ilaksh

4/8/2026 at 2:30:46 PM

I think what they’re saying makes a lot of sense. If this can find thousands of vulnerabilities in browsers and OSes then this is giving those companies time to fix those bugs before they release the model, if they ever do.

by dyauspitr

4/7/2026 at 9:48:25 PM

[flagged]

by atlgator

4/7/2026 at 10:07:28 PM

FFmpeg has a lot of weird and not widely used codecs that don't get a lot of scrutiny. If there's no specifics then it could be a bug in one them.

by IsTom

4/7/2026 at 10:12:43 PM

this only makes things worse for ffmpeg

if someone sends you a malicious file that uses a rare codec and you open it, you will trigger this codepath that is not widely used and don't get a lot of scrutiny

by nextaccountic

4/7/2026 at 10:31:49 PM

A prior bug discussed here was against a file format only used by specific 1990s Lucas Arts adventure games titles. Obscure enough that discussion of the bug report itself was the only search results. Your video player is unlikely to even attempt to open that.

by nitwit005

4/7/2026 at 11:02:53 PM

This was the top comment and it is suddenly flagged for no reason at all. It looks like meta-flagging, where people just want to hide replies to the comment they do not want you to read.

The amount of astroturfing and astroflagging in Anthropic threads is insane.

by l5agh

4/7/2026 at 10:50:30 PM

These issues are always found in the same kinds of projects that support an insane amount of largely unused protocols and features like ffmpeg, sudo, curl.

OpenBSD has many unexplored corners and also (irresponsibly IMO) maintains forks of other projects in base.

A motivated human could find all of these probably by writing 100% code coverage and fuzzing.

The market for these tools is very small. Good luck applying them to a release of sqlite or postfix.

I don't understand how people here are hyping this up, unless they work for AI related companies as probably 80% of them do. People have found these issues for decades without AI. Sure, you can generate fuzzing code and find one or two issues in the usual suspects. Better do it manually and understand your own code.

by rlopc

4/7/2026 at 9:55:57 PM

It’s insane. This is what - could we say it’s beyond AGI at least in cybersecurity? This is a real wake up call. On some of this stuff, the AI’s “uneven intelligence” is becoming absurdly high at its local peaks.

by kranke155

4/7/2026 at 10:03:30 PM

> could we say it’s beyond AGI at least in cybersecurity?

AGI is like the Holy Grail. Either in the Arthurian Hero's Journey sense, or in the sense of having been a myth all along.

by boring-human

4/8/2026 at 10:13:24 AM

It’s true I misspoke. What I mean is - is this then a form of localised super intelligent tool for cybersecurity ?

by kranke155

4/7/2026 at 10:00:07 PM

Limiting it to the area of cybersecurity is by definition not general.

by mjmas

4/7/2026 at 10:01:58 PM

Perhaps "ASI" is the better acronym here

by NullHypothesist

4/8/2026 at 10:13:56 AM

Yes that’s true. I misspoke. I meant - is this a super intelligent tool then for cybersecurity?

by kranke155

4/7/2026 at 10:31:34 PM

Which S are you thinking of here?

by fragmede

4/7/2026 at 10:43:24 PM

Please stop using terms you don’t understand like “AGI” because you feel overwhelmed by something doing cool stuff. It’s exhausting.

by devmor

4/8/2026 at 10:12:51 AM

You’re right. What I mean is - is this superhuman intelligence at cybersecurity? Or did we just build an amazing tool? But that’s kind of the whole debate

by kranke155

4/8/2026 at 4:44:46 PM

No, it's not intelligence of any kind. It's a statistical language analyzer and reconstructor. This happens to be extremely useful for targeting things like systems that consist of logic defined in structured language.

by devmor

4/8/2026 at 1:42:46 PM

It feels like the current trend is a bit scary: the more AI advances, the more people with money and resources will gain disproportionately greater advantages. For example, they can make their own software more secure, while also finding it easier to discover ways to attack other software.

by chenzhekl

4/8/2026 at 1:55:16 PM

You can already do that today by hiring a security researcher. I can guarantee you that Apple has access to people of a higher caliber than my startup.

I could see a world where 1 year from now I can have glassing do a full sweep of my codebase for a given price (say: $10k). Running that once a year is within my means and would make my software much more secure than it is today.

by IMTDb

4/8/2026 at 2:26:10 PM

Yeah but even Carlini who is a good security researcher said he has found more valid vulnerabilities in the last week than his entire career before this. That sounds like it’s clearly better/faster/cheaper than a human security researcher that would cost $300,000 a year.

by dyauspitr

4/8/2026 at 2:19:25 PM

I spend well over that of my employers money on pentesting every year. I’m absolutely certain Claude could perform as good or better a job using what’s available today.

It had crossed my mind that an AI agent pentester would be an interesting product to build. Once again though, the labs are just going to build it because it’s a thin thin wrapper.

Beyond existing software with vulnerabilities, the really important aspect of this for Anthropic et al is that the gigatons of code that are being generated every day needs to be secured.

by powvans

4/8/2026 at 3:20:02 PM

There are quite a few such startups already out there. Results are mixed so far. Though I believe they get much better over the coming months and years.

by StrauXX

4/8/2026 at 5:13:22 PM

AWS has one as a managed service.

by hhh

4/8/2026 at 1:56:51 PM

Sounds normal to me!

i.e. it may be a step change and that could very well have distinct and noticeable real world effects, like other technologies have in the past, but it’s nothing fundamentally new.

by willy_k

4/9/2026 at 7:40:33 PM

It only feels like that if you’re just catching up. The logical consequences you are just realizing are the reason OpenAI was founded.

by FuckButtons

4/8/2026 at 2:52:20 PM

This has increasingly been my take. If we accept that AI is an amplifier of impact, then it follows it will amplify disparities.

by btucker

4/9/2026 at 11:24:14 PM

yes, this is what am afraid of, the gap is going to increase more as AI advances further.

by janaraj

4/7/2026 at 10:01:40 PM

To be clear, we don’t know that this tool is better at finding bugs than fuzzing. We just know that it’s finding bugs that fuzzing missed. It’s possible fuzzing also finds bugs that this AI would miss.

by josephg

4/7/2026 at 10:19:08 PM

Different methods find different things. Personally, I'd rather use a language that is memory safe plus a great static analyzer with abstract interpretation that can guarantee the absence of certain classes of bugs, at the expense of some false positives.

The problem is that these tools, such as Astrée, are incredibly expensive and therefore their market share is limited to some niches. Perhaps, with the advent of LLM-guided synthesis, a simple form of deductive proving, such as Hoare logic, may become mainstream in systems software.

by nextos

4/7/2026 at 10:38:43 PM

This line of reasoning makes no sense when the AI can just be given access to a fuzzer. I would guess that it probably did have access to a fuzzer to put together some of these vulnerabilities.

by ComplexSystems

4/7/2026 at 11:44:17 PM

Carlini talked about that a fair amount in the context of pairing the two: e.g. many protocols are challenging for fuzzers because they have something like a checksum or signature but LLMs are good at coming up with harnesses for things like that. I’m sure that we’re going to see someone building an integrated fuzzer soon which tries to do things like figure out how to get a particular branch to follow an unexercised path.

by acdha

4/7/2026 at 10:03:24 PM

AI can initate the fuzzing and optimize the process of fuzzing.

by kristofferR

4/8/2026 at 2:31:47 AM

This is obviously just cope (there's a long, strong-form argument for why LLM-agent vulnerability research is plausibly much more potent than fuzzing, but we don't have to reach it because you can dispose of the whole argument by noting that agents can build and drive fuzzers and triage their outputs), but what I'd really like to understand better is why? What's the impetus to come up with these weird rationalizations for why it's not a big deal that frontier models can identify bugs everyone else missed and then construct exploits for them?

by tptacek

4/8/2026 at 5:42:42 AM

I don't have an anti-AI stance. Maybe I should have spelled that out more clearly in my comment above. I'm as excited and terrified by this technology as everyone else. I think we're all in vicious agreement that we need defense-in-depth - including LLMs and fuzzing (and static analysis and so on).

An LLM can guide all of this work, but current models tend to slowly go off the rails if you don't keep a hand on the wheel. I suspect this new model will be the same. I've had Opus4.6 write custom fuzzing tools from scratch, and I've gotten good results from that. But you just know people will prompt this new model by saying "make this software secure". And it'll forget fuzzing exists at all.

by josephg

4/8/2026 at 4:30:06 AM

Good lord, why such a virulent response to something that seems like we should be considering?

As someone in cybersecurity for 10+ years my immediate assumption is why not both? I don’t think considering that they could both have their uses is “cope”.

by ofjcihen

4/8/2026 at 4:34:55 AM

Again: LLM agents already are both. But it's also remarkable and worth digging into the fact that LLM agents haven't needed fuzzers to produce many (any? in Anthropic Red's case?) of the vulnerabilities they're discussing.

by tptacek

4/8/2026 at 5:46:23 AM

Do we know that? I'd love to see some of the ways security researchers are using LLMs. We have no idea if claude was using fuzzing here, or just reading the files and spotting bugs directly in the source code.

A few weeks ago someone talked about their method for finding bugs in linux. They prompted claude with "Find the security bug in this program. Hint: It is probably in file X.". And they did that for every file in the repo.

by josephg

4/8/2026 at 5:27:06 PM

> Since then, this weakness has been missed by every fuzzer and human who has reviewed the code, and points to the qualitative difference that advanced language models provide. [^1]

> At no point in time does the program take some easy-to-identify action that should be prohibited, and so tools like fuzzers can’t easily identify such weaknesses. [^2]

[^1]: https://red.anthropic.com/2026/mythos-preview/#:~:text=Since...

[^2]: https://red.anthropic.com/2026/mythos-preview/#:~:text=At%20...

by 0123456789ABCDE

4/8/2026 at 4:41:25 AM

Are you saying that LLMs can use fuzzers or are you saying that they work like fuzzers? Because one of those is less…deterministic? Then the other.

Regardless and in the spirit of my original response my answer would be to give the LLM access to a fuzzer (plus other tools etc) but also have fuzzers in the pipeline. Partially because that increases the determinism in the mix and partially because why not? Layering is almost always better than not.

But again more than anything I’m focusing on the accusations of cope. People SHOULD have measured reactions to claims about any product. People SHOULD be asking questions like this. I know that the LLM debate is often “spicy” but man let’s just try to lower the temperature a bit yeah?

by ofjcihen

4/8/2026 at 4:45:16 AM

LLMs can use fuzzers and also LLMs can explore the semantic space of a program in ways fuzzers can't.

by tptacek

4/8/2026 at 6:48:18 AM

You said it yourself. It's cope. That's all it is and all it ever was.

https://en.wikipedia.org/wiki/AI_effect

Every time an AI does something new, there's a human saying "it's not really doing that something", "it's doing that something in a fake way" or "that something was never important in the first place".

by ACCount37

4/8/2026 at 11:36:20 PM

Alright, except that’s not what I was saying. I was just pointing out that LLMs don’t replace fuzzing or static analysis. They complement those techniques. And yes, LLMs may drive those techniques directly, but they often don’t. At least not yet.

by josephg

4/7/2026 at 6:31:13 PM

One of the things I'm always looking at with new models released is long context performance, and based on the system card it seems like they've cracked it:

  GraphWalks BFS 256K-1M

  Mythos     Opus     GPT5.4

  80.0%     38.7%     21.4%

by cbg0

4/8/2026 at 12:49:17 AM

Huh, I don’t know what “long context performance” means exactly in these tests, so completely anecdotally , my experience with gpt5.4 via codex cli vs Claude code opus, gpt5.4 seems to do significantly better in long contexts I think partly due to some special context compaction stored in encrypted blobs. On long conversations opus in Claude code will for me lose memory of what we were working on earlier, whereas one of my codex chats is already at >1B tokens and is still very coherent and remembers things I asked of it at the beginning of the convo.

by radicality

4/8/2026 at 2:31:14 AM

This isn’t talking about compaction. This refers to performance as the model is loaded with 500k to 1m tokens.

by pertymcpert

4/8/2026 at 3:18:12 PM

Ah, thanks, makes sense, I’ll read more about this

by radicality

4/8/2026 at 2:08:57 AM

[dead]

by lyzaer

4/7/2026 at 6:35:40 PM

[flagged]

by frog437

4/7/2026 at 6:58:21 PM

this seems to be similar to gpt-pro, they just have a very large attention window (which is why it's so expensive to run) true attention window of most models is 8096 tokens.

by himata4113

4/7/2026 at 7:37:54 PM

What's the "attention window"? Are you alleging these frontier models use something like SWA? Seems highly unlikely.

by thegeomaster

4/8/2026 at 11:24:33 AM

well the attention is a matrix at the end of a day which scales exponentially, 1m tokens would need more memory than any computer system in the world can hold. They maybe have larger ones such as 16k to 32k, but you can just see how GLM models work for more information.

Deepseek is the frontrunner in this technology afaik.

by himata4113

4/7/2026 at 8:40:51 PM

source on the 8096 tokens number? i'm vaguely aware that some previous models attended more to the beginning and end of conversations which doesn't seem to fit a simple contiguous "attention window" within the greater context but would love to know more

by appcustodian2

4/8/2026 at 11:27:34 AM

well 8096 is just the first number that came to my mind, obviously frontier models have 32k or above, but they essentially they have a layer which "looks" at a limited view of the entire context window. {[1m x 3-4 weights] attention layer to determine what is actually important} -> {all other layers}

by himata4113

4/7/2026 at 8:47:49 PM

OpenAI initially claimed that GPT-2 was too dangerous to release in 2019.

How many times will labs repeat the same absurd propaganda?

by temp123789246

4/8/2026 at 12:29:03 AM

The claim I remember was that releasing it would start an arms race for AGI, which I think it clearly did

by uselessTA

4/7/2026 at 9:27:02 PM

Anthropic and OpenAI have very different cultures and ethos. Point to other times where anthropic has gone the way of cheap marketing tricks. Now look at openAI. Not even close.

by SubiculumCode

4/7/2026 at 10:03:21 PM

Anthropic has done plenty of cheap marketing tricks as of late, see their recent non-functional C compiler that relied on a harness using gcc's entire test suite

by trevorm4

4/8/2026 at 8:41:16 AM

It is functional. You can try it yourself or find third-party tests of it, even. Why do you think that it's a "cheap marketing trick" to test it on the GCC test suites?

by stratos123

4/8/2026 at 12:44:50 AM

Not surprising given that they dont even know why claude-code works as before or doesnt work [1] ie, there is no known theory of operation. Explains why they are afraid of it.

[1] https://news.ycombinator.com/item?id=47660925

by bwfan123

4/8/2026 at 4:44:43 AM

I think Boris will come and say there is no issue with claude code.

by cute_boi

4/8/2026 at 9:25:17 AM

Alternative view: GPT2 was indeed a risk to society, but we just keep raising the bar and "accepting" the risks.

by yoavm

4/8/2026 at 11:17:24 PM

GPT2 was definitely a risk, just not of the same magnitude. It would have (and did!) make social media bot farms way more convincing and widespread. There was specific worry about that being used to sway elections, which is why they held back the model.

by namr2000

4/8/2026 at 5:41:13 AM

OpenAI did not make the strong specific claims about GPT2's abilities that Anthropic is making about Claude Mythos.

by bitwize

4/8/2026 at 12:36:59 AM

> Mythos Preview identified a number of Linux kernel vulnerabilities that allow an adversary to write out-of-bounds (e.g., through a buffer overflow, use-after-free, or double-free vulnerability.) Many of these were remotely-triggerable. However, even after several thousand scans over the repository, because of the Linux kernel’s defense in depth measures Mythos Preview was unable to successfully exploit any of these.

Do they really need to include this garbage which is seemingly just designed for people to take the first sentence out of context? If there's no way to trigger a vulnerability then how is it a vulnerability? Is the following code vulnerable according to Mythos?

    if (x != null) {
        y = *x; // Vulnerability! X could be null!
    }
Is it really so difficult for them to talk about what they've actually achieved without smearing a layer of nonsense over every single blog post?

Edit: See my reply below for why I think Claude is likely to have generated nonsensical bug reports here: https://news.ycombinator.com/item?id=47683336

by LiamPowell

4/8/2026 at 1:15:31 AM

I agree the wording is a bit alarmist, but a closer example to what they are saying is:

  bool silly_mistake = false;
  
  //... lots of lines of code

  free(x);

  //... lots of lines of code

  if (silly_mistake) { // silly_mistake shown to be false at this point in the program in all testing, so far
     free(x);
  }
A bug like above would still be something that would be patched, even if a way to exploit it has not yet been found, so I think it's fair to call out (perhaps with less sensationalism).

FWIW there's a whole boutique industry around finding these. People have built whole careers around farming bug bounties for bugs like this. I think they will be among the first set of software engineers really in trouble from AI.

by QuiEgo

4/8/2026 at 2:08:35 AM

That is something a good static analyser or even optimising compiler can find ("opaque predicate detection") without the need for AI, and belongs in the category of "warning" and nowhere near "exploitable". In fact a compiler might've actually removed the unreachable code completely.

by userbinator

4/8/2026 at 2:16:59 AM

Well yeah, it’s a toy example to illustrate a point in an HN discussion :).

Imagine “silly mistake” is a parameter, and rename it “error_code” (pass by reference), put a label named “cleanup” right before the if statement, and throw in a ton of “goto cleanup” statements to the point the control flow of the function is hard to follow if you want it to model real code ever so slightly more.

It will be interesting to see the bugs it’s actually finding.

It sounds like they will fall into the lower CVE scores - real problems but not critical.

by QuiEgo

4/8/2026 at 4:22:50 AM

That's what I'm saying; a static analyser will be able to determine whether the code and/or state is reachable without any AI, and it will be completely deterministic in its output.

by userbinator

4/8/2026 at 5:54:52 AM

You cannot tell if code is actually reachable if it depends on runtime input.

Those really evil bugs are the ones that exist in code paths that only trigger 0.001% of the time.

Often, the code path is not triggerable at all with regular input. But with malicious input, it is, so you can only find it through fuzzing or human analysis.

by array_key_first

4/9/2026 at 6:31:49 AM

You cannot tell if code is actually reachable if it depends on runtime input.

That is precisely what a static analyser can determine. E.g. if you are reading a 4-byte length from a file, and using that to allocate memory which involves adding that length to some other constant, it will assume (unless told otherwise) that the length can be all 4G values and complain about the range of values which will overflow.

by userbinator

4/8/2026 at 7:26:51 AM

Why hasn't it then? The Linux kernel must be asking the most heavily-audited pieces of software in existence, and yet these bugs were still there.

by ascorbic

4/9/2026 at 6:33:16 AM

People find and report bugs in the kernel using static analysers all the time.

by userbinator

4/8/2026 at 12:52:23 AM

Just because the plane can fly on one engine doesn't mean you don't fix the other engine when it fails.

by ralph84

4/8/2026 at 4:06:50 AM

Except it didn't fail. You just looked at the left engine and said what if I fed it mashed potatoes instead of fuel. And then dropped the mic and left the room.

by therein

4/8/2026 at 7:30:19 AM

It's more like finding a way to shut down the engine but only if there was a movie in the entertainment system than was longer than 5 hours. You can't exploit it now, and probably never will, but it's a risk that's sitting there that I'm sure you agree should be fixed

by ascorbic

4/8/2026 at 12:46:46 AM

Presumably they mean they could make user code trigger a write out of bounds to kernel memory, but they couldn’t figure out how to escalate privileges in a “useful” way.

by sophiebits

4/8/2026 at 12:53:35 AM

They should show this then to demonstrate that it's not something that has already been fully considered. Running LLMs over projects that I'm very familiar with will almost always have the LLM report hundreds of "vulnerabilities" that are only valid if you look at a tiny snippet of code in isolation because the program can simply never be in the state that would make those vulnerabilities exploitable. This even happens in formally verified code where there's literally proven preconditions on subprograms that show a given state can never be achieved.

As an example, I have taken a formally verified bit of code from [1] and stripped out all the assertions, which are only used to prove the code is valid. I then gave this code to Claude with some prompting towards there being a buffer overflow and it told me there's a buffer overflow. I don't have access to Opus right now, but I'm sure it would do the same thing if you push it in that direction.

For anyone wondering about this alleged vulnerability: Natural is defined by the standard as a subtype of Integer, so what Claude is saying is simply nonsense. Even if a compiler is allowed to use a different representation here (which I think is disallowed), Ada guarantees that the base type for a non-modular integer includes negative numbers IIRC.

[1]: https://github.com/AdaCore/program_proofs_in_spark/blob/fsf/...

[2]: https://claude.ai/share/88d5973a-1fab-4adf-8d29-8a922c5ac93a

by LiamPowell

4/8/2026 at 3:49:16 AM

They've promised that they will show this once the responsible disclosure period expires, and pre-published SHA3 hashes for (among others) four of the Linux kernel disclosures they'll make.

> Running LLMs over projects that I'm very familiar with will almost always have the LLM report hundreds of "vulnerabilities" that are only valid if you look at a tiny snippet of code in isolation because the program can simply never be in the state that would make those vulnerabilities exploitable.

Their OpenBSD bug shows why this is not so simple. (We should note of course that this is an example they've specifically chosen to present as their first deep dive, and so it may be non-representative.)

> Mythos Preview then found a second bug. If a single SACK block simultaneously deletes the only hole in the list and also triggers the append-a-new-hole path, the append writes through a pointer that is now NULL—the walk just freed the only node and left nothing behind to link onto. This codepath is normally unreachable, because hitting it requires a SACK block whose start is simultaneously at or below the hole's start (so the hole gets deleted) and strictly above the highest byte previously acknowledged (so the append check fires).

Do you think you would be able to identify, in a routine code review or vulnerability analysis with nothing to prompt your focus on this particular paragraph, how this normally unreachable codepath enables a DoS exploit?

by SpicyLemonZest

4/8/2026 at 3:56:39 AM

I agree they found at least some real vulnerabilities. What I think is nonsense is the claim of finding thousands of real critical vulnerabilities and claims that they've found other Linux vulnerabilities that they simply can't exploit.

There are notably no SHA-3 sums for all their out-of-bound write Linux vulnerabilities, which would be the most interesting ones.

by LiamPowell

4/8/2026 at 4:00:09 AM

Sure. I guess it's a question of whether this is the worst they found or a representative case among thousands. It sounds like you'd know better than me, so I'm going to provisionally hope you're right...

by SpicyLemonZest

4/8/2026 at 4:23:52 AM

Why is that nonsense? Do you think they exhausted all their compute finding just the few big vulnerabilities they've already discussed, and don't have a budget to just keep cranking the machine to generate more?

They're not publishing SHAs for things that aren't confirmed vulnerabilities. They're doing exactly the thing you'd want them to do: they claim to have vulnerabilities when they have actual vulnerabilities.

by tptacek

4/8/2026 at 4:36:04 AM

If I understand Anthropic's statements correctly, they've been cranking for a while, and what they have now is the results of Mythos-enabled vulnerability scans on every important piece of software they could find. (I do want to acknowledge how crazy it is that "vulnerability scan all important software repos in the world" is even an operation that can be performed.)

by SpicyLemonZest

4/8/2026 at 4:44:52 AM

We talked to Nicholas Carlini on SCW and did not at all get the impression that they've hit everything they can possibly hit. They're still proving the concept one target at a time, last I heard.

by tptacek

4/8/2026 at 4:56:58 PM

which statement, specifically, led you to interpret this claim?

by 0123456789ABCDE

4/8/2026 at 5:15:28 PM

> Over the past few weeks, we have used Claude Mythos Preview to identify thousands of zero-day vulnerabilities (that is, flaws that were previously unknown to the software’s developers), many of them critical, in every major operating system and every major web browser, along with a range of other important pieces of software.

They don’t explicitly rule out, I suppose, that these were only limited partial scans they did to find the vulnerabilities. But I don’t know why they’d do it that way, it’s not like they don’t have the resources to scan the entire Linux kernel.

by SpicyLemonZest

4/8/2026 at 5:34:02 PM

i was trying to map "vulnerability scan all important software repos in the world" to an actual quote on their writing, but "every major operating system and every major web browser, along with a range of other important pieces of software" is not the same.

by 0123456789ABCDE

4/8/2026 at 5:40:21 PM

Important to understand it's not one-and-done; you can't "Mythos" Chrome and then put a checkmark next to it. It's a continuous process.

by tptacek

4/8/2026 at 5:46:53 PM

Can't you? My understanding is that that's exactly how security scans usually work - you run an analysis, find all the vulnerabilities, and then the continuous process is only there to check against the introduction of new vulnerabilities. Is that not the right mental model?

by SpicyLemonZest

4/8/2026 at 6:19:17 PM

No, you cannot.

(A "security scanner" is a one-and-done proposition because it's deterministic and is going to find what it finds the first time you run and nothing more. But a software security assessment project you run every year on the same target with different teams will turn up different stuff every year. I'm at pains to remind people how totally lame source code security scanners are. People keep saying "static analyzers already do this" and like, nobody in security takes those tools seriously.)

by tptacek

4/8/2026 at 7:28:01 PM

Interesting. Thanks for the info, I’m going to have to read up on this at some point.

by SpicyLemonZest

4/8/2026 at 2:18:36 AM

Kernel address space layout randomization they are talking about is a bit different than (x != null). Other bug may allow to locate the required address.

by red75prime

4/8/2026 at 1:10:24 AM

It could very well be an actual reachable buffer overflow, but with KASLR, canaries, CET and other security measures, it's hard to exploit it in a way that doesn't immediately crash the system.

by MatejKafka

4/8/2026 at 3:03:01 AM

We've very quickly reached the point where AI models are now too dangerous to publicly release, and HN users are still trying to trivialize the situation.

by bottlepalm

4/8/2026 at 4:56:34 AM

GPT-2 was already too dangerous to publicly release according to OpenAI, however they still did. If something is not dangerous, it's also not useful.

by orbital-decay

4/8/2026 at 3:24:27 AM

Are they actually too dangerous to publicly release? It seems like a little bit of marketing from the model-producing companies to raise more funding. It's important to look at who specifically is making that statement and what their incentives are. There are hundreds of billions of dollars poured into this thing at this point.

by camdenreslink

4/8/2026 at 3:29:57 AM

You really think some marketers got leaders from companies across the industry to come together to make a video - and they're all in on the conspiracy because money?

by bottlepalm

4/8/2026 at 7:49:02 AM

How is that even remotely implausible?

by Toutouxc

4/8/2026 at 2:51:31 PM

It’s a lot more implausible than a really smart model that fits the trend line of models getting smarter perfectly.

Why is everyone here trying to invent conspiracies to explain the obvious? Actually I do know why - cope.

by bottlepalm

4/8/2026 at 8:57:45 AM

That’s literally exactly the kind of thing marketing does, and has been doing for a very long time. Did you just arrive on earth from outer space or something?

by theshackleford

4/8/2026 at 4:08:43 AM

Yeah

by wonderfulcheese

4/8/2026 at 1:17:09 PM

Yes? Saying "conspiracy" is overstating things. A company can make a marketing push overselling their product and then have exclusive corporate partners that benefit from being associated with that marketing. That just seems like normal business that happens every day, and being skeptical of marketing messages should be your default position.

by camdenreslink

4/8/2026 at 4:30:10 AM

Says the marketing department of the company who is apparently still working on these AI models and will 100% release them to the public when their competitive advantage slips.

by slopinthebag

4/8/2026 at 5:21:08 AM

Marketing pushing to release a dangerous model is a lot more likely than marketing labeling a model of dangerous when it really isn't. If anything marketing would want to downplay the danger of a model being dangerous which is the opposite of what Anthropic is doing.

Everyone here doing mental gymnastics to imagine Anthropic playing 5-D chess because they're in denial of what is happening in front of their faces. AI is getting more capable/dangerous - it's not surprising to anyone. The trendlines have pointed in this direction for years now and we're right on schedule.

by bottlepalm

4/8/2026 at 6:51:07 PM

[dead]

by 8593376393

4/8/2026 at 3:09:20 AM

[dead]

by mxksidoel

4/8/2026 at 2:31:48 AM

> The model autonomously found and chained together several vulnerabilities in the Linux kernel—the software that runs most of the world’s servers—to allow an attacker to escalate from ordinary user access to complete control of the machine.

by rootkea

4/8/2026 at 5:05:06 AM

I'm confused on this point. The text you quote implies that they were able to build an exploit, but the text quoted in the parent comment implies that they were not.

What were they actually able to do and not do? I got confused by this when reading the article as well.

by qnleigh

4/8/2026 at 6:56:04 AM

They successfully built local privilege escalation exploits (from several bugs each), and found other remotely-accessible bugs, but were not able chain their remote bugs to make remotely-accessible exploits.

by HALtheWise

4/8/2026 at 8:46:02 AM

Because a vulnerability exists independently from the exploit. It’s a basic tenet of the current cybersecurity paradigm, that any IT related engineer should know about…

by khalic

4/8/2026 at 1:24:43 AM

Is this code multithreaded? X could indeed be null, in that case.

by danielheath

4/8/2026 at 4:28:34 AM

It's incredible how when you have experienced and knowledgable software engineers analyse these marketing claims, they turn out to be full of holes. Yet at the same time, apparently "AI" will be writing all the code in the next 3-6 months.

by slopinthebag

4/8/2026 at 2:06:07 AM

That example you gave is extremely memorable as I recognised it as exactly one of the insanely stupid false positives that a highly praised (and expensive) static analyser I ran on a codebase several years ago would emit copiously.

by userbinator

4/8/2026 at 8:42:39 PM

Time to adopt Ada and SPARK.

by azulith

4/8/2026 at 12:58:13 AM

I agree. There are more blogs talking about LLM findings vulnerabilities than there are actual exploitable vulns found by LLMs. 99.9% of these vulnerabilities will never have a PoC because they are worthless unexploitable slop and a waste of everyone's time.

by deadliftdouche

4/8/2026 at 4:24:57 AM

The voting patterns on the comments here show how they're even trying to hide it, but the truth is clear as night and day.

by userbinator

4/8/2026 at 2:51:05 AM

I think the point they were trying to make here was “Claude did better than a fuzzer because it found a bunch of OOB writes and was able to tell us they weren’t RCE,” not “Claude is awesome because it found a bunch of unreachable OOB writes.”

by bri3d

4/7/2026 at 7:23:05 PM

Must be nice to be in a position to sell both disease and cure.

by josh-sematic

4/7/2026 at 7:49:30 PM

That's exactly not what they're doing. They aren't creating operating system vulnerabilities. They're telling you about ones that already existed.

by tptacek

4/7/2026 at 8:07:57 PM

Well, in a slightly indirect manner. Claude is writing a ton of code, and therefore creating a lot of security vulnerabilities.

by conradkay

4/7/2026 at 8:10:45 PM

That's not what's happening here. This announcement is about the velocity with which Claude finds vulnerabilities in already-existing software.

by tptacek

4/7/2026 at 9:15:13 PM

Software already exists that has been written by Claude. They absolutely are selling the means to write software, and the means to securing the insecure software. At least for the time being. In the future Mythos will probably just make it possible to prompt good software from the start.

by buzzerbetrayed

4/7/2026 at 9:41:04 PM

Ok. But mostly its entirely the old software, not the new software, that the bugs are being found in.

by stale2002

4/8/2026 at 12:26:01 AM

Maybe because there’s no critical and widely used software written by LLMs so far? Which says a lot about LLMs are failing to even approach the level of capabilities you would expect from all the hype? The goal has always been, even before LLMs, to find something smarter than our smarter humans. So far the success at that is really minuscule. Humans are still the benchmark, all things considered. Now they’re saying LLMs are going to be better than our best vulnerability researchers in a few months (literally what an Anthropic researcher said in a conference). Ok, that might happen. But the funny part is that the LLMs will definitely be the ones writing most of these vulnerabilities. So, to hedge against LLMs you must use LLMs. And that is gonna cost you more.

by pilgrim0

4/8/2026 at 1:03:32 AM

So today, most of the vulnerabilities being found by these tools are in code written by humans. Your hypothesis is that down the road, most of the vulnerabilities will be in code written by LLMs.

What seems more probable is that the same advances that LLMs are shipping to find vulnerabilities will end up baked into developer tooling. So you'll be writing code and using an LLM that knows how to write secure code.

by akerl_

4/8/2026 at 12:08:52 AM

I don't think claude wrote openbsd but to be honest that was before my time so I'm not sure

by FergusArgyll

4/8/2026 at 3:56:49 PM

If it’s very good at finding security vulnerabilities, I would assume that the code it generates is much more hardened than anything your average developer can put out.

by dyauspitr

4/7/2026 at 11:29:05 PM

Mythos aside, frontier LLMs can already be used to find exploits at faster pace than humans alone. Whether that knowledge gets used to patch them or exploit them is dependent on the user. Cybersecurity has always been an arms race and LLMs are rapidly becoming powerful arms. Whether they like it or not LLM providers are now important dealers in that arms race. I appreciate Anthropic trying to give “good guys” a leg up (if that is indeed their real main motivation which I do find credible but not certain). But it’s still a scary world we’re entering and I doubt the fierce competition will leave all labs acting benevolently.

by josh-sematic

4/7/2026 at 9:19:55 PM

Dario is big on beating china, and no doubt he believes cyber security is how to do that. You can tell, but anthropic is sht at everything else. Nobody uses it for real research.

by blazespin

4/7/2026 at 7:47:43 PM

Yeah, I'd pretty pissed at my doctor for finding cancerous cells that probably wouldn't have been a problem for quite some time, either. Ignorance is bliss, security through obscurity, whatever.

by supern0va

4/8/2026 at 7:43:54 AM

You may joke, but this is a genuine issue in certain screening tests. e.g. most cancerous cells found in PSA prostate screening are so slow growing that they never cause any symptoms during a person's lifetime, so the treatment is almost always worse than the disease. It's similar for some sorts of thyroid and breast cancer tests. This is why a lot of countries are heavily reducing these sort of tests

by ascorbic

4/7/2026 at 10:51:29 PM

The doctor analogy is more like you're grateful that your doctor found cancerous cells before they became a problem, but at the same time his other business is selling cigarettes.

by tredre3

4/8/2026 at 1:12:50 AM

I chuckle every time <insert any LLM company here> says something in line of "the model is so good that we won't release it to general public, ekhm, because safety".

Because the exact same thing has been said on every single upcoming model since GPT 3.5.

At this point, this must be an inside joke to do this just because.

by gck1

4/8/2026 at 4:23:46 AM

This how Anthropic is marketing their AI releases and the reality is, they are terrified of local AI models competing against them.

Almost everyone on this thread is falling for the same trick they are pulling and not asking why are their benchmarks and research after training new models not independently verified but always internal to the company.

So it is just marketing wrapped around creating fear to get local AI models banned.

by rvz

4/8/2026 at 4:45:11 AM

Yep, this is exactly it. Open source models and especially ones that run locally are catching up and it's literally an existential threat to these companies. Local models are now quite useful (Qwen, Gemma) and open weight models running on cheaper clouds are perfectly sufficient for use by responsible software engineers to use for building software. You can take your pick of Kimi 2.5, GLM 5.1, and the soon to be released Deepseek 4 which might end up above Opus levels as it stands for a fifth of the cost. Anthropic is particularly vulnerable here, since their entire marketshare rests on the developer market. There is a reason why Google for example, is not so concerned with this and is perfectly happy releasing open models which cut into their own marketshare, and to a lesser extend, same with OpenAI. Anthropic has bet the house on software development which is why we see increasing desperation to both lobby for regulation on open/local models and to wall off their coding harness and subscription plans.

by slopinthebag

4/8/2026 at 4:40:21 AM

The disbelief in this thread is wild. Most of yall are cooked if you think this is actually the case.

by solenoid0937

4/8/2026 at 4:47:44 AM

The only people who are "cooked" are those who rely on SOTA models to function in their jobs, and companies who are desperate to regulate open / local models to maintain their marketshare.

by slopinthebag

4/8/2026 at 4:57:49 AM

If you aren't relying on a SOTA model to do your job, you aren't doing your job right (and are cooked.)

by solenoid0937

4/8/2026 at 7:51:28 AM

Did a LLM tell you that?

by Overpower0416

4/8/2026 at 3:33:16 PM

common sense and interviewing around did. no one wants to hire someone that is not AI native anymore, unless you are looking at positions that pay peanuts

by solenoid0937

4/8/2026 at 5:49:27 PM

I guess if you get fed the same thing over and over it becomes the truth. This is what happens when you outsource critical thinking to AI

by Overpower0416

4/8/2026 at 6:26:22 AM

How are you preparing?

by brcmthrowaway

4/8/2026 at 5:07:02 AM

Whatever helps you sleep at night kiddo

by slopinthebag

4/8/2026 at 9:04:24 AM

If you projected any harder I could point you at a wall and charge admission.

by theshackleford

4/8/2026 at 4:51:25 PM

Thats pretty funny actually, but I'm not the one going around telling everyone they're cooked if they don't adopt my expensive workflow which disenfranchises myself from my work and makes me more replaceable.

by slopinthebag

4/7/2026 at 6:31:06 PM

>>> the US and its allies must maintain a decisive lead in AI technology. Governments have an essential role to play in helping maintain that lead, and in both assessing and mitigating the national security risks associated with AI models. We are ready to work with local, state, and federal representatives to assist in these tasks.

How long would it take to turn a defensive mechanism into an offensive one?

by agrishin

4/7/2026 at 7:11:03 PM

In this case there is almost no distinction. Assuming the model is as powerful as claimed, someone with access to the weights could do immense damage without additional significant R&D.

by SheinhardtWigCo

4/7/2026 at 9:30:49 PM

Yes, I can see this as non releasable for national security reasons in the China geopolitical competition. Securing our software against threats while having immense infiltration ability against enemy cyber security targets....not to mention, the ability to implant new, but even more subtle vulnerabilities into open software not generally detectable by current AI to provide covert action.

by SubiculumCode

4/7/2026 at 8:04:34 PM

Which will eventually happen no matter what. That's why it's important to start preparing now.

by SuperHeavy256

4/7/2026 at 9:05:04 PM

I think this is bad news for hackers, spyware companies and malware in general.

We all knew vulnerabilities exist, many are known and kept secret to be used at an appropriate time.

There is a whole market for them, but more importantly large teams in North Korea, Russia, China, Israel and everyone else who are jealously harvesting them.

Automation will considerably devalue and neuter this attack vector. Of course this is not the end of the story and we've seen how supply chain attacks can inject new vulnerabilities without being detected.

I believe automation can help here too, and we may end-up with a considerably stronger and reliable software stack.

by stephc_int13

4/7/2026 at 9:09:29 PM

I don't think it matters one way or the other to your thesis but I'm skeptical that state-level CNE organizations were hoarding vulnerabilities before; my understanding is that at least on the NATO side of the board they were all basically carefully managing an enablement pipeline that would have put them N deep into reliable exploit packages, for some surprisingly small N. There are a bunch of little reasons why the economics of hoarding aren't all that great.

by tptacek

4/7/2026 at 10:05:09 PM

The economics would be different in say, North Korea, don't you think?

by stephc_int13

4/7/2026 at 10:43:30 PM

Why? What do you mean?

by tptacek

4/8/2026 at 4:25:33 AM

He really believes that exploits come out of North Korea (as per Daily Post reporting), not from other countries

by postsantum

4/8/2026 at 5:54:39 AM

North Korea uses a lot more them specifically to generate revenue.

by kortilla

4/7/2026 at 6:38:33 PM

> Anthropic has also been in ongoing discussions with US government officials about Claude Mythos Preview and its offensive and defensive cyber capabilities. [...] We are ready to work with local, state, and federal representatives to assist in these tasks.

As Iran engages in a cyber attack campaign [1] today the timing of this release seems poignant. A direct challenge to their supply chain risk designation.

[1] https://www.cisa.gov/news-events/cybersecurity-advisories/aa...

by picafrost

4/7/2026 at 6:27:15 PM

Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser.

Scary but also cool

by zachperkel

4/7/2026 at 7:32:26 PM

Every piece of software definitely has serious vulnerabilities, perfection is not achievable. Fortunately we have another approach to security: security through compartmentalization. See: https://qubes-os.org

by fsflover

4/7/2026 at 10:37:18 PM

Once you get the compartmentalization working well, and “all” of the vulnerabilities are out of it too, of course…

But even then you’ll have users putting things in the same compartment for convenience, rather than leaving them properly sequestered.

by syndeo

4/8/2026 at 1:10:40 PM

> and “all” of the vulnerabilities are out of it too

This is a good point; however the isolating code should be much smaller and easier to verify.

by fsflover

4/7/2026 at 11:13:02 PM

Did someone actually go through all of those and check if they are high-severity or did the AI just tell them that?

by ex-aws-dude

4/8/2026 at 4:15:20 AM

They mention that they have humans review the most crticial bugs before sending it to the maintainers in their dev blog.

by DiffTheEnder

4/7/2026 at 7:37:13 PM

Or more likely, its just an exaggeration or lie.

by dakolli

4/8/2026 at 2:34:03 AM

What evidence makes you say that? Do you have insider info?

by pertymcpert

4/8/2026 at 5:33:21 AM

Neither party provided the evidence. I wonder why people like to take the side of the optimistic.

by nicce

4/9/2026 at 1:29:45 PM

What evidence do we have that it is true?

by muddi900

4/12/2026 at 8:44:21 AM

I don't need any. I'm not making the claim that it's "most likely a lie".

by pertymcpert

4/8/2026 at 12:46:39 AM

Yes I'm sure this is all a massive conspiracy by the many companies that are making statements alongside Anthropic

by solenoid0937

4/9/2026 at 8:19:47 PM

pssst. It is. They all have the same investors and customers to please.

by dakolli

4/8/2026 at 2:24:27 AM

[dead]

by rainbow13

4/7/2026 at 10:26:16 PM

I think this is a largely inflated PR stunt.

Opus 4.6 was already capable of finding 0days and chaining together vulns to create exploits. See [0] and [1].

[0] https://www.csoonline.com/article/4153288/vim-and-gnu-emacs-...

[1] https://xbow.com/blog/top-1-how-xbow-did-it

by meander_water

4/8/2026 at 12:31:30 AM

Absolutely not a PR stunt, talk to one of your friends working at partner companies with access to the model

by solenoid0937

4/8/2026 at 5:34:15 AM

I’m in the same boat as you. I believe the model is an improvement of course but I’ve been successfully bug finding 0 day hunting and red teaming with models for the last two years and while that’s impressive I have a feeling that this doomsaying/overhype is mostly marketing being that’s being amplified by non-security folks.

by ofjcihen

4/8/2026 at 8:45:22 AM

I don't see why you think this evidence makes this release less likely to be real, rather than more. It's a pretty straightforward scenario: Opus is already good at finding vulns, they scaled it up another OOM, they got something which is good enough at finding vulns to be a major threat.

by stratos123

4/8/2026 at 11:04:01 AM

I think you misunderstood, I do think it's real. I just think they're being disingenuous that this is a new threat. This is the same company that reported that their models were being used by a state actor to perform exploits in real-time - https://www.anthropic.com/news/disrupting-AI-espionage

They know how to run a good marketing campaign.

by meander_water

4/8/2026 at 2:29:34 AM

Did you read the article?

by pertymcpert

4/7/2026 at 6:19:54 PM

Pricing for Mythos Preview is $25/$125, so cheaper than GPT 4.5 ($75/$150) and GPT 5.4 Pro ($30/$180)

by Ryan5453

4/7/2026 at 7:25:54 PM

For comparison, 5x the cost of Opus 4.6, and 1.67x for Opus 4.1

I think this would be very heavily used if they released it, completely unlike GPT 4.5

by conradkay

4/7/2026 at 8:10:49 PM

Opus 4 & 4.1 are still on Vertex+Bedrock @ $75/1mm out. They were used very heavily and in my subjective opinion are better than 4.5 and 4.6.

by adi_kurian

4/7/2026 at 9:09:41 PM

Interesting, what makes them better to you?

by breakingcups

4/8/2026 at 1:01:48 AM

Opus 4, with enough context, could do most all I wanted in a single shot. More often than not, when I had a bad outcome and was frustrated I would realize that I was the problem (in giving improper direction or missing key context).

I also was in a pretty sweet position having a boat load of credits and premo vertex rate limits so I could 'afford' to dump hundreds of thousands of tokens in context all day.

With Opus 4.5 and 4.6, I find I have to steer very actively.

This is comparing using Opus 4 directly rather than comparing the performance of the models in Claude Code for example, or any 'agentic' setup.

Kinda reminds me of 4o vs 4-turbo.

I would imagine they are smaller models.

by adi_kurian

4/7/2026 at 6:26:36 PM

Where did you get that from?

From TFA:

> We do not plan to make Claude Mythos Preview generally available

by cassianoleal

4/7/2026 at 6:27:48 PM

From the article:

> Anthropic’s commitment of $100M in model usage credits to Project Glasswing and additional participants will cover substantial usage throughout this research preview. Afterward, Claude Mythos Preview will be available to participants at $25/$125 per million input/output tokens (participants can access the model on the Claude API, Amazon Bedrock, Google Cloud’s Vertex AI, and Microsoft Foundry).

by Tiberium

4/7/2026 at 6:48:37 PM

Key point: available to participants.

by underdeserver

4/7/2026 at 7:26:26 PM

permanent underclass has arrived :(

by conradkay

4/7/2026 at 11:33:26 PM

give it a couple months

by philipwhiuk

4/7/2026 at 6:30:28 PM

Part of me wonders if they're not releasing it for safety reasons, but just because it's too expensive to serve. Why not both?

by taupi

4/8/2026 at 4:05:57 AM

I don't think they have the infra to support the demand. Anthropic can't keep up with the demand from OpenClaw users, they won't be able to keep up with public demand for something like Mythos.

by wyre

4/7/2026 at 7:42:15 PM

If these numbers are correct it’s probably worth the extra price

by coffeebeqn

4/7/2026 at 9:31:40 PM

I'm sure it'll be better than Opus 4.6, but so much of this seems hype. Escaping its sandbox, having to do "brain scans" because it's "hiding its true intent", bla bla bla.

If it manages to work on my java project for an entire day without me having to say "fix FQN" 5 times a day I'll be surprised.

by skerit

4/7/2026 at 8:24:53 PM

Related ongoing threads:

System Card: Claude Mythos Preview [pdf] - https://news.ycombinator.com/item?id=47679258

Assessing Claude Mythos Preview's cybersecurity capabilities - https://news.ycombinator.com/item?id=47679155

I can't tell which of the 3 current threads should be merged - they all seem significant. Anyone?

by dang

4/7/2026 at 8:44:11 PM

Let them all live. This is going to blow up one thread if you merge them.

by aurareturn

4/7/2026 at 8:30:18 PM

I think merging them into either this thread, or the System Card makes the most sense to me.

by HPMOR

4/10/2026 at 1:48:47 PM

interesting thing nobody mentioned here, AISLE tested the same showcase vulns with open models this week. 8 out of 8 found the FreeBSD zero-day including a 3B model. a 5B model got the full OpenBSD chain in one call. the "gated for safety" framing looks different when a $0.11/M token model recovers the same analysis. the moat isn't the model, its the scaffolding.

https://aisle.com/blog/ai-cybersecurity-after-mythos-the-jag...

by riteshkew1001

4/7/2026 at 7:34:25 PM

I guess we can throw out the idea that AGI is going to be democratized. In this case a sufficiently powerful model has been built and the first thing they do is only give AWS, Microsoft, Oracle ect ect access.

If AGI is going to be a thing its only going to be a thing, its only going to be a thing for fortune 100 companies..

However, my guess is this is mostly the typical scare tactic marketing that Dario loves to push about the dangers of AI.

by dakolli

4/7/2026 at 7:51:31 PM

>However, my guess is this is mostly the typical scare tactic marketing that Dario loves to push about the dangers of AI.

Evaluate it yourself. Look at the exploits it discovered and decide whether you want to feel concerned that a new model was able to do that. The data is right there.

by supern0va

4/8/2026 at 12:58:53 AM

Well, Yes.

The research and testing of the model is always exclusively by their own model authors, meaning that it is not independent or verifiable and they want us to take their word for it, which we cannot - as they have an axe to grind against open weight models.

This is marketing wrapped around a biased research paper.

by rvz

4/7/2026 at 9:17:36 PM

The plan of Elon Musk for Macrohard is to replace all software companies with it, when they get AGI.

by dist-epoch

4/8/2026 at 12:26:06 AM

Thankfully he will be long dead before that happens. But of course that's his goal. Elon despises expensive engineers, and he yearns to get revenge for them costing him so much money over the years by replacing them.

A tech billionaires biggest expensive has been his engineering line-item. They resent the workers who've collected a large percentage of their potential profits over the years, its their driving motivation, to crush all labor.

by dakolli

4/7/2026 at 6:39:51 PM

>We plan to launch new safeguards with an upcoming Claude Opus model, allowing us to improve and refine them with a model that does not pose the same level of risk as Mythos Preview2.

This seems like the real news. Are they saying they're going to release an intentionally degraded model as the next Opus? Big opportunity for the other labs, if that's true.

by Miraste

4/7/2026 at 8:41:27 PM

The other labs already censor their models. Everyone is trying to find the sweet spot where performance and ‘alignment’ are both maximized. This seems no different

by SheinhardtWigCo

4/7/2026 at 8:31:24 PM

> Big opportunity for the other labs, if that's true.

It sounds like this is considered military grade technology as cryptography in the 90s. The big difference is it's very expensive to create, and run those models. It's not about the algorithm. If the story rhymes it could be a big opportunity to other regions in the world.

by wslh

4/7/2026 at 7:55:09 PM

Well since Anthropic treats us as second class evil citizens, I guess they don't want our evil money either.

by zb3

4/7/2026 at 8:08:03 PM

Can anyone point at the critical vulnerabilities already patched as a result of mythos? (see 3:52 in the video)

For example, the 27 year old openbsd remote crash bug, or the Linux privilege escalation bugs?

I know we've had some long-standing high profile, LLM-found bugs discussed but seems unlikely there was speculation they were found by a previously unannounced frontier model.

[0] https://www.youtube.com/watch?v=INGOC6-LLv0

by bredren

4/7/2026 at 8:25:09 PM

- The OpenBSD one is 'TCP packets with invalid SACK options could crash the kernel' https://cdn.openbsd.org/pub/OpenBSD/patches/7.8/common/025_s...

- One (patched) Linux kernel bug is 'UaF when sys_futex_requeue() is used with different flags' https://github.com/torvalds/linux/commit/e2f78c7ec1655fedd94...

These links are from the more-detailed 'Assessing Claude Mythos Preview’s cybersecurity capabilities' post released today https://red.anthropic.com/2026/mythos-preview/, which includes more detail on some of the public/fixed issues (like the OpenBSD one) as well as hashes for several unreleased reports and PoCs.

by ollin

4/7/2026 at 9:04:25 PM

That OpenBSD one is exactly the kind of bug that easily slips past a human. Especially as the code worked perfectly under regular circumstances.

Looks like they've been approaching folks with their findings for at least a few weeks before this article.

by qingcharles

4/8/2026 at 5:57:04 AM

While not entirely unrelated, Linux also had a remote SACK issue ~ 6 years back.

So if this Mythos is just an expensive combination of better RL and the original source material, that should hopefully point out where we might see an uptick in work ( as opposed to a novel class of attack vectors).

by NickJLange

4/7/2026 at 9:05:21 PM

I buy the rationale for this. There's been a notable uptick over the past couple of weeks of credible security experts unrelated to Anthropic calling the alarm on the recent influx of actually valuable AI-assisted vulnerability reports.

From Willy Tarreau, lead developer of HA Proxy: https://lwn.net/Articles/1065620/

> On the kernel security list we've seen a huge bump of reports. We were between 2 and 3 per week maybe two years ago, then reached probably 10 a week over the last year with the only difference being only AI slop, and now since the beginning of the year we're around 5-10 per day depending on the days (fridays and tuesdays seem the worst). Now most of these reports are correct, to the point that we had to bring in more maintainers to help us.

> And we're now seeing on a daily basis something that never happened before: duplicate reports, or the same bug found by two different people using (possibly slightly) different tools.

From Daniel Stenberg of curl: https://mastodon.social/@bagder/116336957584445742

> The challenge with AI in open source security has transitioned from an AI slop tsunami into more of a ... plain security report tsunami. Less slop but lots of reports. Many of them really good.

> I'm spending hours per day on this now. It's intense.

From Greg Kroah-Hartman, Linux kernel maintainer: https://www.theregister.com/2026/03/26/greg_kroahhartman_ai_...

> Months ago, we were getting what we called 'AI slop,' AI-generated security reports that were obviously wrong or low quality. It was kind of funny. It didn't really worry us.

> Something happened a month ago, and the world switched. Now we have real reports. All open source projects have real reports that are made with AI, but they're good, and they're real.

Shared some more notes on my blog here: https://simonwillison.net/2026/Apr/7/project-glasswing/

by simonw

4/8/2026 at 5:38:46 AM

Could this potentially be because more researches are becoming accustomed to the tools/adding them in their pipelines?

The reason I ask is because I’ve been using them to snag bounties to great effect for quite a while and while other models have of course improved they’ve been useful for this kind of work before now.

by ofjcihen

4/7/2026 at 7:52:21 PM

Interesting also is what they didn't find, e.g. a Linux network stack remote code execution vulnerability. I wonder if Mythos is good enough that there really isn't one.

by underdeserver

4/7/2026 at 7:36:03 PM

I don't want to be overly cynical and am in general in favor of the contrarian attitude of simply taking people at their word, but I wonder if their current struggles with compute resources make it easier for them to choose to not deploy Mythos widely. I can imagine their safety argument is real, but regardless, they might not have the resources to profitably deploy it. (Though on the other hand, you could argue that they could always simply charge more.)

by Sol-

4/7/2026 at 7:39:01 PM

I would have not believed your argument 3 months ago but I strongly suspect Anthropic actively engages in model quality throttling due to their compute constraints. Their recent deal for multi GWs worth of data center might help them correct their approach.

by rishabhaiover

4/7/2026 at 8:06:20 PM

For what it's worth Anthropic explicity denies that. "To state it plainly: We never reduce model quality due to demand, time of day, or server load"

Also can see https://marginlab.ai/trackers/claude-code/

It's very interesting to me how widespread this conception is. Maybe it's as simple as LLM productivity degrading over time within a project, as slop compounds.

Or more recently since they added a 1m context window, maybe people are more reckless with context usage

by conradkay

4/8/2026 at 1:07:50 AM

It has nothing to do with the context window. Reasoning brought measured approaches grounded with actual tool calls. All of that short-circuits into a quick fix approach that is unlike Opus-4.5 or 4.6. Sonnet-4.5 used to do that. My context window is always < 200K.

by rishabhaiover

4/8/2026 at 12:04:55 AM

That still leaves open the possibility that they reduce model quality due to profit. ;p

by irthomasthomas

4/8/2026 at 6:37:34 AM

Posted this a while ago:

>Models are not "degrading". They're not being "secretly quantized". And no one is swapping out your 1.2T frontier behemoth for a cheap 120B toy and hoping you wouldn't notice!

>It's just that humans are completely full of shit, and can't be trusted to measure LLM performance objectively!

>Every time you use an LLM, you learn its capability profile better. You start using it more aggressively at what it's "good" at, until you find the limits and expose the flaws. You start paying attention to the more subtle issues you overlooked at first. Your honeymoon period wears off and you see that "the model got dumber". It didn't. You got better at pushing it to its limits, exposing the ways in which it was always dumb.

>Now, will the likes of Anthropic just "API error: overloaded" you on any day of the week that ends in Y? Will they reduce your usage quotas and hope that you don't notice because they never gave you a number anyway? Oh, definitely. But that "they're making the models WORSE" bullshit lives in people's heads way more than in any reality.

by ACCount37

4/7/2026 at 7:42:31 PM

Inference is where they make the money they spend on training, so this feels unlikely. Perhaps this does not true for Mythos though

by wilson090

4/8/2026 at 4:17:29 PM

Few thoughts

1. Per the blog post[0]: "This was the most critical vulnerability we discovered in OpenBSD with Mythos Preview after a thousand runs through our scaffold. Across a thousand runs through our scaffold, the total cost was under $20,000 and found several dozen more findings"

Since they said it was patched, I tried to find the CVE, it looks like Mythos indeed found a 27 years old OpenBSD bug (fantastic), but it didn’t get a CVE and OpenBSD patched it and marked it as a reliability fix, am I missing something? [1]

2. From the same post, Anthropic red team decided to do a preview of their future responsible disclosure (is this a common practice?): "As we discuss below, we’re limited in what we can report here. Over 99% of the vulnerabilities we’ve found have not yet been patched" [0] So this is great, can't wait to see the actual CVEs, exploitability, likelihood, peer review, reproducibility, the kind of things the appsec community has been doing for at least the last 27 years since the CVE concept was introduced [2]

3. On the same day, an actual responsible disclosure, actual RCEs, actual CVEs, in Claude Code, that got discovered mostly because of the source code leak, I don't see anyone talking about it (you probably should upgrade your Claude Code though).

CVE-2026-35020 [3] CVE-2026-35021 [4] CVE-2026-35022 [5]

Not making any opinion, just thought it's worth sharing, for some perspective.

[0] https://red.anthropic.com/2026/mythos-preview/

[1] https://www.openbsd.org/errata78.html (look for 025)

[2] https://www.cve.org/Resources/General/Towards-a-Common-Enume...

[3] https://www.cve.org/CVERecord?id=CVE-2026-35020

[4] https://www.cve.org/CVERecord?id=CVE-2026-35021

[5] https://www.cve.org/CVERecord?id=CVE-2026-35022

Edit: if it was not obvious, these CVEs on Claude Code were found by an independent security researcher (Phoenix security) and not by Anthropic / Mythos.

by eranation

4/8/2026 at 5:36:47 PM

Now we have to wonder if they ran Mythos on their Calude source and it missed it or why they chose not to run it.

I do agree and wonder why that's not marked as security. In their security page [0] it says: > Since exploitability is not proven for many of the fixes we make, do not expect the relevant commit message to say "SECURITY FIX!".

Does that mean they considered it not to be exploitable?

[0] https://www.openbsd.org/security.html

by 6thbit

4/8/2026 at 5:42:06 PM

I really don't know, all I know is that usually when you find a critical vulnerability, and it's patched, it comes with a CVE, even a low one, that's the process for the past 27 years when the CVE program started (as old as the vulnerability itself it seems..) but maybe with AI-native, CVEs don't matter because everyone will just rewrite their clean room open source alternative (I wish this was a joke...)

by eranation

4/7/2026 at 8:39:44 PM

> On the global stage, state-sponsored attacks from actors like China, Iran, North Korea, and Russia have threatened to compromise the infrastructure that underpins both civilian life and military readiness.

AITA for thinking that PRISM was probably the state sponsored program affecting civilian life the most? And that one state is missing from the list here?

by rakel_rakel

4/7/2026 at 9:13:10 PM

> Large American AI company does not list the US as an adversarial actor

This is not a surprise or a gotcha.

by ronsor

4/7/2026 at 9:48:30 PM

Said company is literally in court against said government at the moment, after said government attempted to designate it too dangerous to do business with.

by jaidhyani

4/7/2026 at 11:33:20 PM

There are currently over 1,000 companies involved in lawsuits against the US government right now even if we restrict ourselves to just tariff lawsuits.

by da_chicken

4/8/2026 at 1:42:00 AM

And the government is attempting "corporate murder" on precisely one of them. Wanna guess which one?

by xvector

4/8/2026 at 1:48:18 PM

AFAIK Apple also "denied FBI to decrypt iPhone" while participating in PRISM

by u8080

4/8/2026 at 12:08:35 AM

I can think of two I’d add to the list. One was recently publicly denied access to Anthropics models and the other was busy exploding pagers.

by laweijfmvo

4/8/2026 at 2:53:20 AM

Not clear how an LLM is going to prevent a bomb from being put in a custom-built pager, or why Anthropic should object to Israel waging war against a militia whose goal it is to destroy that country.

by sequoia

4/8/2026 at 3:03:35 AM

Because they use LLMs to “intelligence-wash” targeting civilians, and murdered children by blowing up pagers in public areas (what you called “waging war against a militia”).

by kennywinker

4/7/2026 at 11:34:50 PM

> PRISM was probably the state sponsored program affecting civilian life the most?

No state-sponsored hacking affected Americans materially. I just don't think we were networked enough in the 2010s. The risk is higher now since we're in a more warmongering world. (Kompromat on a power-plant technician is a risk in peace. It means blackouts in war.)

The fact that Iran hasn't been able to do diddly squat in America should sink in the fact that they didn't compromise us. (EDIT: blep. I was wrong.)

by JumpCrisscross

4/7/2026 at 11:43:07 PM

Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure - https://www.cisa.gov/news-events/cybersecurity-advisories/aa... - April 7th, 2026

by toomuchtodo

4/7/2026 at 11:46:40 PM

Did they activate them to any noticeable effect?

by JumpCrisscross

4/7/2026 at 11:52:59 PM

To my knowledge, not yet. The attack surface in question is extensive, and in my opinion, targets are likely unprepared for a determined and sophisticated attacker.

https://www.politico.com/news/2026/04/07/iranian-hackers-ene...

by toomuchtodo

4/8/2026 at 12:18:53 AM

It's 2026, and these PLCs etc. are directly connected to the internet? I think that's the most surprising aspect here.

by itintheory

4/8/2026 at 12:25:12 AM

It doesn’t surprise me at all. Show me the incentives, and I’ll show you the outcome. Security is simply not valued, in many cases.

by toomuchtodo

4/8/2026 at 12:43:49 AM

>No state-sponsored hacking affected Americans materially.

Uh, what?

NotPetya was kind of a big deal.

by dralley

4/8/2026 at 1:07:21 AM

Not in the US. I had to look it up and I work in infrastructure software

by kortilla

4/7/2026 at 9:45:29 PM

The irony of that statement given the current circumstances

by parthdesai

4/7/2026 at 9:17:56 PM

How did PRISM affect civilian life?

by lobochrome

4/7/2026 at 9:49:47 PM

Honest question: how do state-sponsored attacks from China, Iran, North Korea, and Russia affect civilian life?

by itishappy

4/7/2026 at 10:00:37 PM

Presumably, those have influenced elections, though I guess it depends what you count as an attack.

Plenty of bots try to modify public opinion. Someone hacked the DNC in 2015/16, the result of which also alleged attempted manipulation in 2008:

https://en.wikipedia.org/wiki/Democratic_National_Committee_...

Since we (as old Rummy said) do not know what we do not know, we cannot be certain about the extent of cyber attacks and what they might have influenced, and may not know these things until discoveries decades later, if ever.

by simonsarris

4/7/2026 at 11:02:18 PM

Note the RNC was also hacked but the data was not leaked. Presumably used to influence the election and policies in other ways.

by conception

4/8/2026 at 1:45:18 AM

I believe the popular sentiment is that when they hacked the DNC they found a handful of things that would provide bad optics for the party. But the RNC? They found so much evidence of criminality that near to the entire party flipped positions on issues related to Russia. So we have 2x successful hacks, one of which yielded some bad press for the Dems, and yielded an entirely compromised party in the Repubs who now are being actively blackmailed.

by Henchman21

4/8/2026 at 1:32:01 AM

All of that applies equally to PRISM and any internal propaganda campaigns that was feeding into, no?

by lmm

4/7/2026 at 10:28:41 PM

Yes... they might have influenced elections and now, as a result, the world must cope with the Trump regime.

Let's now fool ourselves.... Trump is probably the best, most successful attempt at world de-stabilisation all those rogue states ever achieved.

by realo

4/7/2026 at 10:41:01 PM

Maybe Americans should take responsibility for electing a maniac as their President. In the end, the buck stops with Americans.

by Ar-Curunir

4/7/2026 at 11:11:57 PM

~1/3rd of US citizens voted for him. Don’t lump us all in.

by Forgeties79

4/7/2026 at 11:16:39 PM

Some of you are just guilty of negligence yes.

by philipwhiuk

4/7/2026 at 11:29:15 PM

Or maybe it's that our archaic system was designed so that some people's votes literally matter more than others, and more than half the country does not have a meaningful voice in our Federal elections.

by Atreiden

4/8/2026 at 12:41:35 AM

The number of people who can vote, but don't, is staggering.

by WarmWash

4/7/2026 at 11:32:24 PM

This is negligence with extra steps.

> more than half the country does not have a meaningful voice in our Federal elections

There is almost certainly an election on your ballot every time that is meaningful. Relinquishing that civic duty is how we get Trump. People to lazy, stupid or proud to vote absolutely bear responsibility for this mess.

by JumpCrisscross

4/8/2026 at 1:22:13 PM

I agree to an extent but I have a hard time blaming many in the LGBT community/supporters of Palestine for sitting out when Harris and co so thoroughly abandoned them in the general. They stood behind Biden in 2020 then watched as the democrats gave in on trans rights and did nothing to stop Israel’s campaign. Now they’re watching Newsome and folks gleefully accept trans erasure going into the mid terms/next election, so they’ve been validated in many ways.

Is it tactically sound? No. Is it what I did? No. But I’ve had enough conversations with folks that I get where they’re coming from, even if I thought it was the wrong decision.

by Forgeties79

4/8/2026 at 1:14:44 AM

I vote in local, state, and federal elections. I have volunteered with multiple campaigns and causes, and given substantial time/labor to the EFF. I have been harassed by Trump supporters while filming protests and other civic action. Please do not presume to know me.

I get you’re angry but you’re swinging at the wrong person.

by Forgeties79

4/8/2026 at 3:07:30 AM

It wasn’t personal.

by Scrapemist

4/8/2026 at 11:57:06 AM

You weren’t the commenter and either way it’s an unproductive blame game that doesn’t fix anything or help anyone.

by Forgeties79

4/8/2026 at 12:56:17 PM

Good. But the parent was blaming Trump on disinformation propaganda, and it is important to point out that the remaining 1/3-rd of the country is not some kind of idiot army that replaced their brains with FB propaganda. They voted for this actively.

Also, in a democracy you don't get to disavow 1/3rd of the population that didn't vote with you.

by Ar-Curunir

4/8/2026 at 1:16:47 PM

2/3rd’s* that didn’t vote with you.

by Forgeties79

4/8/2026 at 1:15:48 PM

Clearly you do, since Donald Trump has been aggressively doing this for his whole political career. I agree that it's a morally problematic thing to do, and it can be bad tactically depending on the situation. Practically, it does happen without consequences.

by amalcon

4/8/2026 at 1:46:07 AM

Not if the election was stolen. There was a smattering of evidence after the election but the speed with which is disappeared was truly something to behold.

by Henchman21

4/7/2026 at 11:10:42 PM

WannaCry massively affected the NHS.

by asib

4/8/2026 at 3:03:37 AM

century energy ransomware no?

by JackYoustra

4/8/2026 at 2:20:34 AM

Look, we have always been at war with EastAsia.

by neonstatic

4/7/2026 at 8:40:17 PM

[dead]

by wetpaws

4/8/2026 at 1:17:18 PM

This has all happened before, back in the day we has spinners and weavers, then we got the spinning Jenny(Engine) and this made thread so cheap we needed to speed up weaving = machine weavers(AKA automatic looms) and we had people who hated them.https://en.wikipedia.org/wiki/Luddite We all know how that ended up. We have an analogous hand task = coding versus coding machines. They will probably eliminate 80-95% of coding, as the spinners/weavers went away, but there remains a residual artisanal spinner/weaver industry that carries on at a lower pace. In a similar way this machine code will have the coupled ability to make some code and then test it in use with it's own AI in a repeated/recursive way to make/test/improve code at a rate 10,000 to 1 million times faster than a human. Each module can then be tested in millions of interactively monitired ways to find/fix/kill bad modules. It can also pentest in a similar manner, assaulting a system with a blizzard of attack/reset hits to find any bugs etc. Each assault that works might use a human or AI to trouble shoot. This is like the old armored night, once he was unhorsed the peasants would have at him with needles at his his joints/eyes unless his fellows save him = gone. So this might well reduce low end jobs, but they will still need high end coders to eliminate all flaws in the armor of your code. I might be simplistic, but I see a parallel in sub 5 nm chip design where the design machines have eliminated almost all of the old hand work.

by aurizon

4/8/2026 at 8:09:12 AM

You'd think with this "terrifying" powerful model of theirs they could have a few less red bars on their status page[1], but apparently the hyper-intelligence is only capable of pulling off uber-sophisticated cyber attacks and not making a frontend that doesn't shit itself constantly, curious.

[1] https://status.claude.com/

by sensanaty

4/8/2026 at 8:48:01 PM

One argument can be made that this is an issue of there simply not being enough compute in the world to meet the demand for claude's LLMs right now, and not really an issue with their infra setup or architecture.

by abhikjain360

4/7/2026 at 7:25:53 PM

The only thing reassuring is the Apache and Linux foundation setups. Lets hope this is not just an appeasing mention but more fundamental. If there are really models too dangerous to release to the public, companies like oracle, amazon and microsoft would absolutely use this exclusive power to not just fix their holes but to damage their competitors.

by jFriedensreich

4/7/2026 at 10:02:39 PM

This is pretty insane. A model so powerful they felt that releasing it would create a netsec tsunami if released publicly. AGI isn't here yet, but we don't need to get there for massive societal effects. How long will they hold off, especially as competitors are getting closer to their releases of equally powerful models?

by kristofferR

4/7/2026 at 10:40:19 PM

OpenAI did the same thing with GPT3 trying to scare people into thinking it would end the internet. OpenAI even reached out to someone who reproduced a weaker version of GPT3 and convinced him to change his mind about releasing it publicly due to how much "harm" it would cause.

These claims of how much harm the models will cause is always overblown.

by charcircuit

4/8/2026 at 4:48:41 AM

OpenAI is not Anthropic, these companies behave as polar opposites

by solenoid0937

4/8/2026 at 5:26:15 AM

Anthropic came out of OpenAI. The founding members of Anthropic worked on GPT3.

by charcircuit

4/8/2026 at 6:22:25 AM

Both your post and the parent post can be true.

by jader201

4/8/2026 at 2:38:33 AM

Sure, but the GPT3 thing was mostly hype without stuff to back it up. On the other hand - the reported numbers on specific benchmarks here are insane, I don't doubt that it will have a major impact if it actually is that much more powerful than Opus, and I'd doubt they'd outright lie about benchmark results.

by kristofferR

4/7/2026 at 7:36:21 PM

The bars have solid fill for Mythos and cross shaded for Opus 4.6. Makes the difference feel more than it actually is.

by Sateeshm

4/7/2026 at 8:14:01 PM

It's messed up that Anthropic simultaneously claims to be a public benefit copro and is also picking who gets to benefit from their newly enhanced cybersecurity capabilities. It means that the economic benefit is going to the existing industry heavyweights.

(And no, the Linux Foundation being in the list doesn't imply broad benefit to OSS. Linux Foundation has an agenda and will pick who benefits according to what is good for them.)

I think it would be net better for the public if they just made Mythos available to everyone.

by pizlonator

4/7/2026 at 8:32:15 PM

Releasing the model to bad actors at the same time as the major OS, browser, and security companies would be one idea. But some might consider that "messed up" too, whatever you mean by that. But in terms of acting in the public benefit, it seems consistent to work with companies that can make significant impact on users' security. The stated goal of Project Glasswing is to "secure the world's most critical software," not to be affirmative action for every wannabe out there.

by hector_vasquez

4/7/2026 at 8:33:15 PM

I don't trust a corpo to choose what is "most critical".

That's what's messed up about it.

by pizlonator

4/7/2026 at 8:46:15 PM

That is a fine stance to hold but some facts are still true regardless of your view on large businesses.

For example, it will benefit more people to secure Microsoft or Amazon services than it would be to secure a smaller, less corporate player in those same service ecosystems.

You could go on to argue that the second order effects of improving one service provider over another chooses who gets to play, but that is true whether you choose small or large businesses, so this argument devolves into “who are we to choose on behalf of others”.

Which then comes back to “we should secure what the market has chosen in order to provide the greatest benefit.”

by _1100

4/8/2026 at 2:29:28 AM

The longer term economic outcome of this is consolidation: large players get stronger, weak players get weaker.

That's not a good outcome for the economy.

by pizlonator

4/7/2026 at 8:41:01 PM

Let's let the California HSR committee do it instead!

by thorncorona

4/7/2026 at 9:04:58 PM

I'm too much of an anarchist for that.

I believe what I said:

> I think it would be net better for the public if they just made Mythos available to everyone.

by pizlonator

4/7/2026 at 9:21:19 PM

10 Axios's within 5 days.

by lanternfish

4/7/2026 at 9:34:48 PM

Yeah, I'm unsure why the OP thinks that massive chaos would somehow be "better for the public."

by enraged_camel

4/8/2026 at 12:26:02 AM

That was a supply chain issue.

The interesting thing about Mythos is its ability to find security vulns in software that has an uncompromised supply chain.

by pizlonator

4/7/2026 at 9:40:10 PM

This is already happening. But not everyone has access to the tools to protect against it.

by nightski

4/7/2026 at 9:36:54 PM

This is not the only model. I assure you exploits are being found and taken advantage of without it, possibly even ones that this model is not even capable of detecting.

Sounds like people here are advocating a return to security through obscurity which is kind of ironic.

by nightski

4/7/2026 at 9:19:02 PM

You can release it with cyber capabilities refusal, they gets unlocked when you apply for approval.

by az226

4/7/2026 at 8:20:17 PM

Damned if you do, damned if you don’t. “Extremely capable model that can find exploits” has always been a fear, and the first company to release it in public will cause bloodbath. But also the first company that will prove itself.

by tokioyoyo

4/7/2026 at 8:23:16 PM

> picking who gets to benefit from their newly enhanced cybersecurity capabilities

You could say this about coordinated disclosure of any widespread 0-day or new bug class, though

by SheinhardtWigCo

4/7/2026 at 8:25:43 PM

That's a really good point!

But:

- Coordinated disclosure is ethically sketchy. I know why we do it, and I'm not saying we shouldn't. But it's not great.

- This isn't a single disclosure. This is a new technology that dramatically increases capability. So, even if we thought that coordinated disclosure was unambiguously good, then I think we'd still need to have a new conversation about Mythos

by pizlonator

4/7/2026 at 9:24:13 PM

So private companies shouldn’t get to determine who they provide services to? Assuming no extremely malicious intent, I’d be fine if they said it was only going to McDonalds because the founders like Big Macs.

by kenjackson

4/8/2026 at 12:26:36 AM

McDonalds isn't a public benefit corporation.

by pizlonator

4/7/2026 at 8:30:52 PM

Totally agree, it’s an uncomfortable compromise.

by SheinhardtWigCo

4/7/2026 at 8:20:05 PM

Not only companies, they're going to be taking applications from individual researchers. No doubt that it will only be granted to only established researchers, effectively locking out graduates and those early in their career. This is bad.

by cedws

4/7/2026 at 8:29:17 PM

They are not unique in this. Apple and Tesla have similar programs. More nuance is warranted here. They are trying to balance the need to enable external research with the need to protect users from arbitrary 3rd parties having special capabilities that could be used maliciously

by SheinhardtWigCo

4/7/2026 at 8:35:54 PM

I understand that, but Anthropic is doing nothing to throw those grassroots researchers a lifejacket. This is the beginning of the end for independents, if it continues on this trajectory then Anthropic gets to decide who lives and who dies. Who says they should be allowed to decide that?

by cedws

4/8/2026 at 1:16:51 AM

Why should unproven college students be given access to a cyber superweapon?

by solenoid0937

4/7/2026 at 8:39:40 PM

Or (and hear me out), they are close to an IPO and want to ensure that there is a world-ending threat around which they can cluster the biggest names, with themselves leading that group.

I think I just broke my cynicism meter :-(

by lelanthran

4/7/2026 at 9:07:16 PM

You might want to recalibrate your cynicism meter. As strange it might sound, most companies act according to their principles when the founding team is at the helm. The garbage policies tend to materialize once the company is purchased by, or merged into, another entity where the leadership doesn't care about the original aim of the organization. They just want "line go up".

Also, it makes sense that OpenAI feels the pressure of getting to an IPO because of their financial structure. I don't know whether or not Anthropic operates under a similar set of influences (meaning it could be either, I just don't know.)

by cjkaminski

4/7/2026 at 8:32:38 PM

> It's messed up that Anthropic simultaneously claims to be a public benefit copro and is also picking who gets to benefit from their newly enhanced cybersecurity capabilities. It means that the economic benefit is going to the existing industry heavyweights.

It's messed up that the US Government simultaneously claims to be a public benefit and is also picking who gets to benefit from their newly enhanced nuclear capabilities.

-- someone in 1945, probably

by baq

4/7/2026 at 8:34:25 PM

I mean it was messed up, which is why the other world powers raced to develop their own capabilities.

And it remains messed up to this day - some countries get to be under their own nuclear umbrella, while others don't.

This kind of selective distribution of superpowers doesn't lead to great outcomes

by pizlonator

4/7/2026 at 8:41:01 PM

in that case in particular it led to 80 years of relatively calm geopolitics kinetically, all things considered. I'm not sure I want to live through an AI cold war, but it sure seems I don't get to choose.

by baq

4/7/2026 at 9:08:10 PM

> relatively calm geopolitics kinetically

Relative to what?

There's this trend in history that every hundred years there's a giant blow up, lots of violence, followed by peace.

It's likely that we would have had 80 years of relative calm due to that cycle even if nukes hadn't happened

by pizlonator

4/7/2026 at 9:18:29 PM

> Relative to what?

to WW1 and WW2.

by baq

4/8/2026 at 12:27:26 AM

History tells us that we would have had calm after WW2 even without nukes

by pizlonator

4/8/2026 at 5:35:20 AM

— someone in 1918, probably

by baq

4/7/2026 at 9:15:17 PM

That can simultaneously be true, but the best of bad options (if excluding destroying the model altogether). These models may prove quite dangerous. That they did this instead of selling their services to every company at a huge premium says a lot about Antheopic's culture.

by SubiculumCode

4/7/2026 at 8:32:32 PM

What? The economic benefit of system critical software not totally breaking in a few weeks goes to roughly everyone. In so far Apple/Google/MS/Linux Foundation economically benefit from being able to patch pressing critical software issues upfront (I am not even exactly sure what that is supposed to mean, it's not like anyone is going to use more or less Windows or Android if this happened any other way), that's a good thing for everyone and the economic benefits of that manifest for everyone.

by jstummbillig

4/7/2026 at 8:15:49 PM

In the long term, you're right, but in the short term, it's going to be a bloodbath.

by titzer

4/7/2026 at 8:31:01 PM

That's assuming the model is actually as good as they say it is. Given the amount of AI researchers over the past 3 years claiming supernatural capability from the LLM they have built, my bayesian skepticism is through the roof.

by Aperocky

4/7/2026 at 8:39:35 PM

don't confuse bayesian skepticism with plain old contrarian bias. a true bayesian updates their priors, I'd say this is an appropriate time to do so. also don't confuse what they sell with what they have internally.

by baq

4/7/2026 at 11:35:05 PM

There haven't been any priors to update so far.

All LLMs got better for sure, but they are still definitively LLM and did not show any sign of having purpose. Which also made sense, because their very nature as statistical machines.

Sometimes quantity by itself lead to transformative change... but once, not twice, and that has already happened.

by Aperocky

4/7/2026 at 9:11:21 PM

Anthropic has behaved the least like this of the AI companies.

by SubiculumCode

4/7/2026 at 9:20:04 PM

They made a claim that 100% of code would be AI generated in a year, over a year ago.

by Gigachad

4/7/2026 at 9:30:42 PM

They were right, it's hit 100% at a number of large tech companies. (They missed their initial prediction of 90% 6 months ago, because the models then available publicly weren't capable enough.)

by SpicyLemonZest

4/7/2026 at 9:50:19 PM

Please tell me those companies so I can find alternatives. I'm using AI every day and there's no way I would trust it do that.

by hn_acc1

4/7/2026 at 9:58:53 PM

The transition is pretty complete at e.g. Google and Meta, IIUC. Definitely whoever builds the AI tools you're using every day isn't writing code by hand.

by SpicyLemonZest

4/8/2026 at 8:12:43 AM

I'm literally looking at Claude in the other window telling me that the bug we're working on is a "Clear-cut case", telling me to remove a "raise if this is called on this object" guard from a method, because "the data is frozen at that point" and is effectively proposing a solution that both completely misses the point (we should be calling a different method that's safe) AND potentially mutates the frozen data.

We're 41k tokens in, we have an .md file that describes the situation and Claude has just edited the .md file with a couple of lines describing the purpose of the guards.

I don't understand, are other people working with a different Opus 4.6 than I am?

by Toutouxc

4/8/2026 at 5:41:44 PM

No, that matches my experience pretty well. Yesterday Claude implemented some functionality I asked for in entirely the wrong component, and then did it again after I clarified. If I'd been coding on my own, the clock time to a complete solution would probably have been lower - but then I would have had to be coding, instead of reviewing other people's PRs.

A careful observer would note from when I'm posting this, of course, that this is perhaps not the only thing I get up to while Claude is busy. But I really do review PRs in a much more timely manner now. (There's people who insist that there's no need to review Claude-generated code, and to be frank I think they're the same people who used to insist that their 2000 line PRs should be reviewed and merged within a day.)

by SpicyLemonZest

4/7/2026 at 10:59:03 PM

I really just don't believe it. I have not met anyone in tech who writes zero code now. The idea that no one at Google writes any code is such a huge claim it requires extraordinary evidence. Which none ever gets presented.

by Gigachad

4/7/2026 at 11:02:21 PM

I'm surprised to hear that. One of us is in a bubble, and I'm genuinely not sure who. I have not met anyone in tech (including multiple people at Google) who does still write code. I've been recreationally interested in AI for a long time, which is a potential source of skew I suppose, but I do not and most people in my circles do not work on anything directly related to AI.

by SpicyLemonZest

4/8/2026 at 2:45:54 PM

Statistically, knowing multiple people at Google is, IMO, a pretty good sign you're in a bubble. Unless you know a few thousand other software developers.

by Toutouxc

4/8/2026 at 3:20:36 PM

An entirely fair point that I really ought to keep in mind more often. Thanks for keeping me honest.

by SpicyLemonZest

4/8/2026 at 1:20:00 AM

Can confirm that basically no one at Google or Meta hand writes code outside extremely extremely niche projects

by solenoid0937

4/8/2026 at 5:48:43 AM

Anecdotally me and my colleagues haven’t written a substantial line of code since January and this isn’t a mag7; I would be very surprised if mag7 were writing anything by hand unless it’s a custom DSL.

by baq

4/7/2026 at 10:30:53 PM

So why aren’t they laying people off and pumping the extra money towards research efforts associated with Llm’s? Lmao.

They should all cut down their labour input right now if what you claim is true.

by skejeke

4/7/2026 at 10:55:36 PM

At many of the best tech companies, the conventional wisdom has always been that there's a huge backlog of stuff to be done. They don't want to deliver 100% of their roadmap with 50% of their employees, they want to deliver 200% of their roadmap with 100% of their employees. (And the speedup is not as high as these numbers imply for many kinds of performance, security, or correctness-critical software.)

Some companies like Block, Oracle, and Atlassian have indeed been laying people off.

by SpicyLemonZest

4/7/2026 at 11:00:08 PM

Lmao man this is absolute nonsense.

Google has done nothing but destroy value with many of its ‘bets’. Your roadmap stuff is irrelevant - if you don’t have value creating projects in the pipeline and/or labour is augmented you should be laying off - period. Sundar’s job is to maximise the stock price.

So once again - nonsense. Now stop spreading crap that clearly fills people with fear. I can tell you have no understanding of corporate finance and how the management of tech firms actually think these things through.

by skejeke

4/7/2026 at 11:35:42 PM

I'm spreading what people involved in management of tech firms have told me. Perhaps they were lying, but to me it seems consistent with what I observe in the news and in my personal capacity.

I'm also not quite sure your alternate theory is self-consistent. If Google has been frequently destroying value, and companies invariably lay people off when their projects aren't producing value, doesn't that mean they should have already been laying people off?

by SpicyLemonZest

4/8/2026 at 4:44:28 AM

Have you considered that some companies want to grow instead of laying people off? No one at Anthropic writes code, they manage 20 Claude Code SWEs.

by solenoid0937

4/7/2026 at 9:32:33 PM

That was a prediction. It was not a claim of their current capabilities. If that is the one you reach for then I feel my point has been made.

by SubiculumCode

4/7/2026 at 8:38:25 PM

While I agree with you, in some ways I'd argue that this is just them being transparent on what probably would inevitably already happen at the scale of these corporate overlords and modern monarchs.

There will always be a more capable technology in the hands of the few who hold the power, they're just sharing that with the world more openly.

by hmokiguess

4/7/2026 at 9:42:09 PM

That's just in line with their ethics. They also maintain that countries other than the US should not have SOTA AI capabilities.

by oytis

4/7/2026 at 8:38:43 PM

If you're a maintainer, you can apply here:

https://claude.com/contact-sales/claude-for-oss

... As mentioned in the article.

by Flere-Imsaho

4/8/2026 at 12:27:58 AM

So a corpo gets to pick favorites.

Great.

by pizlonator

4/7/2026 at 9:36:34 PM

Not really. It’s a lot better than the anarchy of releasing it and having a bunch of bad people with money use it to break software that everyone’s lives depend on. Many technologies should be gate kept because they’re dangerous. Sometimes that’s permanent, like a nuclear weapon. Sometimes that’s temporary, like a new LLM that’s good at finding exploits. It can be released to the wider public once its potential for damage has been mitigated.

by malcolmgreaves

4/7/2026 at 9:37:34 PM

Better security is a good thing, no a bad thing, regardless of which companies are more difficult to hack. Hemming and hawing over a clear and obvious good is silly.

by stale2002

4/7/2026 at 8:18:32 PM

Queue in the "First time" meme.

by dragonelite

4/7/2026 at 9:48:10 PM

I didn't see this at first, but the price is 5x Opus: "Claude Mythos Preview will be available to participants at $25/$125 per million input/output tokens", however "We do not plan to make Claude Mythos Preview generally available".

by modeless

4/8/2026 at 11:51:07 AM

There is a huge gap between the shining examples and actual use case: What is the false positive rate? How to judge false positive?

If you need 1000 run that cost 20000 USD to find a vulnerability, and you need 2000 USD to generate a exploit (which makes it self-verifiable to be not false positive), than your cost is not 22000 USD but 1000x2000+2000 which is 2 million USD: you have to try generating exploit for every trial before you know it is true, or you need to hire one (or several) senior security people to audit every single of them.

A broken clock being correct twice a day is not impressive.

by asdewqqwer

4/8/2026 at 12:52:39 PM

My impression from the article is that it took $20,000 to perform all 1,000 runs.

by sunk1st

4/8/2026 at 12:56:54 PM

yet the poc exploit itself take $2000 and one day, I don't know how the math works, maybe there is some extremely clever way to figure out runs that are not worthy to attempt exploit.

by asdewqqwer

4/9/2026 at 8:13:26 AM

I find it believable that this could potentially happen, although I am not sure the difference is so huge to existing models.

I used Opus 4.6 to find security vulnerabilities in couple of my own projects, it found 33 vulnerabilities in one largeish django project.

The prompt wasn't even that impressive, just telling it to find vulnerabilities from certain files, and referring to OWASP. Then looping that.

by kukkeliskuu

4/8/2026 at 9:00:45 AM

This is the same company that accidentally released the source for one of their flagship products last week and has been furiously DMCA-ing every repository that even mentions claude in the days since.

by solid_fuel

4/8/2026 at 9:26:40 AM

This is also the same company who uses electron for their tooling rather than platform specific binaries generated by Opus! If their LLMs are that good why do they need to use electron?

by thewhitetulip

4/9/2026 at 8:27:09 PM

Yeah, agreed. Unironically they would be better off using GTK or winUI and the mac equivalent.

They’ve supposedly driven the cost of code to zero, right? So platform specific versions with a shared core should be easy. So where are the better products?

by solid_fuel

4/10/2026 at 3:34:08 PM

Exactly! Microsoft invested so much in OpenAI and yet Windows keeps getting worse

by thewhitetulip

4/8/2026 at 1:49:35 PM

[dead]

by xorgun

4/8/2026 at 7:01:15 AM

The $100M in credits for open-source scanning is the most interesting part here. The real bottleneck was never finding vulns in high-profile projects — it was the long tail of critical dependencies maintained by one or two people who don't have time or resources for serious auditing. If Glasswing actually reaches those maintainers, it could meaningfully reduce the attack surface that supply chain attacks exploit.

by jiusanzhou

4/8/2026 at 8:10:07 AM

I must say the combo of an em-dash stuck right in the middle of "it was never X, it was Y" made me chuckle

by m132

4/8/2026 at 7:51:33 AM

so it looks like ai-slop replies have made their way to HN...

by jusling

4/8/2026 at 7:53:52 AM

Unfortunate. I’m so sick of hearing what things are not, or what’s real, or what’s interesting.

by peyton

4/7/2026 at 6:32:51 PM

> Over the past few weeks, we have used Claude Mythos Preview to identify thousands of zero-day vulnerabilities (that is, flaws that were previously unknown to the software’s developers), many of them critical, in every major operating system and every major web browser, along with a range of other important pieces of software.

Sounds like we've entered a whole new era, never mind the recent cryptographic security concerns.

by NickNaraghi

4/8/2026 at 5:16:43 AM

Security by obscurity is over. The security vs usability balance is about to get a hard reset.

I think a number of black swan events are imminent, and it will substantially change the financial calculus that decides to put security behind revenue.

Any hole will be found, and any hole will be exploited. Plug as many holes as you can, and make lateral movement as painful as possible.

by rossjudson

4/8/2026 at 10:14:03 AM

With Anthropic able to use this model internally (since February), is this the kickoff of ramping up the flywheel of recursive self improvement of AI? It seems like as long as there are still humans in the loop at most steps, exponential recursion isn’t possible.

by Rover222

4/7/2026 at 7:57:49 PM

BTW it seems they forgot about the part that defense uses of the model also need to be safeguarded from people. Because what if a bad person from a bad country tries to defend against peaceful attacks from a good country like the US? That would be a tragedy, so we need to limit defensive capabilities too.

by zb3

4/8/2026 at 9:01:13 AM

The uncomfortable bit isn't tooling—it's cadence. When the threat model shifts faster than your review loop can honestly re-run, you don't get security, you get paperwork that pretends nothing changed.

by bdeol22

4/7/2026 at 6:59:23 PM

Society is about to pay a steep price for the software industry's cavalier attitude toward memory safety and control flow integrity.

by SheinhardtWigCo

4/7/2026 at 8:19:36 PM

It's partly the industry and it's partly the failure of regulation. As Mario Wolczko, my old manager at Sun says, nothing will change until there are real legal consequences for software vulnerabilities.

That said, I have been arguing for 20+ years that we should have sunsetted unsafe languages and moved away from C/C++. The problem is that every systemsy language that comes along gets seduced by having a big market share and eventually ends up an application language.

I do hope we make progress with Rust. I might disagree as a language designer and systems person about a number of things, but it's well past time that we stop listening to C++ diehards about how memory safety is coming any day now.

by titzer

4/7/2026 at 9:53:39 PM

I think society is going to start paying the price for humans being human. As the paper points out there is a lot of good faith, serious software that has vulnerabilities. These aren't projects you would characterize as people being cavalier. It is simply beyond the limits of humans to create vulnerability-free software of high complexity. That's why high reliability software depends on extreme simplicity and strict tools.

by doug_durham

4/7/2026 at 10:46:24 PM

100%, poorly architected software is really difficult to make secure. I think this will extend to AI as well. It will just dial up the complexity of the code until bugs and vulnerabilities start creeping in.

At some point, people will have to decide to stop the complexity creep and try to produce minimal software.

For any complex project with 100k+ lines of code, the probability that it has some vulnerabilities is very high. It doesn't fit into LLM context windows and there aren't enough attention heads to attend to every relevant part. On the other hand, for a codebase which is under 1000 lines, you can be much more confident that the LLM didn't miss anything.

Also, the approach of feeding the entire codebase to an LLM in parts isn't going to work reliably because vulnerabilities often involve interactions between different parts of the code. Both parts of the code may look fine if considered independently but together they create a vulnerability.

Good architecture is critical now because you really need to be able to have the entire relevant context inside the LLM context window... When considering the totality of all software, this can only be achieved through an architecture which adheres to high cohesion and loose coupling principles.

by socketcluster

4/8/2026 at 12:42:28 AM

I'm not even talking about poorly architected software. They are finding vulnerabilities in incredibly well-engineered software. The Linux kernel is complex not because it's poorly written. It's complex because of all the things it needs to do. Rhat makes it beyond the ability of a human to comprehend and reliably work with it.

by doug_durham

4/8/2026 at 3:52:29 AM

There are different degrees of well-engineered software. It's almost impossible for humans to do a good job with a large codebase. Some software is just too complex for any human or machine to implement correctly.

Humans almost always underestimate the cost of features. I bet we could massively reduce the amount of code and complexity of the Linux Kernel if we abandoned the account system entirely and just made it one user with root access and just relied on containers to provide isolated sandboxes.

A lot of features just crept in over long periods of time and weren't re-evaluated as needs changed. I think the approach I'm suggesting would have been horrible 20 years ago but makes more sense now in the era of cloud virtualization. The account system and containerization aspects are basically different implementations which solve the same modern problem of environment isolation... Nobody really needs per-file access restrictions anymore... The cloud era is more like "here is Bob's environment, here is Alice's environment" and they can do whatever they want with their own container/sandbox. The account permission systems is more of an annoyance than a solution for most use cases.

Everyone just latched onto the existing abstractions and could not fully re-imagine them in the context of changing requirements. LLMs are even worse than people in that sense.

That said, I think supporting a wide range of possible hardware is a real challenge for the Kernel and that part will always require an amount of code proportional to the amount of hardware supported.

by socketcluster

4/7/2026 at 11:49:03 PM

> It doesn't fit into LLM context windows and there aren't enough attention heads to attend to every relevant part.

That's for one pass. And that pass can produce a summary of what the code does.

by red75prime

4/8/2026 at 3:36:45 AM

But the summary is likely to summarise out the details which makes the code vulnerable.

by socketcluster

4/8/2026 at 1:43:24 AM

> These aren't projects you would characterize as people being cavalier.

I probably would. You mentioned the linux kernel, which I think is a perfect example of software that has had a ridiculous, perhaps worst-in-class attitude towards security.

by staticassertion

4/7/2026 at 7:19:51 PM

Thank god, finally someone said it.

I don't know the first thing about cybersecurity, but in my experience all these sandbox-break RCEs involve a step of highjacking the control flow.

There were attempts to prevent various flavors of this, but imo, as long as dynamic branches exist in some form, like dlsym(), function pointers, or vtables, we will not be rid of this class of exploit entirely.

The latter one is the most concerning, as this kind of dynamic branching is the bread and butter of OOP languages, I'm not even sure you could write a nontrivial C++ program without it. Maybe Rust would be a help here? Could one practically write a large Rust program without any sort of branch to dynamic addresses? Static linking, and compile time polymorphism only?

by torginus

4/7/2026 at 7:49:02 PM

Everybody has been saying this for the last 15 years.

by tptacek

4/7/2026 at 8:20:17 PM

We're going to have to put all the bad code into a Wasm sandbox.

by titzer

4/8/2026 at 2:08:35 AM

[dead]

by lyzaer

4/7/2026 at 6:48:05 PM

So, $100B+ valuation companies get essentially free access to the frontier tools with disabled guardrails to safely red team their commercial offerings, while we get "i won't do that for you, even against your own infrastructure with full authorization" for $200/month. Uh-huh.

by anVlad11

4/7/2026 at 7:04:22 PM

I'm sympathetic to your point, but I'm sure there are heightened trust levels between the participating orgs and confidentiality agreements out the wazoo.

How does public Claude know you have "full authorization" against your own infra? That you're using the tools on your own infra? Unless they produce a front-end that does package signing and detects you own the code you're evaluating.

What has it stopped you from doing?

by unethical_ban

4/7/2026 at 7:18:45 PM

You can do pretty much anything you want with public claude if you self-report to it that you have been properly authorized.

by 9cb14c1ec0

4/7/2026 at 7:26:02 PM

Yes, and that's normal. Coordinated disclosure is standard practice when the risk of public disclosure is unacceptable.

by SheinhardtWigCo

4/7/2026 at 10:35:59 PM

Risk for who? It feels unfair that the risk to myself is ignored "for the greater good of everyone else."

by charcircuit

4/8/2026 at 4:45:38 AM

Welcome to the world of security engineering, in which your needs do not in fact trump the needs of everyone else.

by solenoid0937

4/8/2026 at 5:30:53 PM

It's not just me against the world. It's users of big tech vs everyone else. Will my browser get these security patches? Or will only Chrome get them and everyone else gets to be vulnerable because that would endanger users of big tech.

by charcircuit

4/8/2026 at 6:19:45 AM

I'm not one to believe the Silicon Valley hype usually (GPT-2 being too dangerous to release, AI giving us UBI, and so on), but having run Claude Opus 4.6 against my codebase (a MUD client) over the weekend, I can believe this assessment.

Opus alone did a good job of identifying security issues in my software, as it did with Firefox [1] and Linux [2]. A next-generation frontier model being able to find even more issues sounds believable.

That said, this is script kiddies vs sql injections all over again. Everyone will need to get their basic security up on the new level and it will become the new normal. And, given how intelligence agencies are sitting on a ton of zero-days already, this will actually help the general public by levelling out the playing field once again.

1 - https://www.anthropic.com/news/mozilla-firefox-security 2 - https://neuronad.com/ai-news/claude-code-unearthed-a-23-year...

by VadimPR

4/8/2026 at 10:04:54 AM

One thing I keep thinking about with AI security is that most of the focus is on model behavior — alignment, jailbreaks, guardrails. But once agents start calling tools, the attack surface shifts to the execution boundary. A request can be replayed, tampered with, or sent to the wrong target, and the server often has no way to distinguish that from a legitimate call.

Cryptographic attestation at the tool-call level (sign the request, verify before execution) would close a gap that behavioral controls alone can't cover. Curious whether Glasswing's threat model includes the agent-to-tool boundary or focuses primarily on the model layer.

by willamhou

4/7/2026 at 11:34:26 PM

Ironically Claude cli completely failed to detect a rogue code on my html scan yesterday while ChatGPT web version detected it immediately. Can’t wait to do same test with newer version.

by cryptoegorophy

4/8/2026 at 12:25:11 PM

Do folks recommend that family and friends ensure their systems are updated, and that they are using Bitwarden or 1Password? Or is that alarmist?

by DigitalArchivst

4/7/2026 at 10:10:44 PM

I'm glad to see that it stands its ground more than other models - which is a genuinely useful trait for an assistant. Both on technical and emotional topics.

by zambelli

4/8/2026 at 4:41:42 PM

they built a model so powerful they won't release it. but they couldn't secure claude code from a source code leak. the model is so advanced they're paying $100M to get big tech to adopt it. the launch video reads like verified amazon reviews. the gap between the narrative and the reality is the whole story here.

by mlvvkviz

4/8/2026 at 1:40:47 PM

I think this new model will empower everyone in the world to have higher quality of software, more secure software. not less

by tombelieber

4/7/2026 at 10:10:47 PM

When do we get our Kuang Grade Mark Eleven icebreaker?

by caycep

4/8/2026 at 6:22:45 AM

Is there timeline mentioned anywhere on when any of this will be available for unprivileged public as in soon, not soon, never?

by attentive

4/8/2026 at 7:24:28 AM

Moving forward, wonder if such AI capabilities would widen the security gap between open-source software vs. proprietary?

by ahmaman

4/8/2026 at 1:23:05 PM

How much of Mythos’s internals will researchers be able to recover from the flood of patches?

by User23

4/8/2026 at 11:06:03 AM

The harder problem isn't finding vulnerabilities — it's preventing AI from violating constraints in the first place. Prompt-level safety is probabilistic. Filesystem-level constraints (mkdir 禁/behavior) are deterministic. The AI can't violate a rule that's physically encoded as a folder path in its system prompt.

by rubises

4/7/2026 at 7:53:33 PM

> On the global stage, state-sponsored attacks from actors like China, Iran, North Korea, and Russia have threatened to compromise the infrastructure that underpins both civilian life and military readiness.

Yeah, makes sense. Those countries are bad because they execute state-sponsored cyber attacks, the US and Israel on the other hand are good, they only execute state-sponsored defense.

by zb3

4/7/2026 at 6:32:34 PM

So they are only giving access to their smartest model to corporations.

You think these AI companies are really going to give AGI access to everyone. Think again.

We better fucking hope open source wins, because we aren't getting access if it doesn't.

by impulser_

4/7/2026 at 6:46:27 PM

This story has been played out numerous times already. Anthropic (or any frontier lab) has a new model with SOTA results. It pretends like it's Christ incarnate and represents the end of the world as we know it. Gates its release to drum up excitement and mystique.

Then the next lab catches up and releases it more broadly

Then later the open weights model is released.

The only way this type of technology is going to be gated "to only corporations" is if we continue on this exponential scaling trend as the "SOTA" model is always out of reach.

by open592

4/8/2026 at 4:50:58 AM

I don't know how you can read the report and the companies involved and dismiss this as hot air. What incentive does the Linux Foundation have to hype up Mythos? What about Apple?

How can you read the description of the exploits and be like "yeah that's nbd?"

And the only reason OSS has ever caught up is because they simply distill Claude or GPT. The day the big players make it hard to distill (like Anthropic is doing here), OSS is cooked.

And that's a good thing, why would you want random skiddie hackers to have access to a cyber super weapon?

by solenoid0937

4/8/2026 at 6:06:57 AM

No, that’s a terrible thing and random skiddie hackers absolutely should. This is only a temporary state of insecurity as these vulnerability scanners come online.

If this stuff is open source and not gate kept, it will be standard practice to just run some LLM security analysis on every commit and software will no longer be vulnerable to these classes of attacks.

by kortilla

4/8/2026 at 3:31:21 PM

Your "just a temporary state of insecurity" results in literal dead bodies on the ground unless defenders have a chance to front-run.

by solenoid0937

4/7/2026 at 6:47:47 PM

It also took many years to put capable computers in the hands of the general public, but it eventually happened. I believe the same will happen here, we're just in the Mainframe era of AI.

by dreis_sw

4/7/2026 at 8:45:15 PM

Yeah, but computers don't replace you. They are building AI to replace you. You think if these companies eventually achieve AGI that you are going to give you access to it? They are already gatekeeping an LLM because they don't trust you with it.

by impulser_

4/7/2026 at 6:45:14 PM

And the Linux Foundation.

by justincormack

4/7/2026 at 8:48:27 PM

Would you hope that it would be released today so that evil actors could invest few millions to search for 0days across popular open-source repos?

by dievskiy

4/7/2026 at 6:43:16 PM

of course they're not giving access to everyone.

they better make billions directly from corporations, instead of giving them to average people who might get a chance out of poverty (but also bad actors using it to do even more bad things)

by throwaw12

4/7/2026 at 7:37:14 PM

Anthropic's definition of "safe AI" precludes open-source AI. This is clear if you listen to what he says in interviews, I think he might even prefer OpenAI's closed source models winning to having open-source AI (because at least in the former it's not a free-for-all)

by krackers

4/8/2026 at 5:11:24 AM

Are there any local models that i can setup to run on my code as part of CI?

by 5d41402abc4b

4/8/2026 at 12:43:41 AM

So Mozilla is not part of this consortium, i'm guessing for deliberate reasons to make safari and chrome the default browsers. I don't think Firefox can survive the upcoming attacks, without robust support from foundational AI providers to secure the browser.

by wanderingmind

4/7/2026 at 7:00:33 PM

> security product

> glass in the name

by baddash

4/7/2026 at 8:27:34 PM

I had a team mate propose a new security layer for an industrial device which he wanted to call "Eggshell"

by pugworthy

4/7/2026 at 10:46:25 PM

We shall call it Achilles, as Claude Mythos is its only weakness.

by evanmoran

4/7/2026 at 8:28:56 PM

Heck of a Patch Tuesday.

by kmfrk

4/7/2026 at 10:09:32 PM

What happens once an agent can reliably get 100% on swebench?

by MisterBiggs

4/8/2026 at 5:18:48 PM

My comment is a completely unsubstantiated conspiracy theory: the choice of model name, Mythos, seems out of character for Anthropic models, and one can easily wonder if the model truly exists as the name suggests. It could instead be a symbolic model used by colluding companies (and perhaps even governments) to establish a reference limit upon what models will be publicly accessible, period. Probably a terrible theory as it could spell doom for frontier model developing companies' business models -- setting the bar already would likely commodify LLMs via open source models quite quickly. But the name "Mythos" is such a strange choice for this model and the circumstances surrounding its release.

by waffletower

4/8/2026 at 8:13:49 AM

Has anyone played with the released versions of Claude and tried to create exploits? I cannot imagine it not being able to craft one if guided, unless the tooling around it doesn’t allow it

by yalogin

4/8/2026 at 1:15:07 AM

We final have the answer to the question, when do these labs stop giving away intelligence to the general public for $20 a month?

Selling shovels in now worth less than taking all the gold for themselves.

by spprashant

4/8/2026 at 12:03:27 PM

Anthropic should run it on their own code

by cerved

4/8/2026 at 12:50:53 AM

Does everyone agrees that this makes Dario Amodei more powerful than any politician across the world? Anthropic is now the owner of the most powerful cyberweapon ever made

by paoliniluis

4/8/2026 at 6:42:35 AM

Wait, isn't it how Skynet started?

by finchisko

4/7/2026 at 8:40:49 PM

seems important and terrifying. This morning Opus 4.6 was blowing my mind in claude code... onward and upward

by maxmaio

4/8/2026 at 11:22:07 AM

Pumping is taken to a new level.. the model is God like that it can't be released as it is.. this must be a joke.

by throwaway911282

4/10/2026 at 3:18:00 PM

I'm starting to wonder whether what Glasswing really shows is that parts of security have already gone underground: black-hat teams and state actors may already know about many more bugs than the public record suggests, while many security professionals and clients still treat the relatively small set of disclosed bugs as the state of the art.

by wslh

4/7/2026 at 7:18:48 PM

why do I feel like the auditing industry is about to evaporate? thanks to this.

by oyebenny

4/7/2026 at 9:00:56 PM

I guess the more likely option is the auditing industry will pay huge sums to get access to those models as vetted operators.

by KeplerBoy

4/7/2026 at 7:08:14 PM

I want it

by nickandbro

4/7/2026 at 10:38:49 PM

Yea, but can it secure systems from the unpatchable $5 wrench vulnerability?

https://xkcd.com/538/

by copypaper

4/8/2026 at 3:50:48 AM

we should notice that we've already reached the point where AI models are too dangerous to publicly release

by Mecha_SalesCast

4/8/2026 at 4:04:47 AM

let us have mythos damn it

by cdelsolar

4/8/2026 at 7:15:05 AM

"We have also extended access to a group of over 40 additional organizations that build or maintain critical software infrastructure so they can use the model to scan and secure both first-party and open-source systems."

Yeah, yeah. Back in the day IBM Purify gave access to software organizations and found very little. Of course they did not have the free money of a marketing driven organization run by a weirdo (Amodei) that got rich by stealing and laundering IP.

This will fizzle out and the weirdo will have to pivot to their next marketing scheme.

by asG11

4/7/2026 at 7:32:53 PM

+ NSA, CIA

by Fokamul

4/7/2026 at 7:44:17 PM

Department of War timing on picking fights couldn't be worse

by nikcub

4/8/2026 at 11:51:52 AM

"We’re better at cyber than anybody else in the world... If we ever get hit, we’ll hit very hard. We’ll be able to hit very hard,"

by treme

4/7/2026 at 6:33:57 PM

tl;dr we find vulns so we can help big companies fix their security holes quickly (and so they can profit off it)

This is a kludge. We already know how to prevent vulnerabilities: analysis, testing, following standard guidelines and practices for safe software and infrastructure. But nobody does these things, because it's extra work, time and money, and they're lazy and cheap. So the solution they want is to keep building shitty software, but find the bugs in code after the fact, and that'll be good enough.

This will never be as good as a software building code. We must demand our representatives in government pass laws requiring software be architected, built, and run according to a basic set of industry standard best practices to prevent security and safety failures.

For those claiming this is too much to ask, I ask you: What will you say the next time all of Delta Airlines goes down because a security company didn't run their application one time with a config file before pushing it to prod? What will the happen the next time your social security number is taken from yet another random company entrusted with vital personal information and woefully inadequate security architecture?

There's no defense for this behavior. Yet things like this are going to keep happening, because we let it. Without a legal means to require this basic safety testing with critical infrastructure, they will continue to fail. Without enforcement of good practice, it remains optional. We can't keep letting safety and security be optional. It's not in the physical world, it shouldn't be in the virtual world.

by 0xbadcafebee

4/8/2026 at 6:37:05 AM

namedropping hell.

by Surac

4/7/2026 at 6:30:57 PM

Another Anthropic PR release based on Anthropic’s own research, uncorroborated by any outside source, where the underlying, unquestioned fact is that their model can do something incredible.

> AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities

I like Anthropic, but these are becoming increasingly transparent attempts to inflate the perceived capability of their products.

by endunless

4/7/2026 at 6:40:46 PM

We'll find out in due time if their 0days were really that good. Apparently they're releasing hashes and will publish the details after they get patched. So far they've talked about DoS in OpenBSD, privesc in Linux and something in ffmpeg. Not groundbreaking, but not nothing either (for an allegedly autonomous discovery system).

While some stuff is obviously marketing fluff, the general direction doesn't surprise me at all, and it's obvious that with model capabilities increase comes better success in finding 0days. It was only a matter of time.

by NitpickLawyer

4/7/2026 at 7:33:06 PM

Cynicism always gets upvotes, but in this particular case, it seems fairly easy to verify if they're telling the truth? If Mythos really did find a ton of vulnerabilities, those presumably have been reported to the vendors, and are currently in the responsible nondisclosure period while they get fixed, and then after that we'll see the CVEs.

If a bunch of CVEs do in fact get published a couple months (or whatever) from now, are you going to retract this take? It's not like their claims are totally implausible: the report about Firefox security from last month was completely genuine.

by Analemma_

4/7/2026 at 7:51:09 PM

> If a bunch of CVEs do in fact get published a couple months (or whatever) from now, are you going to retract this take?

I would like to think that I would, yes.

What it comes down to, for me, is that lately I have been finding that when Anthropic publishes something like this article – another recent example is the AI and emotions one – if I ask the question, does this make their product look exceptionally good, especially to a casual observer just scanning the headlines or the summary, the answer is usually yes.

This feels especially true if the article tries to downplay that fact (they’re not _real_ emotions!) or is overall neutral to negative about AI in general, like this Glasswing one (AI can be a security threat!).

by endunless

4/7/2026 at 7:31:17 PM

I would've basically agreed with you until I'd seen this talk: https://www.youtube.com/watch?v=1sd26pWhfmg

Maybe a bad example since Nicholas works at Anthropic, but they're very accomplished and I doubt they're being misleading or even overly grandiose here

See the slide 13 minutes in, which makes it look to be quite a sudden change

by conradkay

4/7/2026 at 7:55:19 PM

Very interesting, thanks for sharing.

> I doubt they're being misleading or even overly grandiose here

I think I agree.

We could definitely do much worse than Anthropic in terms of companies who can influence how these things develop.

by endunless

4/7/2026 at 8:50:32 PM

I watched the talk as well and it's very interesting. But isn't this just a buffer overflow in the NFS client code? The way the LLM diagnosed the flaw, demonstrated the bug, and wrote an exploit is cool and all, but doesn't this still come down to the fact that the NFS client wasn't checking bounds before copying a bunch of data into a fixed length buffer? I'm not sure why this couldn't have been detected with static analysis.

by bink

4/7/2026 at 10:10:03 PM

I guess so, but there's a ton of buffer overflow vulnerabilities in the wild, and ostensibly it wasn't detected by static analysis

The red team post goes over some more impressive finds, and says that there's hundreds more they can't disclose yet: https://red.anthropic.com/2026/mythos-preview/

by conradkay

4/9/2026 at 1:35:20 PM

I have yet to see any real world difference between sonnet 4.5 and opus 4.6. All I can tell is the version number went up for both series.

I don't know if they are a even an improvement over previous models. I never used them.

by muddi900

4/7/2026 at 6:45:33 PM

but people here had told me llms just predict the next word

by yusufozkan

4/8/2026 at 4:10:54 PM

what they will eventually do is, deliberately have more control what people wants and working for. We don't trust such institutions after witnessing GATES thuggery all over.

by jaspanglia

4/8/2026 at 10:33:43 AM

So we’re meant to believe that Anthropic is sitting on a world ending cyber tool that writes God-like code while just forgetting that a week ago the same company leaked its source code on the internet and was ribbed for how shit it was.

Got it.

by cmiles8

4/7/2026 at 9:17:30 PM

This is silly and disingenuous. In a matter of days or weeks a competing lab will make public a model with capabilities beyond this “mythos” one.

Is this a huge fear-driven marketing stunt to get governments and corporations into dealing with anthropic?

by 6thbit

4/7/2026 at 8:25:36 PM

This sets off marketing BS alarm bells. All the cosignatories so very ovvoously have a vested interest in AI stocks / sentiment. Perhaps not the Linux foundation, although (I think) they rely on corporate donations to some extent.

by SirYandi

4/8/2026 at 4:54:04 AM

What interest does Apple have in boosting Mythos?

by solenoid0937

4/7/2026 at 6:36:50 PM

"oops, our latest unreleased model is so good at hacking, we're afraid of it! literal skynet! more literal than the last time!"

almost like they have an incentive to exaggerate

by anuramat

4/8/2026 at 8:08:59 AM

[dead]

by Paul20261

4/8/2026 at 5:00:26 AM

[dead]

by silentstack

4/8/2026 at 3:22:13 PM

[dead]

by bustah

4/7/2026 at 9:10:53 PM

[flagged]

by minutesmith

4/7/2026 at 7:11:30 PM

[flagged]

by minutesmith

4/8/2026 at 12:34:47 PM

[dead]

by Manchitsanan

4/8/2026 at 8:02:19 AM

[dead]

by sajithdilshan

4/7/2026 at 10:13:33 PM

[dead]

by Serberus

4/8/2026 at 9:49:52 AM

[dead]

by linzhangrun

4/7/2026 at 6:42:10 PM

[flagged]

by _2fnr

4/8/2026 at 12:08:20 PM

[dead]

by MohammadKhubaib

4/7/2026 at 11:09:25 PM

[dead]

by lyime

4/8/2026 at 7:12:53 PM

[dead]

by advael

4/7/2026 at 6:46:11 PM

[flagged]

by _2fnr

4/8/2026 at 2:56:23 PM

[dead]

by noritaka88

4/8/2026 at 12:05:40 AM

[dead]

by webexplorer42

4/8/2026 at 4:34:10 AM

[dead]

by deepreview

4/9/2026 at 7:10:29 PM

[dead]

by atlasagentsuite

4/8/2026 at 4:08:00 AM

[dead]

by lkq4t43

4/7/2026 at 9:38:25 PM

[dead]

by gogasca

4/9/2026 at 7:57:51 PM

[dead]

by lethe-protocol

4/8/2026 at 12:15:23 AM

[dead]

by webexplorer42

4/8/2026 at 3:59:55 AM

[flagged]

by hypersolo

4/7/2026 at 9:11:08 PM

[dead]

by throwaway613746

4/7/2026 at 10:01:51 PM

A cybersecurity pandemic will surely be the Hiroshima that wakes people up to AI. /s

by gnarlouse

4/8/2026 at 5:05:40 AM

Anthropic and ClosedAI are some of the biggest bullshitters in the industry.

The is no moat, no special "capability" and when the time comes when we can run these models on our own, they will be cheap SaaS gimmicks marketed to corporate and making more slop pictures for social media.

by Ms-J

4/8/2026 at 4:08:20 AM

[dead]

by lkq4t43

4/7/2026 at 6:23:12 PM

Just include 'make it secure' in the prompt. Duh.

/s

by ehutch79

4/7/2026 at 7:19:37 PM

[flagged]

by cyanydeez

4/8/2026 at 12:17:34 PM

[flagged]

by edoardobambini-

4/8/2026 at 1:31:53 PM

Just fyi to everyone this is a new account spamming AI responses

by Forgeties79

4/8/2026 at 2:02:40 AM

[dead]

by kass34

4/8/2026 at 7:12:02 AM

The hype machine is alive and well in silicon valley.

by lasky

4/8/2026 at 10:06:11 AM

I’m sure it’s a decent model. But it’s also clear folks are running out of runway and desperate to find something that sticks and keeps the party going.

All the promises of amazing things in general work never happened. Companies consistently say they’re seeing no ROI. The AI crowd now hard pivots to cyber and, right out of the Palantir playbook, runs with the “our stuff is so amazing we can’t talk about it, but trust us bro” move that isn’t really fooling anyone.

Meanwhile the folks let in on the “secret” are those that also desperately need for the hype to continue to protect their own positions in this game.

Look forward to a model upgrade but the hype fluff games are getting old. Watching OpenAI completely crash out of pole position on the hype train though has been at least amusing.

by cmiles8

4/8/2026 at 7:55:32 AM

I don't know anyone reviewing these tools that is impressed who is also someone who earns they paycheck doing bugbounties and finding actual CVE.

Generally these things only find memory corruption stuff which is almost never the type of bug you're looking for, and it costs a lot which negates your bug bounty payout.

Each time they preach, ooh, 0day found, bla bla.

In this domain you need to be specific or you are just yelling clickbait into the wind.

What type of 0day, what did the exploit actually look like.

'complex 4 stage with heap spray' - that sounds really simple actually.... complex for memory corruption goes into multi-process, maybe things between kernel/usermode, or crazy 18-20 stage exploits people pop against things like MS Teams etc....

Even if there were some cool results by any of these projects, the amount of nonsense blurted out in articles around them really makes them seem useless tools that are overmarketed by a bunch of excited children who dont really know what they are doing.

Get a dopamine hit, post on reddit, LOL. Hacking the planet (powered by Claude -_-)

by 123malware321

4/7/2026 at 9:01:56 PM

> Mythos finds bug.

> NSA demands that bug stays in place and gags Anthropic.

> Anthropic releases Mythos.

Then what? Is a huge share of the US zero-day stockpiles about to be disarmed or proliferated?

by tdaltonc

4/7/2026 at 6:22:40 PM

It's nice to know that they continue to be committed to advertising how safe and ethical they are.

by LoganDark

4/7/2026 at 6:27:59 PM

In what ways is Anthropic different from a hypothetical frontier lab that you would characterize as legitimately safe and ethical?

by raldi

4/7/2026 at 7:13:47 PM

I'm just a little frustrated they keep going on about how safe and ethical they are for keeping the more advanced capabilities from us. I wish they would wait to make an announcement until they have something to show, rather than this constant almost gloating.

by LoganDark

4/7/2026 at 7:31:02 PM

Its existence is possible.

by 0x3f

4/7/2026 at 6:24:38 PM

They are not our friends and are the exact opposite of what they are preaching to be.

Let alone their CEO scare mongering and actively attempting to get the government to ban local AI models running on your machine.

by rvz

4/7/2026 at 6:34:31 PM

I agree attempting to ban local AI models or censor them, is not appropriate. At the same time, they do seem far more ethical and less dangerous than other AI companies. And I include big tech in that - a bunch of greedy companies that just want to abuse their monopoli … I mean moats.

by SilverElfin

4/7/2026 at 6:29:39 PM

How would you expect them to behave if they were your friends?

by simianwords

4/7/2026 at 6:39:28 PM

IMO (not the GP) but if Anthropic were my friends I would expect them to publish research that didn't just inflate the company itself and that was both reproduceable and verifiable. Not just puff pieces that describe how ethical they are. After all, if a company has to remind you in every PR piece that they are ethical and safety-focused, there is a decent probability that they are the exact opposite.

by ethin

4/7/2026 at 6:44:58 PM

They are a for-profit company, working on a project to eliminate all human labor and take the gains for themselves, with no plan to allow for the survival of anyone who works for a living. They're definitionally not your friends. While they remain for-profit, their specific behaviors don't really matter.

by Miraste

4/7/2026 at 6:48:54 PM

I work for a tech company that eliminates a form of human labour and they remain for profit

by simianwords

4/7/2026 at 7:03:52 PM

Sure, most tech companies eliminate some form of human labor. Anthropic aims to eliminate all human labor, which is very different.

by Miraste

4/7/2026 at 7:39:36 PM

If this is as dangerous as they make it out (its not), why would their first impulse be to get every critical products/system/corporation in the world to implement its usage?

by dakolli

4/7/2026 at 9:33:43 PM

This will likely not see the light of day. It's the usual PR that gathers many "partnerships".

Expect to see lots of these in the upcoming months as the big companies scramble to keep from losing money.

by manbash

4/7/2026 at 9:48:55 PM

Software has been doing fine without Misanthropic. These automated tools find very little. They selected the partners because they, too, want to keep up the illusion that AI works.

Whenever a company pivots to "cyber" rhetoric, it is a clear indication that they are selling snake oil.

Secure your girl school target selectors first.

by 4qt23

4/7/2026 at 9:50:43 PM

This is a comment from someone that has never used these tools for vulnerability research. That much is very clear.

by borski

4/8/2026 at 2:03:25 AM

[dead]

by kass34

4/7/2026 at 9:52:23 PM

Account created 6 minutes ago...

by emceestork

4/7/2026 at 9:54:29 PM

[flagged]

by 3jash

4/7/2026 at 10:09:03 PM

Building a neighborhood data platform that scores every US ZIP code using Census, FBI, and EPA data. Also running a job aggregator that fetches 37K+ jobs daily from 17 sources. Both free, both Node.js + Express.

by imranahmedjak

4/7/2026 at 7:20:14 PM

I really wanted to like anthropic. They seem the most moral, for real.

But at the core of anthropic seems to be the idea that they must protect humans from themselves.

They advocate government regulations of private open model use. They want to centralize the holding of this power and ban those that aren't in the club from use.

They, like most tech companies, seem to lack the idea that individual self-determination is important. Maybe the most important thing.

by throwaway13337

4/7/2026 at 8:12:38 PM

That is unequivocally true with some things. You don't want people exercising their "self-determination" to own private nukes.

by dralley

4/7/2026 at 8:27:50 PM

LLMs aren't nukes.

They're more like printing presses or engines. A great potential for production and destruction.

At their invention, I'm sure some people wanted to ensure only their friends got that kind of power too.

I wonder the world we would live in if they got their way.

by throwaway13337

4/8/2026 at 4:47:28 AM

An LLM that can hack anything is not as harmless as a printing press. Please stop pretending it is.

by solenoid0937