this post was submitted on 23 Apr 2026

59 points (96.8% liked)

Fuck AI

6975 readers

5 users here now

"We did it, Patrick! We made a technological breakthrough!"

A place for all those who loathe AI to discuss things, post articles, and ridicule the AI hype. Proud supporter of working people. And proud booer of SXSW 2024.

AI, in this case, refers to LLMs, GPT technology, and anything listed as "AI" meant to increase market valuations.

founded 2 years ago

MODERATORS

VerbFlow@lemmy.world

MrMcGasion@lemmy.world

TootSweet@lemmy.world

BigMikeInAustin@lemmy.world

cynar@lemmy.world

drmeanfeel@lemmy.world

pavnilschanda@lemmy.world

CriticalMedicine@lemmy.world

WonderfulWanderer@lemmy.world

Communist@lemmy.ml

eatCasserole@lemmy.world

SpaceNoodle@lemmy.world

NutWrench@lemmy.world

Soup@lemmy.cafe

iAvicenna@lemmy.world

Tinks@lemmy.world

wizblizz@lemmy.world

corus_kt@lemmy.world

Prandom_returns@lemm.ee

TrickDacy@lemmy.world

TheFriar@lemm.ee

HawlSera@lemm.ee

andrew_bidlaw@sh.itjust.works

MeDuViNoX@sh.itjust.works

33550336@lemmy.world

Nougat@fedia.io

Lost_My_Mind@lemmy.world

Quill7513@slrpnk.net

glowing_hans@sopuli.xyz

e8d79@discuss.tchncs.de

ThefuzzyFurryComrade@pawb.social

Anthropic Mythos shaping up as nothingburger (www.theregister.com)

submitted 2 weeks ago by HaraldvonBlauzahn@feddit.org to c/fuck_ai@lemmy.world

9 comments fedilink hide all child comments

cross-posted from: https://feddit.org/post/28915274

cross-posted from: https://feddit.org/post/28915273

[...]

That marketing may have outstripped reality. Early reports from Mythos preview users including AWS and Mozilla indicate that while the model is very good and very fast at finding vulnerabilities, and requires less hands-on guidance from security engineers - making it a welcome time-saver for the human teams - it has yet to eclipse human security researchers.

"So far we've found no category or complexity of vulnerability that humans can find that this model can't," Mozilla CTO Bobby Holley said, after revealing that Mythos found 271 vulnerabilities in Firefox 150. Then he added: "We also haven't seen any bugs that couldn't have been found by an elite human researcher." In other words, it's like adding an automated security researcher to your team. Not a zero-day machine that's too dangerous for the world.

top 9 comments

sorted by: hot top controversial new old

[–] Addv4@lemmy.world 8 points 2 weeks ago* (last edited 2 weeks ago)

Not to be too much of a "knew it" person, but I remember when they first started rumors about how dangerous it was that my bullshit detector started going off, because it felt like they were intentionally trying to make it sound like a threat large enough to get attention, and more importantly funding. I kinda expect it to be adopted, then opsec to complain about it sucking in a couple of weeks to months at a few bigger companies.

[–] Ilixtze@lemmy.ml 6 points 2 weeks ago

The dangerous part is how many resources were wasted to train a model that performs below the current open source offerings?

[–] SandraBollocks@lemmy.world 2 points 2 weeks ago* (last edited 2 weeks ago) (2 children)

i dunno if im off base here, but staying 1 step ahead in the infinitely escalating digital security war requires using AI... which will, in turn, merely escalate, rather than prevent, further security threats. everything else in the article seems like fluff

[–] HaraldvonBlauzahn@feddit.org 8 points 2 weeks ago (3 children)

i dunno if im off base here, but staying 1 step ahead in the infinitely escalating digital security war requires using AI

Or just writing new code in Rust, which is much cheaper and prevents a large fraction of bugs

[–] jj4211@lemmy.world 10 points 2 weeks ago

While that does mitigate a lot of things, it doesn't fundamentally guarantee security.

For example, the language will not guard against things like SQL injection, path traversal, shell injection, the language itself can't guard against those (however core libraries may discourage dangerous patterns, but ultimately using a library or manually doing something yourself the wrong way.

I would even venture in this day and age most vulnerabilities are no longer from C misadventures. Between popularity of languages that have more safety rails and more analysis tools...

[–] waldfee@feddit.org 3 points 2 weeks ago

I do find it funny how Mozilla has created both Rust and Servo, yet FireFox's Gecko is still written in C/++

[–] gravitas_deficiency@sh.itjust.works 1 points 2 weeks ago

Supply chain attacks: exist

[–] JustTesting@lemmy.hogru.ch 3 points 2 weeks ago

Usually with new security tools, e,g. fuzzers, you catch a whole bunch of bugs, and then that class of bugs is essentially eliminated, but the security arms race switches to different classes of bugs not solved by the tools. So yôu have a big initial peak of bugs found/fixed that slows to trickle. Remains to be seen if LLMs follow the same pattern.

[–] gravitas_deficiency@sh.itjust.works 2 points 2 weeks ago

I enjoy how much this headline works as a critique of their new model, as well as of the company in general