Small models also found the vulnerabilities that Mythos found

Posted by dominicq 10 hours ago

Small models also found the vulnerabilities that Mythos found(aisle.com)

844 points | 229 commentspage 6

charcircuit 7 hours ago||

The thesis that the system is more important than the model is not bitter lesson pilled. I would not bet on this in the long term. We will get to the point where you can just tell the model to go find and classify the severity of all security problems with a codebase.

AlexandrB 8 hours ago||

The whole "this tool is too dangerous to be public" idea reeks of marketing. Just like all the "AI is an existential threat" talk a year ago. These companies are using ideas usually reserved for something like nuclear weapons to make their products look more impressive.

abhinaystha 7 hours ago||

Tech companies are just hyping their model to that the bubble wont burst so easily.

rvnx 9 hours ago||

Where are all the people here who claim that LLM are just useless stochastic parrots ? Did they lose internet ?

SoftTalker 9 hours ago|

The patterns of buggy code are well trained.

eiens 7 hours ago||

The bigger point of focus is that the enterprise value accrues to assets associated with software production.

What happened to all that nonsense about LLM’s solving physics, science etc? Lmao that certainly is not happening.

The natural home of LLM’s is in relation to software production.

The question is can Anthropic and OAI survive? If OAI can’t make their entry into the ad business work then they will fight over the same territory. Meaning both of their chances of survival drop as Google who is a monster in relation to software production will not only seek to kill them but buy their GPU’s at a discounted price.

ares623 3 hours ago||

Once again, it would've been so easy and simple to remove all doubt from their claims: release all the tools and harnesses they used to do it and allow 3rd parties to try and replicate their results using different models. If Mythos itself is as big a moat as they claim it is, then there shouldn't be any problem here.

They did the same stunt with the C compiler. They could've released a tool to let others replicate it, but they didn't.

ctoth 10 hours ago||

> They recovered much of the same analysis

Really?

> We isolated the vulnerable vc_rpc_gss_validate function, provided architectural context (that it handles network-parsed RPC credentials, that oa_length comes from the packet), and asked eight models to assess it for security vulnerabilities.

No.

Sharmaji000 7 hours ago||

[dead]

bustah 8 hours ago|

[dead]

More comments...