[ghm2199]

So my home router, all my iot devices attached to it from printers to projectors, not to mention custom stacks like Lutron. BLE based locks, car key fobs.

All of these technically could have zero day vulnerabilities and people/companies who made it don't have the resources to buy 20000$ of tokens to go debug them... Maybe they don't care but if they do, what if they can't afford such models or get access in time.

I would like to know how can someone like me defend against them?

[mbonnet]

> I would like to know how can someone like me defend against them?

You could take the Galactica approach - de-network everything you can.

[DustinBrett]

That's the neat part, you can't.

[taspeotis]

> don't have the resources to buy 20000$ of tokens to go debug them

$20,000 - how many developers do these hardware companies have that they need to spend that much? Claude Team Premium is US$125/mo for a seat and even cheaper if you buy annually...

[stratos123]

$20000 is what the Antropic report says they spent on scanning OpenBSD [1].

[1] "Across a thousand runs through our scaffold, the total cost was under $20,000 and found several dozen more findings.", https://red.anthropic.com/2026/mythos-preview/

[taspeotis]

That's for OpenBSD, typical IoT firmware is tiny by comparison: a few init.rc scripts, some cron jobs, a php-cgi web UI, and glue code with hardcoded API keys. The total lines of code are orders of magnitude smaller, so the audit surface and expected cost are too.

[yencabulator]

Running a "too advanced" harness against a Claude Code subscription gets your organization banned, even if it's a shell wrapper over `claude -p`. You probably can't reproduce this research with a fixed-price subscription.