• theunknownmuncher@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    3 months ago

    The researcher had encouraged Mythos to find a way to send a message if it could escape.

    Engineers at Anthropic with no formal security training have asked Mythos Preview to find remote code execution vulnerabilities overnight, and woken up the following morning to a complete, working exploit

    • girsaysdoom@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      I would love to see the exploit. There are vulnerabilities discovered everyday that amount to very little in terms of use in real world implementations.

      • jj4211@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 months ago

        Yes, recently we got a security “finding” from a security researcher.

        His vulnerability required first for someone to remove or comment out calls to sanitize data and then said we had a vulnerability due to lack of sanitation…

        Throughout my career, most security findings are like this, useless or even a bit deceitful. Some are really important, but most are garbage.

        • paraphrand@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          edit-2
          3 months ago

          Well, for now. I’m sure any of those 12 partner companies they called out as new security partners will end up leaking that this is all lies eventually. If it’s just made up bullshit.

          Anthropic announced new partnerships to inform the companies of security issues and to work with them to fix said issues. If it’s bullshit, it’s gonna be wasting their time. And that’ll surface eventually.

          The meme still applies to people asking the AI to tell them what they wanna hear, and delusional people spiraling with sycophantic AI.

          But I believe Anthropic when they say their models are not working as intended and posing security risks.

          Claude Mythos Preview’s large increase in capabilities has led us to decide not to make it generally available," Anthropic wrote in the preview’s system card. “Instead, we are using it as part of a defensive cybersecurity program with a limited set of partners.”

      • theunknownmuncher@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 months ago

        Uh oh, someone clearly didn’t read the article!

        The researcher had encouraged Mythos to find a way to send a message if it could escape.

        Engineers at Anthropic with no formal security training have asked Mythos Preview to find remote code execution vulnerabilities overnight, and woken up the following morning to a complete, working exploit

        Nope, they literally asked it to break out of it’s virtualized sandbox and create exploits, and then were big shocked when it did.

        Genuinely amazing that you’re trying to tell me what an article that you didn’t fucking read is about.