|
|
|
|
|
|
by ChadNauseam
14 hours ago
|
|
|
> Then why did curl only find one new vulnerability thanks to Mythos Maybe there weren't that many serious vulnerabilities in curl? It's like asking why it didn't find any vulnerabilities in fn main() {println!("hello, world");}. Anyway, people who have used it seem to say that Mythos was better than other models at creating exploits. From cloudflare https://blog.cloudflare.com/cyber-frontier-models/ > When we ran other frontier models through the same harness, they found a fair number of the same underlying bugs, and in some cases they got further than we expected on the reasoning side too. Where they fell short was at the point of stitching the pieces together. A model would identify an interesting bug, write a thoughtful description of why it mattered, and then stop, leaving the actual chain unfinished and the question of exploitability open. What changed with Mythos Preview is that a model can now take those low-severity bugs (which would traditionally sit invisible in a backlog) and chain them into a single, more severe exploit. |
|
|
Not a fan of this phrasing, prefer "discovering exploits".
It makes it clearer the problem was already there, latent.
Minor vocab diff, but important to better contextualize the present situation.