this post was submitted on 09 Apr 2026
579 points (99.0% liked)

Microblog Memes

11306 readers
493 users here now

A place to share screenshots of Microblog posts, whether from Mastodon, tumblr, ~~Twitter~~ X, KBin, Threads or elsewhere.

Created as an evolution of White People Twitter and other tweet-capture subreddits.

RULES:

  1. Your post must be a screen capture of a microblog-type post that includes the UI of the site it came from, preferably also including the avatar and username of the original poster. Including relevant comments made to the original post is encouraged.
  2. Your post, included comments, or your title/comment should include some kind of commentary or remark on the subject of the screen capture. Your title must include at least one word relevant to your post.
  3. You are encouraged to provide a link back to the source of your screen capture in the body of your post.
  4. Current politics and news are allowed, but discouraged. There MUST be some kind of human commentary/reaction included (either by the original poster or you). Just news articles or headlines will be deleted.
  5. Doctored posts/images and AI are allowed, but discouraged. You MUST indicate this in your post (even if you didn't originally know). If an image is found to be fabricated or edited in any way and it is not properly labeled, it will be deleted.
  6. Absolutely no NSFL content.
  7. Be nice. Don't take anything personally. Take political debates to the appropriate communities. Take personal disagreements & arguments to private messages.
  8. No advertising, brand promotion, or guerrilla marketing.

RELATED COMMUNITIES:

founded 2 years ago
MODERATORS
ReadyUser31@lemmy.world
aeronmelon@lemmy.world
needanke@feddit.org
579
"my product is the next atomic bomb bro, I'm so scared at how much it's gonna change the world, you gotta invest bro" (lemmy.blahaj.zone)
submitted 6 days ago by not_IO@lemmy.blahaj.zone to c/microblogmemes@lemmy.world
28 comments fedilink hide all child comments
 

https://cosocial.ca/@mhoye/116370957848655523

context https://tech-insider.org/anthropic-claude-code-source-code-leak-npm-2026/

https://www.securityweek.com/anthropic-unveils-claude-mythos-a-cybersecurity-breakthrough-that-could-also-supercharge-attacks/

top 28 comments
sorted by: hot top controversial new old
[–] morrowind@lemmy.ml 69 points 6 days ago (1 children)

In a weird sort of way it does. Consider all of the following

  1. big companies are often incompetent and inefficient in a lot of ways
  2. The mozilla foundation has confirmed the security issues that Anthropic found were real
  3. Generally over the past few years, anthropic has some of the best, most reliable models
  4. Claude code has been kinda bad for a while
  5. Claude code has been mainly bot-written for a while as well. This can lead to functional, decent code that's still terrible in many ways as seen from the leak. Also it's entirely possible that bots are worse at detecting issues in bot written code. You could argue if they were good at it, they would be less likely to write those security issues in the first place?
  6. Anthropic could have very skilled ml engineers but mediocre software developers
[–] dfyx@lemmy.helios42.de 41 points 6 days ago (4 children)

On the other hand: if their new tool is so great, why haven't they used it to fix Claude's security issues?

[–] Croquette@sh.itjust.works 37 points 6 days ago (2 children)

I've seen Claude prompts. They specifically asked it to create secure code.

[–] AnUnusualRelic@lemmy.world 19 points 6 days ago* (last edited 6 days ago)

Oh, that's fine then. I'm glad they've solved the problem.
Good thing they had their top people working on it.

[–] criss_cross@lemmy.world 15 points 6 days ago

I also add “don’t hallucinate” to all of my prompts. Works like magic!

[–] bort@sopuli.xyz 15 points 6 days ago (1 children)

sorry for the snark, but

big companies are often incompetent and inefficient in a lot of ways

[–] Passerby6497@lemmy.world 3 points 6 days ago

They're usually stupid enough to footgun their own brand too

[–] kkj@lemmy.dbzer0.com 5 points 5 days ago

They don't claim that it fixes issues, only that it finds them. Maybe they know about all the issues but can't wade through the spaghetti well enough to do anything about them.

[–] eru@mouse.chitanda.moe 0 points 5 days ago

because their new tool is new and the leaked code for claude's frontend was written before mythos was considered mature enough to throw at your codebase?

[–] CheeseNoodle@lemmy.world 32 points 6 days ago

Guy on TV this morning saying they've 'created a new species' and I'm like yeh, you've created a group of humans so dumb that no other human would be willing to have kids with them.

[–] Elting@piefed.social 11 points 6 days ago

Time for the Anthropic Apologists. I’ve noticed a lot of them recently.

[–] qevlarr@lemmy.world 5 points 5 days ago (1 children)

Scam Altman hallucinates more than his AI

[–] SkaveRat@discuss.tchncs.de 6 points 4 days ago

Different ai company, but yeah

[–] Fmstrat@lemmy.world 6 points 5 days ago

Billions of dollars could have paid for a lot of security engineers. Wonder how many issues they could have found and fixed.

[–] Matty_r@programming.dev 4 points 5 days ago (1 children)

Anthropic legitimately believes they've created a living being. Its fuckin weird.

[–] fruitycoder@sh.itjust.works 3 points 4 days ago

I do enjoy telling people that OpenAI was literally a cult that believed they are/were building God. Musk, and Anthropic also believe that. Facebook and Google have mixed opinions on the subject. Microsoft is content just getting the bag. Oracle is also more down to earth only hoping to build a ubiquous survelice and secret policing system.

Though a mixture of academic groups, a Chinese hedge fund, and a lot of volunteering motivated by Weird Sciencing themselves a girlfriend/daughter have also contributed a lot to the field.

[–] turtlesareneat@piefed.ca 7 points 5 days ago (4 children)

The company's shoddy opsec doesn't directly equate to the model's cabapilities. I am not one to believe anyone's hype, but I am not one to believe the AI anti-hype that goes on throughout Lemmy. A year ago, according to Lemmy, LLMs could never produce working code at scale. 6 months ago, according to Lemmy, LLMs could never produce working code that was secure enough to use in production. Now, Lemmy believes LLM can't be disruptive to cybersecurity as a whole.

In 6 months I wonder what Lemmy will claim LLMs aren't capable of.

[–] Omodi@lemmy.world 3 points 5 days ago (1 children)

I still have not seen evidence that LLMs can make it easier for engineers to produce working code at scale.

[–] Zos_Kia@jlai.lu 1 points 4 days ago

It's not evidence, but anecdotally i have two clients who have been working fully agentic for a good 6 months and they're smashing it. Even looking at it critically they haven't been able to find any obvious negative impact on code quality, product stability or performance or security.

I think the secret sauce is that they weren't born with AI, they just integrated it into technical cultures that were already solid. In this context it does speed things up a bunch. Not a 100x multiplier or whatever dumb stuff they're pushing on Twitter, but you do get high velocity without burning out your team or sacrificing quality.

And those 2 companies i just happen to know but they're nothing special. You take any boring software company from Paris or Berlin and i'm pretty sure you'll get the evidence you seek.

[–] CultLeader4Hire@lemmy.world 4 points 5 days ago

Yeah this is very linear. Just because something sucks in someways doesn’t make in wholly incapable of other things.

[–] redsand@infosec.pub 2 points 4 days ago

How time and cost effective is this? Like I can dump 80k in tokens into finding an exploit or spend 80k to hire a guy who will probably take longer but not give me false positives.

[–] x0x7@lemmy.world 2 points 5 days ago

Well clearly people could use it to find security holes in their backend, since those def exist.

[–] ideonek@piefed.social 3 points 5 days ago (2 children)

What is the 'instruction to mislead' referring to?

[–] dwemthy@lemmy.world 13 points 5 days ago

Likely the directive in the source code for users internal to Anthropic that the LLM should not make any reference to being an LLM or mention model names etc in commit messages or comments. So when they contribute code to external repos it's not immediately identifiable as LLM generated

[–] CultLeader4Hire@lemmy.world 4 points 5 days ago

The poison pills that are there to mislead you if you try to reverse engineer it

[–] Franconian_Nomad@feddit.org 2 points 6 days ago

Current models are getting decent at some things, while still being kinda shitty at other things. So this is not as contradicting as it sounds.