Rendered at 12:29:39 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
mrandish 16 hours ago [-]
This quote from TFA is highly likely to be a conflation, exaggeration or extrapolation of what actually happened:
> "On June 11th Mark Warner, the vice-chair of the Senate Intelligence Committee, said that General Joshua Rudd, who leads the National Security Agency and the Pentagon’s Cyber Command, had told him that Mythos “broke into almost all of our classified systems, not in weeks, but in hours”"
Why:
1. It's a paraphrase of a 2nd hand conversation and (at least) the last two 'telephone game' recipients are a U.S. Senator and a general, not security domain or IT experts.
2. Motivated communication: The Senator claimed this to justify the necessity of unprecedented restrictions that he agrees with.
3. The original testimony to the Intelligence Committee was almost certainly detailed, nuanced and highly classified, making this an extreme paraphrase.
In saying this, I'm not claiming Mythos may not be a security issue or that something directionally like this wasn't reported. But given the indirect, circuitous path, it's quite easy to imagine the original testimony was more like "Mythos identified a potential vulnerability we rated "Severe" in a critical system and we believe it could find similar vulnerabilities in any of our systems."
dostick 14 hours ago [-]
Why not use Mythos to hack them and see what the report was
zombot 22 minutes ago [-]
When you get your hands on it, let me know.
mikewarot 10 hours ago [-]
It's sad that they did the research[1] and solved computer security about 40 years ago[2], and then proceeded to lose that hard won knowledge over time.
People will think you are exaggerating, you aren’t. They will also think I’m exaggerating that you aren’t, I’m not. Learning about capability-based microkernels and realizing this has been a solved problem for years, and is actually one of the rare easy freebie problems in computing, is a highly sobering experience!
Only thing I disagree on is that we lost that knowledge, we did not, there isn’t much to capabilities, they actually simplify OS design IMO.
tra3 10 hours ago [-]
I’m not familiar with this, but what does “solved” mean in this case? Guaranteed inability to compromise systems?
mikewarot 10 hours ago [-]
Pretty much. If you've got a microkernel / capabilities based OS, the amount of mischief that someone can cause is severely reduced.
It's my belief that we can have general purpose, easy to use, secure computing for everyone.
No UAC crap, or horrible systems like AppArmor, no virus scanners, etc... just computers that do what you want, and only what you want.
We could have had it decades ago, if things had happened in a slightly different sequence order, related to the flood of personal computers.
RetroTechie 1 minutes ago [-]
Capabilities-based OSes aren't magic. Their robustness still depends on underlying assumptions, which may or may not hold. See eg relevant disclaimers in seL4 whitepaper(s).
And hardware glitches are a thing.
But I do agree that verified correct software can offer very strong guarantees that go well beyond those of commonly deployed software. We could have been in a much better place today.
esperent 4 hours ago [-]
How much does this limit what a computer can do? E.g. if I converted an Ubuntu desktop into a "secure microkernel", what functionality would be lost?
wolvoleo 4 hours ago [-]
That would stop a lot of kernel-based exploits but you can also do a lot of damage just as a user of course.
port11 5 hours ago [-]
Can you recommend any modern systems that behave like that?
snvzz 6 hours ago [-]
seL4[0] being the formally-proven modern representative.
If mythos can break into almost all of their classified systems in hours then other models including opus, gpt, gemini and large open weight models can do so as well, maybe you'll have to double hours or it may become days, but they also will, there is no "maybe" in here.
State sponsored, non-public penetration fine tunes (of possibly public ones) likely can do it even faster.
Unsupervised penetration RL loop is ideal setup similar to optimization one – it's relatively easy to gain function on it.
dualvariable 18 hours ago [-]
Also, this is just security through obscurity. The holes that mythos exploited still exist after you've tried to limit mythos accessibility.
And the fact that all our systems are riddled with security holes shouldn't be too much of a surprise given the way that we all know that software is developed and how tech debt / chores are constantly underbudgeted (plus I think this underscores that any one human's knowledge and attention are inherently limited, and even the best PR review is going to leak all kinds of security holes).
mirekrusin 16 hours ago [-]
Yes, exactly, quite shocking, if something like this is true, as NSA (!!) director you keep it quiet, right?
dualvariable 13 hours ago [-]
That is literally just more security through obscurity.
And the threat actors that would find that information "useful" already know it.
All of our IT security is a mess, the NSA director is just confirming what should be common knowledge.
DaSHacka 6 hours ago [-]
[dead]
DANmode 13 hours ago [-]
Not if the existential threat (to your organization’s current setup) is uncontainable.
johndough 1 days ago [-]
I don't think that is necessarily true.
- With a weaker model, the time to break into the system might grow so larger that it becomes infeasible, similar to how password hashes can be bruteforced, but if the password is long enough, that is not going to happen in our lifetime.
- There might be problems which are inherently unsolvable with a lower level of intelligence. For example, your dog won't derive calculus from scratch, even if it lived forever.
- LLMs might be biased in such a way that they never explore the entire solution space, no matter how many attempts are made. Some models are notorious for getting stuck in a loop, trying small variations of the same approach every time, even though it is doomed to fail. This can be counteracted somewhat with higher sampling temperature, but that hurts reasoning capabilities.
BikDk 1 days ago [-]
The concept of infinity claims that the dog eventually becomes Shakespeare. The same way we handled encryption, even before Alan Turing codes were broken and evolved. Last, it is a huge advantage to have the machine/mind and to evolve from there.
P.S. Even if you go back to lemon juice on paper there may be a thief around that knows the trick.
jjk166 19 hours ago [-]
> The concept of infinity claims that the dog eventually becomes Shakespeare.
The ability to reproduce an exact copy of hamlet does not make one Shakespeare. A monkey on a typewriter may very well generate Shakespeare eventually, but it wouldn't understand Shakespeare then any more than it could immediately. Likewise a dog may put together some string of text that includes a derivation of calculus, but at no time will it be able to apply that derivation to solve mathematical problems.
gmerc 4 hours ago [-]
And by dog you mean lLM
cyanydeez 18 hours ago [-]
People seem to think entropy can be overcome with proper focus. Thats why we have things like "effective altruism", the idea that you can ignore all the harm you do on the way to some big grand altruistic act, as if the shattered glass can be reassembled if you just collect enough reverse entropy.
It's a line of reasoning meant to shut off empathy to the here and now. And while it sounds good, along the lines of Baywatch: If you're jumping into a live saving situation and you have to choose between further harming your victim and you being harmed, you choose your victim because without you to save both of you, it's fatal; the difference is indirectly or directly pushing your victim into the water then claiming you're altruistically going to save them at a later date.
Mythos and other models are not brute-forcing passwords (and with this analogy passwords, ie. systems are the same).
We're not talking about dogs, but LLM systems.
Mythos is not exploring entire solution space either.
Usually looping is solved by repetition/frequency/presence/n-gram penalties/DRY/min-p sampling, not temperature but we're not talking about small models that have those classes of issues here.
johndough 23 hours ago [-]
> Mythos and other models are not brute-forcing passwords (and with this analogy passwords, ie. systems are the same).
I am not talking about literally bruteforcing passwords (although LLMs are being used for that, too), but bruteforcing passwords and solving verifiable domain tasks have quite a few similarities, especially when considering rule-based and probabilistic bruteforce methods.
> We're not talking about dogs, but LLM systems.
Well, clearly dogs are not LLM systems. It is an analogy. If there is an important point on your mind that makes the analogy break down, feel free to spell it out.
> Mythos is not exploring entire solution space either.
Yes, but weaker models do not find the solution right away, so they need to try more often. But if they only try the same thing every time, they will never succeed, so we need some kind of guarantee that they try something different every time.
> Usually looping is solved by repetition/frequency/presence/n-gram penalties/DRY/min-p sampling, not temperature but we're not talking about small models that have those classes of issues here.
Those might help to reduce looping (at the cost of biasing the generation), but to guarantee that a model can generate all possible generations, we need non-zero probabilities for all tokens, not lower probabilities for likely tokens.
1over137 19 hours ago [-]
> I am not talking about literally bruteforcing passwords (although LLMs are being used for that, too)
They are? Seems like a much worse way to brute force that a tight loop written in a compiled language.
robocat 18 hours ago [-]
PassGPT: Password Modeling and (Guided) Generation with Large Language Models
Although most activity is likely hidden (blackhat or state)
Reubend 12 hours ago [-]
I think you're missing the point. Everything you said is theoretically correct, but the parent comment was talking about the concrete circumstance of pentesting with the top models today.
Let's just take GPT 5.5 and Opus 4.8 as an example. Both are worse than Mythos 5, but they're capable of quite a bit when the guardrails are lifted and they're paired with a skilled human operator. They more than "good enough" to reach the same result with the addition of some human effort.
spacebacon 16 hours ago [-]
[dead]
AngryData 12 hours ago [-]
Not surprised, our security systems are 95% security through obscurity these days. Mythos didn't find new ways to break security, it just went down the list of common security exploits and exposed them for being common even among government agencies.
protocolture 12 hours ago [-]
Next Headline: Government bans nMap.
vsgherzi 1 days ago [-]
This is really making me raise an eyebrow. I’m sure mythos is an improvement for sure. I don’t think the framing of it hacked the entire NSA is fully truthful. I’d like a more in depth understanding of what actually happened. Excited to be proved wrong tho!
Epa095 1 days ago [-]
Yeah, this article cites someone saying that someone else said something. Maybe it was said, maybe not. Maybe it was a exaggeration, maybe not.
SirFatty 1 days ago [-]
Very insightful.
cyanydeez 18 hours ago [-]
One has to assume they put Mythose behind the front lines and not infront of the front lines, so I'd agree almost any currently useful LLM could likely crack through security if you're already inside the perimeter.
stithpragya 18 hours ago [-]
From the outset, Mythos’s PR has been rather dodgy.
DANmode 17 hours ago [-]
They said “almost”, for starters.
protocolture 12 hours ago [-]
>On June 11th Mark Warner, the vice-chair of the Senate Intelligence Committee, said that General Joshua Rudd, who leads the National Security Agency and the Pentagon’s Cyber Command, had told him that Mythos “broke into almost all of our classified systems, not in weeks, but in hours”.
From outside? Or did you have a shit ton of unpatched systems that only internal users could access?
CobaltFire 12 hours ago [-]
Not a surprise. I got in a LOT of trouble for identifying and outlining a trivial privilege escalation attack that worked on both NIPR and SIPR.
In the end I got to help write up the issue but to my knowledge they never patched it as it would have caused major issues with maintenance by closing off access needed for some legacy software patches.
stubish 12 hours ago [-]
It is very interesting the different reactions between your experience (and many whistleblowers), and how people react to software doing the same thing. Although in this case, maybe it isn't so different? They did essentially have the tool buried, out of sight out of mind for a little while at least.
chaitanyya 10 hours ago [-]
How much of it is just exposing poor engineering practices people got away with because it was not economically viable earlier to spend human hours to exploit a system?
Not taking a dig at people, it was not a terrible choice earlier. Not like these models are inventing net new ways to exploit systems.
ActorNightly 10 hours ago [-]
Its not that.
I would bet a large sum of money that Mythos was put on the same local network as the "systems" (ie you have access to services like UPnP brokers that never meant for outside internet), and the "broke into" is just a blanket term for finding some bug which can range from simply crashing the program, to actual remote code execution. And its probably mostly the former. It used to be that cyber security research was all about finding ways to crash the program, which then implied that you can inject shell code, so the two became synonymous for vulnerability, but these days its very much not the case.
ggm 1 days ago [-]
I made a point about this in relation to anthropic last week: nobody inside the strategic information spaces is worried about AGI they're worried about core strategic information leaking out. Either it's in the model, or the model exposes pathways to finding it in the core strategic systems.
Those "tapes" DOGE took away? Nothing on them can be considered private any more. That's how brute force risk happens. Mythos' risks are showing doorways to exfiltration surely? Why bother when you can walk out the door with a data dump?
The NSA is just a highly specific subclass of the problem. Their traditional publicly stated approach to security is "nothing electronic which enters our domain leaves" and yet somehow they have assessed these systems as capable of breaching their walls? That's super bad.
I suspect they ran an analogue/instance inside their protection rings. I doubt they ran a test outside in the global internet. If they have actually lost control of their boundary, that's a bigger story (which I doubt) and contextually he could have been referring to information systems in NSAs duty of care, not things inside Ft Meade.
infinite_spin 10 hours ago [-]
It's important to point out that it's not necessarily the underlying model, but also the harness, which is the real wagon in this race
georgehotz 12 hours ago [-]
lol so how long have the Chinese had access for? this doesn't make Mythos look good, it makes the NSA look bad
Ekaros 5 hours ago [-]
I also question do they even need AI? If "almost all" refers to many systems in general. How many of those are human exploitable? Or known vulnerable... Depending on number and importance even say 10% would be very bad...
harrouet 2 hours ago [-]
IMHO it tells more about the "classified systems" than about Mythos.
Works for me though, even when using a proxy that is usually blocked everywhere.
michelb 6 hours ago [-]
Is this a fabrication to justify the blocking after the fact?
maxrev17 7 hours ago [-]
So you could basically harm the US financially by using copilot, claude, ChatGPT to do the same thing as they’d have to ‘ban’ it. Hmmm xaomi, you’re up!!!
ForHackernews 1 hours ago [-]
What are the chances this is a fun honeypot the NSA has set up to get adversaries pointing their best LLMs at NSA systems and suss out their capabilities?
Humorist2290 10 hours ago [-]
It must be a wild time in the corporate espionage world these days. The annual operating budget of the CIA is like 20B. That's a rounding error compared to the burn rates of these labs.
Maybe it's conspiratorial, but it seems like the direction this is going is for the US to nationalize these companies. Somewhere between "too big to fail" and "national security."
asdff 8 hours ago [-]
You probably don't want to nationalize them. You keep them private like how Lockheed et al are set up, so there can be no freedom of information act requests or any congressional meddling over the secrets and technologies within their purview.
throawayonthe 6 hours ago [-]
why would you... say this
walthamstow 4 hours ago [-]
Because you're a political appointee doing a political job (and they purged the last guy for being insufficiently loyal)
scotty79 18 hours ago [-]
If I were to guess, internally they have as sloppy security as any other corp/organization. And those were the things Mythos effortlessly poked holes in. Other models would probably as well, but Antropic hyping gave NSA the idea to try. The shell around those internal systems is probably as (im)penetrable as ever because it's just some flavor of hardened and bare bones linux.
“Donald Trump’s blocking of Anthropic is capricious and chaotic” - current title
I don’t understand the posted title quote and assume it’s missing a lot of context or was misinterpreted as it’s a secondary attribution. “Mythos broke into almost all of our classified systems in hours”.
When you put it on those networks already and gave it compute?
ricksunny 23 hours ago [-]
(see other comment about HN titles). I think expecting an HN post title to match the article title is an overzealous interpretation of the fieldname ‘title’ in the HN submission form. Happy to be corrected if it’s right in the HN forum rules, but I’ve found highly upvoted posts to have an accurately descriptive title that is other than the source article’s title.
In other words, ontologically speaking,
post.title -= article.title
I used to treat it as post.title = article.title, but the community taught me by example to cease being a purist.
Anyway article’s flagged so this is just pedantic at this point.
nacozarina 4 hours ago [-]
This soundbite is pure narrative. Most of the security of hi-side systems was simply being air-gapped. It is otherwise full of COTS software, much of it quite dated. You don’t need a fancy widget to break into them, simple access for a competent pen-tester is adequate. Don’t treat the fear-mongering as a scientific revelation; it ain’t.
3 hours ago [-]
MaxPock 1 days ago [-]
What happens when open source models achieve Mythos level capabilities in six months' time?
handoflixue 12 hours ago [-]
We'll see Mythos 2.0 patching all the Mythos 1.0 vulnerabilities before we see an open-source Mythos 1.0.
What matters isn't the power of the tool, but whether defenders have had time to secure against. Today's cyberweapon is tomorrow's laughably obsolete.
Stuxnet used to be a national security threat, now I'm not sure it would be useful for anything.
anakaine 8 hours ago [-]
They were not saying f Open Spurce Mythos 1.0. They were talking about performance / capability parity in other open source models.
handoflixue 4 hours ago [-]
Yeah, and by the time that happens, we will have seen Mythos 2.0 released
impossiblefork 17 hours ago [-]
I think it's probably more like a year or a year and a half. I don't want to say two years, but it's what I'm actually thinking.
mariebks 15 hours ago [-]
GLM 5.2 is already between 4.6 Opus 4.7 Opus level based on Artificial Analysis aggregation. 4.6 Opus is about 4 months old at this point, so seems like open source is maybe 4-6 months behind. It could still take a year but seems closer to 6 months.
Der_Einzige 11 hours ago [-]
Artificial Analysis is just as benchmark-maxxed as they come. Aggregating tons of benchmark-maxxing means you're still benchmark-maxxed.
There's simply no replacement for training on more, better tokens, with more parameters. Mythos/Fable was estimated to be closer to 10T parameters than the 800B like GLM 5.2 is.
ionwake 1 days ago [-]
I dont seem to understand why no one is talking about this obvious fact? I mean suddenyl everyone is banning .. ok .. well how many months behind are the open source models?
hdgvhicv 18 hours ago [-]
If you assume that open models catch up in 6-12-36 months, then you either assume exponential growth destroying the global economy and probably the world in a few years, or you assume it plateaus and commoditises.
Even if your country prevents access to compute to protect the trillion dollar companies, it’s not going to apply for every country, and as models get better it becomes easier to compete. There’s no way an AI non proliferation treaty will be passed or even enforceable.
8 hours ago [-]
latentsea 11 hours ago [-]
Open source models get banned.
DaSHacka 6 hours ago [-]
in America, maybe, but all of our adversaries will still have access to them, and continue working on them.
DiabloD3 6 hours ago [-]
If the NSA director said this, literally and verbatim, then him, and maybe several of his predecessors, should be remembered as the worst directors the NSA has ever had.
LLMs cannot create anything new, they can only repeat their training data. Ergo, the NSA director just admitted that their systems a) can be accessed from the Internet, b) have known, already exploitable (and probably already fixed) bugs, and enough of them to do the job in mere hours.
This is shameful.
Edit: From what I can tell, the NSA director didn't literally and verbatim say this, and it is second hand and (possibly) vastly misconstrued.
Somebody lied, I'm not sure who, but any claim Mythos can suddenly work, when every LLM before it couldn't, needs to be taken with a gigantic supermassive grain of salt.
Jamesbeam 19 hours ago [-]
Have to give it to Cyber Command. This is cheap and effective propAIganda.
Of course, America is now the only nation on the planet with advanced weaponised AI models that are so good they beat billions of dollars and decades of IT security experience with some of the brightest minds in their fields within hours.
If this were true, you’d see the president yapping and bragging about it on Truth before the NSA director even gets a chance to publicly talk about it. Probably doing a live stream about how he personally prompts his way into an unconditional Iranian surrender. You know it, I know it.
Nice try, William, but unless I see the Senate Intelligence Committee freaking out with you sweating black goo like Giuliani, I ain’t believing it.
This is the same kind of bullshit that was showing a gun on TV that could apparently give people heart attacks with some frozen, untraceable darts.
If the US really was in possession of a technology that could hack into the most secure environments on the planet autonomously within hours, you would see all their partners pulling their access from shared IT systems and blocking all traffic coming from the US immediately.
Especially considering they have been caught spying on allies before:
Fool us once, shame on you. Fool us twice, it's open windows season.
None of the partners or adversaries seem to give a fuck about Mythos, so there is a good chance this is just another lying NSA director as usual.
Come on, people. You don’t run the NSA if you’re an honest man.
It’s a spy agency.
throwwwll 4 hours ago [-]
>brightest minds
more like dimmest tbh
ionwake 1 days ago [-]
Not being funny but does most of HN subscribe to the economist? I dont think ive ever paid for an online newspaper ( and Im not trying to be edgy )
amanaplanacanal 19 hours ago [-]
If I was going to pay for a news subscription, it would probably be the economist. Or maybe the financial times. They both seem to still have solid journalism.
arvid-lind 1 days ago [-]
more likely, most of HN who care about reading this article use something like archive.is
Simulacra 22 hours ago [-]
Actual title "Donald Trump’s blocking of Anthropic is capricious and chaotic"
bel8 1 days ago [-]
HN post title does not match link title
> NSA director: 'Mythos "broke into almost all of our classified systems in hours"
> Donald Trump’s blocking of Anthropic is capricious and chaotic
ricksunny 23 hours ago [-]
I’ve found that high community-upvoted posts don’t bury the lede by parroting the headline. I used to be a headline title scribe until the HN community showed me the light.
bel8 22 hours ago [-]
The article has nothing about mythos breaking into classified systems in hours.
So you either posted the wrong link or are just spreading FUD.
pixelesque 21 hours ago [-]
Yes it does.
Third paragraph:
> On June 11th Mark Warner, the vice-chair of the Senate Intelligence Committee, said that General Joshua Rudd, who leads the National Security Agency and the Pentagon’s Cyber Command, had told him that Mythos “broke into almost all of our classified systems, not in weeks, but in hours”.
bel8 20 hours ago [-]
Indeed. I missed that part.
12 hours ago [-]
16 hours ago [-]
Trialog 18 hours ago [-]
[dead]
rajsuper123 15 hours ago [-]
what is the use of Submitting this news/report here if it's behind a paywall/login
ricksunny 23 hours ago [-]
flagged because reasons. @dang
DANmode 17 hours ago [-]
@ tags isn’t a thing here (send them an email if you ever actually need the mods).
> "On June 11th Mark Warner, the vice-chair of the Senate Intelligence Committee, said that General Joshua Rudd, who leads the National Security Agency and the Pentagon’s Cyber Command, had told him that Mythos “broke into almost all of our classified systems, not in weeks, but in hours”"
Why:
1. It's a paraphrase of a 2nd hand conversation and (at least) the last two 'telephone game' recipients are a U.S. Senator and a general, not security domain or IT experts. 2. Motivated communication: The Senator claimed this to justify the necessity of unprecedented restrictions that he agrees with. 3. The original testimony to the Intelligence Committee was almost certainly detailed, nuanced and highly classified, making this an extreme paraphrase.
In saying this, I'm not claiming Mythos may not be a security issue or that something directionally like this wasn't reported. But given the indirect, circuitous path, it's quite easy to imagine the original testimony was more like "Mythos identified a potential vulnerability we rated "Severe" in a critical system and we believe it could find similar vulnerabilities in any of our systems."
[1] https://csrc.nist.rip/publications/history/index_1.html
[2] https://en.wikipedia.org/wiki/KeyKOS
Only thing I disagree on is that we lost that knowledge, we did not, there isn’t much to capabilities, they actually simplify OS design IMO.
It's my belief that we can have general purpose, easy to use, secure computing for everyone.
No UAC crap, or horrible systems like AppArmor, no virus scanners, etc... just computers that do what you want, and only what you want.
We could have had it decades ago, if things had happened in a slightly different sequence order, related to the flood of personal computers.
And hardware glitches are a thing.
But I do agree that verified correct software can offer very strong guarantees that go well beyond those of commonly deployed software. We could have been in a much better place today.
0. https://sel4.systems/
State sponsored, non-public penetration fine tunes (of possibly public ones) likely can do it even faster.
Unsupervised penetration RL loop is ideal setup similar to optimization one – it's relatively easy to gain function on it.
And the fact that all our systems are riddled with security holes shouldn't be too much of a surprise given the way that we all know that software is developed and how tech debt / chores are constantly underbudgeted (plus I think this underscores that any one human's knowledge and attention are inherently limited, and even the best PR review is going to leak all kinds of security holes).
And the threat actors that would find that information "useful" already know it.
All of our IT security is a mess, the NSA director is just confirming what should be common knowledge.
- With a weaker model, the time to break into the system might grow so larger that it becomes infeasible, similar to how password hashes can be bruteforced, but if the password is long enough, that is not going to happen in our lifetime.
- There might be problems which are inherently unsolvable with a lower level of intelligence. For example, your dog won't derive calculus from scratch, even if it lived forever.
- LLMs might be biased in such a way that they never explore the entire solution space, no matter how many attempts are made. Some models are notorious for getting stuck in a loop, trying small variations of the same approach every time, even though it is doomed to fail. This can be counteracted somewhat with higher sampling temperature, but that hurts reasoning capabilities.
The ability to reproduce an exact copy of hamlet does not make one Shakespeare. A monkey on a typewriter may very well generate Shakespeare eventually, but it wouldn't understand Shakespeare then any more than it could immediately. Likewise a dog may put together some string of text that includes a derivation of calculus, but at no time will it be able to apply that derivation to solve mathematical problems.
It's a line of reasoning meant to shut off empathy to the here and now. And while it sounds good, along the lines of Baywatch: If you're jumping into a live saving situation and you have to choose between further harming your victim and you being harmed, you choose your victim because without you to save both of you, it's fatal; the difference is indirectly or directly pushing your victim into the water then claiming you're altruistically going to save them at a later date.
It's just delusions to keep moving forware.
https://www.csun.edu/~dgray/BE528/Pennigs2003Dogs_Calculus.p...
We're not talking about dogs, but LLM systems.
Mythos is not exploring entire solution space either.
Usually looping is solved by repetition/frequency/presence/n-gram penalties/DRY/min-p sampling, not temperature but we're not talking about small models that have those classes of issues here.
I am not talking about literally bruteforcing passwords (although LLMs are being used for that, too), but bruteforcing passwords and solving verifiable domain tasks have quite a few similarities, especially when considering rule-based and probabilistic bruteforce methods.
> We're not talking about dogs, but LLM systems.
Well, clearly dogs are not LLM systems. It is an analogy. If there is an important point on your mind that makes the analogy break down, feel free to spell it out.
> Mythos is not exploring entire solution space either.
Yes, but weaker models do not find the solution right away, so they need to try more often. But if they only try the same thing every time, they will never succeed, so we need some kind of guarantee that they try something different every time.
> Usually looping is solved by repetition/frequency/presence/n-gram penalties/DRY/min-p sampling, not temperature but we're not talking about small models that have those classes of issues here.
Those might help to reduce looping (at the cost of biasing the generation), but to guarantee that a model can generate all possible generations, we need non-zero probabilities for all tokens, not lower probabilities for likely tokens.
They are? Seems like a much worse way to brute force that a tight loop written in a compiled language.
https://huggingface.co/papers/2306.01545
Although most activity is likely hidden (blackhat or state)
Let's just take GPT 5.5 and Opus 4.8 as an example. Both are worse than Mythos 5, but they're capable of quite a bit when the guardrails are lifted and they're paired with a skilled human operator. They more than "good enough" to reach the same result with the addition of some human effort.
From outside? Or did you have a shit ton of unpatched systems that only internal users could access?
In the end I got to help write up the issue but to my knowledge they never patched it as it would have caused major issues with maintenance by closing off access needed for some legacy software patches.
Not taking a dig at people, it was not a terrible choice earlier. Not like these models are inventing net new ways to exploit systems.
I would bet a large sum of money that Mythos was put on the same local network as the "systems" (ie you have access to services like UPnP brokers that never meant for outside internet), and the "broke into" is just a blanket term for finding some bug which can range from simply crashing the program, to actual remote code execution. And its probably mostly the former. It used to be that cyber security research was all about finding ways to crash the program, which then implied that you can inject shell code, so the two became synonymous for vulnerability, but these days its very much not the case.
Those "tapes" DOGE took away? Nothing on them can be considered private any more. That's how brute force risk happens. Mythos' risks are showing doorways to exfiltration surely? Why bother when you can walk out the door with a data dump?
The NSA is just a highly specific subclass of the problem. Their traditional publicly stated approach to security is "nothing electronic which enters our domain leaves" and yet somehow they have assessed these systems as capable of breaching their walls? That's super bad.
I suspect they ran an analogue/instance inside their protection rings. I doubt they ran a test outside in the global internet. If they have actually lost control of their boundary, that's a bigger story (which I doubt) and contextually he could have been referring to information systems in NSAs duty of care, not things inside Ft Meade.
Maybe it's conspiratorial, but it seems like the direction this is going is for the US to nationalize these companies. Somewhere between "too big to fail" and "national security."
“Donald Trump’s blocking of Anthropic is capricious and chaotic” - current title
I don’t understand the posted title quote and assume it’s missing a lot of context or was misinterpreted as it’s a secondary attribution. “Mythos broke into almost all of our classified systems in hours”.
When you put it on those networks already and gave it compute?
In other words, ontologically speaking, post.title -= article.title
I used to treat it as post.title = article.title, but the community taught me by example to cease being a purist.
Anyway article’s flagged so this is just pedantic at this point.
What matters isn't the power of the tool, but whether defenders have had time to secure against. Today's cyberweapon is tomorrow's laughably obsolete.
Stuxnet used to be a national security threat, now I'm not sure it would be useful for anything.
There's simply no replacement for training on more, better tokens, with more parameters. Mythos/Fable was estimated to be closer to 10T parameters than the 800B like GLM 5.2 is.
Even if your country prevents access to compute to protect the trillion dollar companies, it’s not going to apply for every country, and as models get better it becomes easier to compete. There’s no way an AI non proliferation treaty will be passed or even enforceable.
LLMs cannot create anything new, they can only repeat their training data. Ergo, the NSA director just admitted that their systems a) can be accessed from the Internet, b) have known, already exploitable (and probably already fixed) bugs, and enough of them to do the job in mere hours.
This is shameful.
Edit: From what I can tell, the NSA director didn't literally and verbatim say this, and it is second hand and (possibly) vastly misconstrued.
Somebody lied, I'm not sure who, but any claim Mythos can suddenly work, when every LLM before it couldn't, needs to be taken with a gigantic supermassive grain of salt.
Of course, America is now the only nation on the planet with advanced weaponised AI models that are so good they beat billions of dollars and decades of IT security experience with some of the brightest minds in their fields within hours.
If this were true, you’d see the president yapping and bragging about it on Truth before the NSA director even gets a chance to publicly talk about it. Probably doing a live stream about how he personally prompts his way into an unconditional Iranian surrender. You know it, I know it.
Nice try, William, but unless I see the Senate Intelligence Committee freaking out with you sweating black goo like Giuliani, I ain’t believing it.
This is the same kind of bullshit that was showing a gun on TV that could apparently give people heart attacks with some frozen, untraceable darts.
If the US really was in possession of a technology that could hack into the most secure environments on the planet autonomously within hours, you would see all their partners pulling their access from shared IT systems and blocking all traffic coming from the US immediately.
Especially considering they have been caught spying on allies before:
https://www.spiegel.de/international/germany/cover-story-how...
You know what they say in intelligence circles.
Fool us once, shame on you. Fool us twice, it's open windows season.
None of the partners or adversaries seem to give a fuck about Mythos, so there is a good chance this is just another lying NSA director as usual.
Come on, people. You don’t run the NSA if you’re an honest man. It’s a spy agency.
more like dimmest tbh
> NSA director: 'Mythos "broke into almost all of our classified systems in hours"
> Donald Trump’s blocking of Anthropic is capricious and chaotic
So you either posted the wrong link or are just spreading FUD.
Third paragraph:
> On June 11th Mark Warner, the vice-chair of the Senate Intelligence Committee, said that General Joshua Rudd, who leads the National Security Agency and the Pentagon’s Cyber Command, had told him that Mythos “broke into almost all of our classified systems, not in weeks, but in hours”.
If you have something to say, say it.
Or don’t.
But, pick one.