We follow the proof-of-concept approach, where we generate the exploit and confirm that it performs as claimed by the AI. Given our extensive experience as security software engineers with over a decade in the industry, we are not simply blindly reporting any critical security bug that Mythos claims to have discovered. Instead, we meticulously verify each one of them.
The best case scenario for AI companies is, people receive those bug reports, look at the model that produced it and not even look at the details, just apply the fix mindlessly
This gives Anthropic a staggering amount of power. Oh it came from Mythos? We will just lose time trying to analyze it, better apply the fix ASAP
> The best case scenario for AI companies is, people receive those bug reports, look at the model that produced it and not even look at the details, just apply the fix mindlessly
Do people maintaining serious software do this, though?
How are these reports verified to be valid? If there are too many some could be hallucinations too.
We follow the proof-of-concept approach, where we generate the exploit and confirm that it performs as claimed by the AI. Given our extensive experience as security software engineers with over a decade in the industry, we are not simply blindly reporting any critical security bug that Mythos claims to have discovered. Instead, we meticulously verify each one of them.
The best case scenario for AI companies is, people receive those bug reports, look at the model that produced it and not even look at the details, just apply the fix mindlessly
This gives Anthropic a staggering amount of power. Oh it came from Mythos? We will just lose time trying to analyze it, better apply the fix ASAP
> The best case scenario for AI companies is, people receive those bug reports, look at the model that produced it and not even look at the details, just apply the fix mindlessly
Do people maintaining serious software do this, though?
Good
I predict once the responsible disclosure period is up we will see a lot more