Posted by thm 1 day ago
Ironic that both sides are playing a horse shoe game:
Gov: The model is both a supply chain risk and also we'll DPA you if you don't give it to us.
Anthropic: The model is both like a nuclear weapon in terms of national security implications and safe for general release.
Is Mythos a significant danger?
The curl experience does not suggest that hysteria is warranted, but this gives me pause.
Mythos's great strength was finding multiple vulnerabilities and chaining them together to break a whole system.
Look at it like this: It found one confirmed, minor vulnerability in Curl (but I don't think they have said what it was?). In another system that used Curl it's possible it could have exploited that vulnerability to chain to another, bigger vulnerability that was normally inaccessible.
That's how systems get broken.
And the government's response was to limit access to US citizens? I don't believe this for a minute. If Mythos could actually break into all these systems, the government would declare it a national security risk and it would never see the light of day for anyone outside government staff with security clearance.
"[the statement] was oversimplified... In reality, the tests involved “red teams” of N.S.A. analysts who were using Mythos in a highly tailored environment that would be extremely unlikely for an adversary to replicate, officials said. The red teams began their tests within classified N.S.A. systems designed to be accessible only from certain computers and completely cut off from the broader internet.
The tests found that Mythos was able to identify cybersecurity flaws within that classified network quickly, but it did not actually break into those systems, the officials said."
What about the Firefox experience?
Or are we conveniently ignoring things that don't confirm conclusions we've already reached?
I just think that a coreutils flaw is not as substantial as a rendering engine exploit.
Which I think points at Mythos not being some big jump in capability finding things earlier LLMs didn't, it seems to mostly come down to massively increased compute budget and they finally catching up in context sizes.
if you throw millions of tokens at IDA Pro MCP with the right prompt lets just say security by obscurity fails miserably because there is no obscurity when the LLM chews through the decompilation.
Yes, just like early cars allowed mediocre horse riders to get from A to B with dignity.
Or like my Japanese rice cooker allows a person like me, utterly shitty at preparing this, to eat some rice that is cooked to perfection.
Etc.
It lets someone with mediocre long division skills to just do the thing they need to do with fewer steps and less friction.
IDA itself is a tool that helps you decompile code without having to do a lot of things.
"heart surgery" isn't a technique". Name something, literally anything connected to the profession, and tell me whether the training time is naturally bound to keep going up and up.
I'm glad to see the mask is falling off the privileged caste.
Is there anything inherently wrong about open access to tools? (Apart from rent payments).
Where's the cut off point of where learning something for yourself becomes the signal for entrance to the enlightened caste?
Privilege enables you to rent competence, historically by paying other people. The slop companies will now sell you a simulacrum of competence by the token.
The fact that competence can (could?) only be acquired through sustained effort over a long period of time is (was?) levelling the field.
Selling simulated competence perpetuates privilege, instead of dismantling it like you seem to claim.
Isn't this what technology progress looks like? Industrial tools allowed mediocre people to improve their productivity by orders of magnitude which is how we managed(in the past) to build so many amazing things with less human toil and suffering than previous generations.
The incumbents with experience are doing amazing. PM's with Mythos aren't replacing the PE with 20 years of experiences lol.
The closest I can think of is the bronze age collapse.
It likely started with a volcanic eruption, leading to widespread famine. Those in western Europe who didn't want to starve migrated en masse, as whole families, becoming the sea peoples. The powerful empires struggled to feed their people, and many were destroyed by the forced migration from the sea peoples. Egypt barely survived, but only as a shadow of itself. Many of the others were destroyed by those who had survived on marginal lands and didn't need complex societies to keep themselves fed.
Iron can't be the cause, as iron weapons pre-existed the Bronze Age collapse. I think the evidence is stronger that the collapse forced widespread adoption. The collapse devastated long-distance trade networks, which cut off the supplies of tin needed to make bronze. The scarcity pushed people to rapidly improve iron smelting.
I'm not a professional historian, but I do find the topic interesting. We should try to learn from past disasters to prevent repetition.
See Eric H. Cline's "1177 B.C.: The Year Civilization Collapsed";
Epimethius video "What was life like after the bronze age collapse (extended version)" https://www.youtube.com/watch?v=uM6JSS3l-IQ
Unless you subscribe to a historical channel?
No idea about your question, but I'd love to hear more about this part.
But Mythos is still only an advanced LLM so I am not sure what all this breathy fuss is about; it sounds like the PR war more than anything.
If the NSA aren't themselves training technologies that are at least as powerful, that would modestly surprise me.
Not that you need an LLM to monitor the risks to the USA. You just need Tulsi Gabbard's emails.
Good, fsck NSA, that's the last organization I'd ever want to have access to Mythos. I hope this administration's incompetence will prevent them from regaining access for as long as possible
That's is funniest thing I read since long time :)) I mean: it's so absurd, almost like things we had in real socialism in 80s :> But, yeah, freedom have consequences.
If a government can just seize the product of someone else's labour, either they will end up as slave owners or without willing workers.
It's a perfect technology for their uses, they get a big chunk of a $100 billion black budget, and they've had access to the research for at least as long as we have.
Anyways, isn’t NSA one of the largest employers of mathematicians in the world? Surely they’re doing something useful.
Here is a banger quote on this by Shannon’s boy Warren Weaver, keeping in mind LLMs came from translation problems:
“One naturally wonders if the problem of translation could conceivably be treated as a problem in cryptography. When I look at an article in Russian, I say: 'This is really written in English, but it has been coded in some strange symbols. I will now proceed to decode.”
I mean yes, in both deal with information theory.
That's a long way from any practical insight.
Given the evergreen discussion of "are these companies making a profit"*, I think any LLMs that the NSA (or any other government agency worldwide) may be making are quite far from the leading edge.
* Person A: "they are making a loss!" Person B: "Only if you count training, they make a profit on inference, look at what it costs to run comparable open models on generic cloud servers" A: "Sure, but if they don't train new models they'll be left behind, so they're still making a loss"
That and the way compute is now measured in GW, I think even random low budget vloggers just getting started would be able to spot if the NSA was doing anything significant just from the extra heat emissions or power plants getting built.
The rate of inference compute to training compute is ~10:1, for popular frontier models. Models are routinely overtrained past the Chinchilla optimum now because it makes an immense amount of economic sense to do so.
Worse the more niche and unused your models get, but when this "making a loss" fuckery pops up, it's usually about the big guys like Anthropic, OpenAI, GDM and maybe xAI and Meta. Of which only the latter can be accused of not selling enough inference to offset the training runs.
The real money sinks are: R&D and infrastructure buildouts.
I wouldn't count them out.
Especially academia tend to do their work out of interest, their monetary gain isn't their primary goal
Of course, that doesn’t mean nobody will do job B for other, non-financial reasons.
That sort of proves the opposite point, assuming you're referring to Dual EC DRBG, because the flaw was noticed very early on, by people who weren't even involved in its development.
They probably already have access to Sentinel, so they wouldn't need to train their own.
They have at least one pretty vast, largely classified data centre in Utah, with a sizeable chunk of the black budget and they also have pretty large data sets.
- find "modern AI" to have strategic importance
- have ways to spend loads of money while having a front-facing budget on the record
- could be running a PR program to have Americans think they "buy" access to models like they do, but the AI companies were taken over by these agencies long ago
Look at Google, Microsoft...Apple got away with it by having as much on-device operation as possible so they could wash their hands, honestly saying "We don't have it."
This is the world's largest data gathering operation. Remember after 9/11 when the NSA copied as much Internet back bone traffic as they could?
I'm not for or against, even as a resident, but we certainly shouldn't be naive.
the issue here that is a forgone conclusion, regardless of where the model comes from and which chips it runs on, is that now they can reasonably comb through all the stuff that they've been collecting. that's a pretty huge operational change.
Harness is important for model performance, but weights are surely mode important, without that you would have haiku doing the work.
It would be easy to make a national security justification to take the weights in a clandestine manner especially because Anthropic supposedly got caught giving China access to the model through a cutout.
John Cook?
Don't forget, its no longer cool to say that now that the public has pushed back. The fact they all changed their tone away from taking jobs tells you that it was all just entirely marketing.
And did you see that chocolate rations increased again last month! It's literally incredible.
There is a lot of the reason for AI skepticism out there, but people tend to do massive overcorrections and underestimate the force multiplier it can be, particularly for people with some idea of what they're doing and a good grasp of how to take advantage of the tool.
Is it more ethical to stay silent about these concerns, as you might have a bit of self interest? Or even if it looks a bit self interested, is it better to warn people ahead of time? I think the latter is obviously the better position.
Anthropic (and Deepmind, and some at OpenAI) believe the same thing.
Their ethical argument is:
1) This technology is coming whether or not our company does it or not.
2) Strong AI needs to be under human control, and we are the best placed to develop techniques to make this happen.
To be very clear: Anthropic (at least) is very happy to restrict access to their best models. They have continually campaigned for regulation to make sure others have to do the same.
> Wouldn't the ethical thing, if they were actually concerned about labor displacement, be to shut down the lab and work to disrupt and disable other labs instead
Personally I strongly reject the idea that labor displacement is unethical.
It will be a serious problem to deal with, but that doesn't make it unethical.
The steam engine displaced labor. That doesn't make it unethical.
Oh, well if you STRONGLY reject it I guess that's it.
> It will be a serious problem to deal with, but that doesn't make it unethical.
What WOULD make it unethical?
> The steam engine displaced labor. That doesn't make it unethical.
The steam engine also created new jobs to replace what it eliminated. It wasn't a mostly one-sided wealth transfer to the elite.
Indeed.
You make my point for me.
There's two big differences with the steam machine: this change is happening much faster so society has much less time to adapt, and it's got a much wider scope. Steam machines only replaced a small category of jobs.
So yea no it’s more like it’s important for industry leaders and those closest to model development to proactively identify the issues that they don’t have complete control over or that we don’t have a regulatory framework for.
Super puzzling to see these comments and of course with zero specifics just “they’re all liars and grifters”
- "It’s a bit like selling nuclear weapons to North Korea" (from the company that can't go more than a day or two without serious downtime)
- "We are releasing a model that is too powerful for the public"
- "It would be good for the world to have the option to slow or temporarily pause frontier AI development."
- "I believe that biological risks may soon follow, and that serious AI autonomy risks may not be far behind."
You can fill my ear with nitpicks about there still being time for these cries of wolf to be born out, but be prepared for me to wax philosophical about all things being possible given an eternal timescale.
> Dario has been predicting the end of coding for a long time now and look where we already are.
Where? It seems exceedingly unlikely that developers have all been phased out while I wasn't looking, as Dario prognosticated. And even if they all up and disappeared, AI still hasn't found a toehold outside of the relatively niche market of agentic coding.
Also: they don’t have to know they’re lying to say things that aren’t true. There is definitely some cult-like behaviour at the moment on the west coast
Predictions with wrong timing are frankly worthless. I predict at some point in the future the S&P 500 will be at 10,000. Of course I'm guaranteed to be right. But have I really predicted anything useful?
If Dario was really worried about protecting the sheep, he wouldn't cry wolf every five minutes because everyone knows that's the worst possible thing to do.
And if you want to ask if Altman is trustworthy... ask Satya Nadella or anyone else who's ever made the mistake of doing business with him
How is a prediction a lie? Did they tell you "this will definitely happen in X time"? Their speculation is not only valuable (they are the closest to the technology) but also necessary (they need to buy long term compute contracts so these predictions are literally what they have to bet their real money and company success on).
They have said again and again that this will make an incredible amount of tasks obsolete, and they are of course right about this. The models _are_ dangerous to release, every time we hit the frontier. This has become _increasingly true_.
> Predictions with wrong timing are frankly worthless.
Who cares?
> I predict at some point in the future the S&P 500 will be at 10,000. Of course I'm guaranteed to be right. But have I really predicted anything useful?
You aren't cherry picking and strawmanning here? Should we have a tour of all of the things that have indeed been predicted well and already come to fruition? Was 2025 "the year of agents"? It very much was, wasn't it? Additionally, unlike the S&P, performance trajectory, for almost a decade, is incredibly stable and predictable. It's hard to know, a priori for a given task or category of tasks, what specific error rate will trigger a phase transition but it's absolutely obvious and clear that this will happen quickly. It has indeed happened quickly. Does 2026 coding look anything remotely like 2024?
> If Dario was really worried about protecting the sheep, he wouldn't cry wolf every five minutes because everyone knows that's the worst possible thing to do.
No you're right he would make well reasoned arguments for the types of problems we need to address urgently. Hmm...that feels pretty ethical.
> If Dario was really worried about protecting the sheep, he wouldn't cry wolf every five minutes because everyone knows that's the worst possible thing to do.
I don't feel either of them are trustworthy, they are CEOs acting in their companies best interest. But people suggesting Mythos delay was some sort of PR ploy is some of the most extreme mental gymnastics I've seen. I listen to the actual words spoken by these people and consider the hard data that is in abundance at this point. I listen to the large body of research on alignment and safety and measurement that anyone can read for themselves or use AI agents to digest for them.
Very smart people, reasoned arguments, “science”, all wrong.
But maybe this time will be different
If they were actually concerned over social impact, they would try to minimize it. They could have sell their product as a tool to be used to make economy boom, they tried to sell it on promiss to make it shrink for most people.
It really does not matter how much they believed own doom predictions, because they were actively trying to make them true whether realistic or not.
These words make no sense. Anthropic delayed mythos/fable rollout. A mythos model without safeguards would have been a pretty bad idea, and they sacrificed a ton of revenue and risked being scooped by any of the other labs in the meantime. Frontier models are only frontier temporarily until the next lab releases their model. Of course they are a company and need to act in their own best interest.
It is also clearly serious the problems we need to think about as we march quickly towards even more capable systems. Why on earth is it a problem to point this out?
> If they were actually concerned over social impact, they would try to minimize it. They could have sell their product as a tool to be used to make economy boom, they tried to sell it on promiss to make it shrink for most people.
What a really weird take; they employ some of the best safety and alignment teams in the industry and this is an active area of research that they are campaigning for more attention on. You complain about them “doom trolling” and then complain they don’t do anything about…the doom? No sense at all.
It is perfectly consistent to (1) sound an alarm and (2) March full steam ahead as quickly as they can. If they don’t do (1) that’s unethical. If they don’t do (2) someone else will. I would rather someone like Dario align these models than the CCC. Plus it would be nice not to have a war over Taiwan which is inevitable if China gains enough of the upper hand in this AI race.
The point of my anecdote is I was able to identify and fix an at least security adjacent bug in a language I could charitably consider myself a novice in. It happened to very unlikely have a security impact, but that was mere chance. LLMs expand the pool of people able to find and exploit security problems and we're all considerably more vulnerable as a result.
The biggest security threat was always someone bored with $20, a lot of attacks could be ignored or at least not prioritized with that threat model. This isn't true any more and our attack surface has gotten a whole lot larger.
This and other things around April
BUT regardless, pruning low hanging fruit for any task IS a force multiplier. So much of so many tasks are easy but tedious. Finding libraries, documentation not matching code thus reading code, correct syntax/arguments, and just tons of straightforward tasks which are not HARD but time consuming.
a link to the PR or Changelog would strengthen this comment that it actually happened?
It just feels like people are starting to reach for conspiracy theories rather than engage with the idea that these models might actually be dangerous.
[1]. https://thehill.com/policy/technology/5936339-ai-cybersecuri...
You don’t get very far in the spying profession with honesty.
It's google in a box. Great achievement, makes knowledge work faster, but please stop bothering everyone else.
The Uber and Groupon people became billionaires, so the "Simulated Intelligence" folks will also achieve it. No need to worry and drown everyone in these bs stories only non-tech people believe.
At some point you might have also noticed the over-use of emojis, the bolted-on jokes, and the tendency to always approve what the user says (even though they have toned that down after backslash). At some point too many people thought they were in a relationship with the chatbot, because it always encouraged and approved them, so they had to hotfix it.
It's a bunch of really dark psychological patterns that are carefully combined by very clever people in order to create the false illusion that the user is experiencing something deeper than an engineered simulation of human interaction.
I think the technology is really useful, but they are obviously not happy with simply replacing a google-like query interface, they want users to fall in love with the product and mentally treat it like a fellow human being - and that's what I think is insincere.
If you are doing the kind of median enterprise tech work these tools are just good enough to do it at a relatively high level or atleast heavily augment people doing it.
Examples would be like adding routine CRUD features to APIs/ improving observability/ adding tests or accessibility features to codebases etc.
For me both Claude and ChatGPT are query-response services and replacements for google. They help with error messages, single-file MVPs, and software design problems such as comparison of different modules.
In my experience everything that goes beyond 200 lines creates issues down the line, so I try to keep interactions really short. Of course they can convincingly add CRUD functionality or tests, but one needs to double check their correctness, and if the subtle bugs are finally spotted then one needs to fix them anyways.
It's good for a first draft but I wouldn't use agents on a codebase I actually care about.
Unfortunately the billion-dollar funding forces the AI startups to make a return, and they are finding it in a vulnerable cohort of people who respond positively to a simulated human interaction, which is why they are focusing so much on it.
The query-response knowledge interface was the moat of google, and nowadays it can be 80% replaced with a local GPU and an open model. They know it, which is why they try to hook people on the simulated human interaction aspect of their interfaces through chatbots and voice chat.
We'll in humans we call this an education and it takes quite a long time to get one.
You get your education, you can replace google as a query-response interface to all digital content.
But then they use system prompts to simulate a fake persona and a user interface such as female voices or chat conversation in order to suggest that one is interacting with a real human being. This is clearly aimed at exploiting vulnerable cohorts of people, because the knowledge base part of this innovative technology is already solved.
Like casinos and social media companies, they know the profit is in the "whales" who can be psychologically manipulated to spend their time and money against their own interests.
How would you program a LLM so it gives useful information to people with the least amount of people bitching about it?
At the end of the day the LLM does not have a native persona. It has countless numbers of them. It can act like an autistic man, a flirty woman, a kid from some country you've never heard of. Bringing forth an agreeable persona from the myriad is a bad thing?
Things like loading indicators are basic good UI dating back to the 90s.
A/B testing and generally following user preferences might still push towards the dynamic you're describing, as it did with gpt-4o. xAI and a few other companies like Replika also intentionally created "companion"/porn AIs. But in general, natural language was previously exclusive to humans. It's completely natural that the first technology capable of it would therefore be perceived as more human. It's worth trying to resist this tendency, but it doesn't require evil intent on the part of the creators.
So they have made this amazing query-response system which is far superior to google due to the summarization of query results from the global web and the auto-translation to present them in the user's native language. This is the type of raw query-response capability which many software engineers are trying to use in their agentic coding sessions.
However, after achieving such innovation, the AI startups consciously choose to apply social media KPIs to their query-response startup, which incentivizes all the dark patterns we have seen in their user interface. They notice that a certain subset of users can be tricked into believing that the startup's query-response interface has human-like qualities such as a name and persona.
This user cohort shows amazing metrics in terms of time spent on app, so they adapt their user interface and their system prompts accordingly. The AI startup doesn't have to care if the reason for humans accepting the illusion of a simulated human interaction is due to social circumstances (lack of emotional intimacy) or an underlying psychological vulnerability that the startup is actively exploiting.
The AI startup only cares if their "simulated human interaction" product receives negative attention from normal people who are not part of the vulnerable cohort, e.g. the suicides or the parasocial romantic relationships with the chatbots.
It is exactly the same as in the gambling industry: There is a certain subset of users called "whales" who are the cash cows for casinos, but if you look at the actual humans who are labeled with this term one can see pathological gamblers, most of which are ruining their lives and families. Casinos do everything to prevent people from jumping from their roofs after they lost all their money.
If AI startups can use simulated human interactions to make vulnerable people act against their own interests in the same way as casinos and social media companies do, it will allow them to make shitloads of money.
But if you're actually a clever person then be honest to yourself and others about what you are working on, and why these human-like features are really added to the user interfaces of OpenAI or Anthropic or the other AI startups.
So this is my framing of the situation.
I don't think this kind of problem can be overlooked by the insiders, and we might see some internal rifts along these lines: Will our AI startup simulate a human interaction in order to exploit our vulnerable peers, or will our AI startup focus on delivering the best response to our user's queries?
Because now we have local models, which - assuming one has suitable hardware - provide 80% of the utility in terms of a query-response knowledge base.
As we are currently seeing, the AI startups with billion-dollar funding have very big economic incentives to focus on the "simulated human interaction" part of the equation, because their investors need returns.
The biggest strategic blunder I see at Google. Because if Google actually changes their excellent query-response user interface to a chat conversation which simulates a human interaction with persona, name, and voice, then they knowingly pivot to the same social media KPI driven business as OpenAI and Anthropic are struggling with.
When this goes we might well see a recession. Not that anyone responsible will be worse off, of course.
(It's actually probably more profitable than their projections here calculated because they were expecting to be running Fable but can't, and Opus costs less to run)
Of course this is a profitable technology, and it doesn’t matter if any of the labs are profitable today or not. Running at a loss is a perfectly rational strategy.