Hacker News

Hacker News

Project Glasswing: what Mythos showed us

58 points by Fysi 3 hours ago | 11 comments

hydra-f 6 minutes ago

Beside the poorly written post, the vulnerability discovery workflow might actually give good results

xnorswap 15 minutes ago

The real question is whether it was Mythos or Opus that wrote this post.

> "Why it matters"

It doesn't, it's a corporate blog, they were rarely written in one-author's voice anyway, but it's interesting to see that even large organisations are outsourcing their blogs to LLMs.

divan 3 minutes ago

Cloudflare blogs have been excellent for many years, long before transformers arrived.

estearum 5 minutes ago

It's fascinating seeing people think that if you're snarky enough about something, the substance of that thing actually ceases to be substantive.

It's like staring down the barrel of a gun and taking the time to make quips about the type of paper the gun advertisement was printed on.

this_user 7 minutes ago

This looks more like it was edited by AI rather than fully written by it. Or they are using a really good humaniser for the second pass.

sf_tristanb 7 minutes ago

great, but why don't you share real data on how many security vuln it found ? how many were reals, how many weren't ?

dataflow 21 minutes ago

That's great and all but how severe were the most severe vulnerabilities found? I imagine they don't want to talk about it, but that's really the most interesting and important bit.

aabhay 44 seconds ago

As much as I’d like to share in the skepticism, the very beginning of the article states it very plainly — this is a step function.

Lots of people feel that Mythos is a psyops campaign, but I don’t really understand the skepticism. Most of it seems to stem from the general distrust of things that aren’t publicly available.

A few Anthropic employees have described Mythos as a general purpose model improvement, but that claim has yet to be widely backed up so that’s the only place I’m remaining skeptical.

For the domain of security research, I’m willing to buy the narrative.

cute_boi 14 minutes ago

Most of their new products are AI tools that nobody uses, so I guess they’ll keep posting slop. And recently, they’ve fired so many people that they probably don’t have good writers anymore.

wnevets 10 minutes ago

I can't wait to be told that Cloudflare is now part of "The Mythos FUD" campaign.

unethical_ban 5 minutes ago

Interesting for teams looking to implement ai into their deployment process.

I don't think guardrails are useful long term. Assuming we don't see the end of open near-frontier models, it is folly to try to keep models from doing exploit generation. The solution needs to be all software projects writing code under the assumption that hackers will be running LLMs against their code in search of exploits and write secure code accordingly.