1 month ago
14
ARTICLE AD BOX
George Hotz, the archetypal idiosyncratic to ever unlock an iPhone, has a connection for everyone panicking astir Anthropic's caller AI exemplary Mythos: calm down. In a LinkedIn post, Hotz—who famously cracked Sony's PlayStation 3 and present runs self-driving car startup comma.ai—said helium could find zero-days cheaper and faster than Mythos if not for bug bounty restrictions.
His offer: 1 zero-day a time until a large caller exemplary drops, conscionable to beryllium a point. "These things are not that hard to find successful astir software," helium wrote, taking nonstop purpose astatine Anthropic's assertion that Mythos uncovering a 27-year-old OpenBSD bug and exploiting FreeBSD's NFS server for basal entree represents a watershed infinitesimal successful cybersecurity.
The 'it's not incentivised, not impossible' argument
Hotz's halfway statement is simple: zero-days aren't uncommon due to the fact that they're hard to find.
They're uncommon due to the fact that uncovering them is amerciable to exploit, and skilled hackers person amended options. "Criminals are usually not precise skilled, oregon they would take a antithetic enactment of work," helium wrote.He's not unsocial successful that view. AI researcher Gary Marcus called the Mythos announcement "overblown," pointing retired that the Firefox exploit Anthropic demonstrated had sandboxing disabled—essentially a laboratory condition, not a real-world onslaught scenario.
Yann LeCun, co-founder of AMI Labs and formerly Meta's main AI scientist, was blunter: "Mythos play = BS from self-delusion."
Small, inexpensive models did overmuch of the aforesaid thing
The sharpest method pushback came from AI information startup Aisle, which took the circumstantial vulnerabilities Anthropic highlighted and ran them done small, cheap, open-weights models. All 8 models it tested detected the flagship FreeBSD buffer overflow—including 1 with conscionable 3.6 cardinal progressive parameters that costs $0.11 per cardinal tokens.Anthropic spent astir $20,000 successful tokens to find the OpenBSD bug crossed a 1000 runs. Aisle's point: erstwhile the applicable codification is isolated, astir of the halfway reasoning is already accessible to models that anyone tin tally today.That doesn't mean Mythos isn't real. Researchers who looked earnestly astatine the Linux kernel exploit chains—chaining 4 vulnerabilities unneurotic to get root, bypassing HARDENED_USERCOPY done originative usage of kernel stack reads—said the sophistication was genuine. The autonomous exploit operation complaint jumping from nether 1% connected Opus 4.6 to 72% connected Mythos is simply a existent gap.But Hotz's situation stands unanswered: if it's truthful groundbreaking, spell find caller zero-days astatine the aforesaid level without Anthropic's help. Nobody has yet.
