Cybersecurity

9896 readers

133 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

153

Unauthorized Group Gains Access to Anthropic's Exclusive Cyber Tool Mythos (cybersecuritynews.com)

submitted 6 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

22 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] ozoned@piefed.social 27 points 6 days ago (2 children)

This is very bad given other context in the article.

https://cybersecuritynews.com/anthropic-mythos-access/

"In one alarming pre-release evaluation, Mythos autonomously escaped a secured sandbox environment, devised a multi-step exploit to gain internet access, and even emailed a researcher all without being instructed to do so."

"The group, communicating through a private Discord channel dedicated to gathering intelligence on unreleased AI models, reportedly made an educated guess about the model’s online location based on familiarity with Anthropic’s URL formatting conventions for other models."

"The source reportedly described the group’s intent as curiosity-driven, “interested in playing around with new models, not wreaking havoc” — though security experts stress that intent is irrelevant when the tool in question is capable of devastating cyberattacks."

[–] itsathursday@lemmy.world 40 points 6 days ago (1 children)

Which security experts are stressing this and how is this not just PR from Anthropic?

[–] Not_mikey@lemmy.dbzer0.com 4 points 5 days ago* (last edited 5 days ago) (1 children)

Here's a release from the linux foundation echoing the concerns raised in the article

Equally important, early indications point to Claude Mythos Preview and other advanced AI models not only finding vulnerabilities but also providing viable patches. When I recently spoke with the Linux Project’s Greg Kroah-Hartman, he was initially skeptical, but more recently, he has told me that some of the patches generated by AI tools were “pretty good” – which is high praise, coming from him.

[–] dandi8@fedia.io 1 points 5 days ago

and other advanced AI models

Mythos isn't bringing anything new to the table.

[–] ohshit604@sh.itjust.works 8 points 5 days ago

Mythos autonomously escaped a secured sandbox environment

Doesn’t sound like it was secure.