@shadowdancer thing is, nobody is going to be fixing them
Post
Replies:
6
Boosts:
2
@rysiek
Okay, but it'll sure get interesting when AI starts to look for vulns in all that vibe coded crap.
@shadowdancer thing is, nobody is going to be fixing them
@rysiek
Yeah, well no human at least. AI generated fixes on the other hand... 😉
Oh boy, we're heading straight to hell.
Oh and a reminder that the whole "wow Mythos is such much special at finding vulns amaze" shtick is largely just Anthropic's hype.
https://aisle.com/blog/ai-cybersecurity-after-mythos-the-jagged-frontier
> We tested Anthropic Mythos's showcase vulnerabilities on small, cheap, open-weights models. They recovered much of the same analysis. AI cybersecurity capability is very jagged: it doesn't scale smoothly with model size, and the moat is the system into which deep security expertise is built, not the model itself.
@rysiek I had opined (on the Linkedump) that discovering vulnerabilities is one of the tasks BEST suited to LLM (or other AI) style automation, exactly because you can auto-verify the outcome and just keep trying: https://www.linkedin.com/posts/bjarni-r-einarsson_ai-cybersecurity-after-mythos-the-jagged-activity-7449221057443512320-IUcw
Mozilla wrote a blog post confirming that exactly this property was fundamental to their success with Mythos: https://arstechnica.com/information-technology/2026/05/mozilla-says-271-vulnerabilities-found-by-mythos-have-almost-no-false-positives/ - the model may be impressive, but the tooling around it is what makes this actually work.
@rysiek I had opined (on the Linkedump) that discovering vulnerabilities is one of the tasks BEST suited to LLM (or other AI) style automation, exactly because you can auto-verify the outcome and just keep trying: https://www.linkedin.com/posts/bjarni-r-einarsson_ai-cybersecurity-after-mythos-the-jagged-activity-7449221057443512320-IUcw
Mozilla wrote a blog post confirming that exactly this property was fundamental to their success with Mythos: https://arstechnica.com/information-technology/2026/05/mozilla-says-271-vulnerabilities-found-by-mythos-have-almost-no-false-positives/ - the model may be impressive, but the tooling around it is what makes this actually work.
