Mythos is good for cybersecurity simply because now executives can’t just tell people that only superhackers can break their stuff, as people wouldn’t believe them now anyways.
Infosec for decades has been 99% “hey I found some low-hanging fruit” only to get treated like a liability by the company you report it to, if you got acknowledgment at all. Because of Mythos though, now Artificial Superhumans can find these same vulns, and anyone could be running such an intelligence! Even better, the rich untouchable people operating this particular Artificial Superhuman can’t just be suppressed or ignored by the other set of rich untouchable people that have routinely not cared in the past. So long as it makes anthropic money, maybe we’ll actually see actual improvements in security!
>What if finding every vulnerability in a piece of software were just as fast and easy as finding a few of them, thanks to automation?
This presumes there is such a thing as "every" vulnerability. It is possible that ever more sophisticated, complicated, and abstract attacks become possible/discoverable as one applies more intelligence to the problem.
IF it is indeed possible to make a piece of software completely secure, then yes, more intelligent systems make the situation better, because it will always be possible to audit a system before it is ever released and make it completely safe.
That is a very big if and, as far as I am aware, remains to be seen if it's the case
-edit- They mention this possibility themselves further down, so the authors know this is a completely speculative point/article. They don't even try to make an argument about why one possibility might be more likely than the other. This article is useless.
There will probably be congressional hearings when it turns out Lazarus Group had access, and then the USG will use it as an excuse to lock AI behind harsh KYC.
Mythos has been a boon for "look busy" work. My global corp org has been on a bender upgrading everything, patching everything. There is a giant dashboard that shows green/red for everything we have.
I think it's a total overreaction. But the edict was passed down, and here we are go.
Maybe, but they’ve got everyone scared shitless. My entire org (30k employees, not just engineers) is in sprint 2 of a remediation effort, where we are systematically fixing every high+ finding across hundreds of workloads with decades of system bloat.
I’ve never seen us so aligned on a goal! Wiz is doing pretty well for itself also…
Why are we worried about vulnerabilities in code when AI powered social engineering will make it fast, easy, and even fun to find vulnerabilities through human interaction, faster and more deeply than ever?
According to our software (which is, of course, imperfect), your account has repeatedly been posting AI-generated and/or AI-edited comments. If so, can you please stop? It's not allowed here, and will eventually get your account banned.
Mythos is good for cybersecurity simply because now executives can’t just tell people that only superhackers can break their stuff, as people wouldn’t believe them now anyways.
Infosec for decades has been 99% “hey I found some low-hanging fruit” only to get treated like a liability by the company you report it to, if you got acknowledgment at all. Because of Mythos though, now Artificial Superhumans can find these same vulns, and anyone could be running such an intelligence! Even better, the rich untouchable people operating this particular Artificial Superhuman can’t just be suppressed or ignored by the other set of rich untouchable people that have routinely not cared in the past. So long as it makes anthropic money, maybe we’ll actually see actual improvements in security!
Did you just assume every hacker has all the source code in the world?
Hi, security professional here! A lot of the time, we don't need it.
>What if finding every vulnerability in a piece of software were just as fast and easy as finding a few of them, thanks to automation?
This presumes there is such a thing as "every" vulnerability. It is possible that ever more sophisticated, complicated, and abstract attacks become possible/discoverable as one applies more intelligence to the problem.
IF it is indeed possible to make a piece of software completely secure, then yes, more intelligent systems make the situation better, because it will always be possible to audit a system before it is ever released and make it completely safe.
That is a very big if and, as far as I am aware, remains to be seen if it's the case
-edit- They mention this possibility themselves further down, so the authors know this is a completely speculative point/article. They don't even try to make an argument about why one possibility might be more likely than the other. This article is useless.
There will probably be congressional hearings when it turns out Lazarus Group had access, and then the USG will use it as an excuse to lock AI behind harsh KYC.
https://x.com/kevinakwok/status/2049984076141281482
Mythos has been a boon for "look busy" work. My global corp org has been on a bender upgrading everything, patching everything. There is a giant dashboard that shows green/red for everything we have.
I think it's a total overreaction. But the edict was passed down, and here we are go.
wasn't there a post by someone that looked into the Mythos demo and felt that it was terrible at doing what people claimed it could do?
Granted, given that most cybersecurity news over the past decade has been grim, both could be true...
https://archive.ph/B2Ztd
On the other hand Mythos is currently vapor and a marketing stunt
Maybe, but they’ve got everyone scared shitless. My entire org (30k employees, not just engineers) is in sprint 2 of a remediation effort, where we are systematically fixing every high+ finding across hundreds of workloads with decades of system bloat.
I’ve never seen us so aligned on a goal! Wiz is doing pretty well for itself also…
... or it riffs with your nick and rhymes with stunt.
If it is "vapor" then how are the various mega corps able to use the preview release? Do you think they are all in on some giant conspiracy?
Or they are all riding the hype train and pumping AI just as much as always, lest we forget when Sam did this with GPT-5
Why does it feel like this was written by AI?
Mythos hacked the site, wrote, and published the article
Why are we worried about vulnerabilities in code when AI powered social engineering will make it fast, easy, and even fun to find vulnerabilities through human interaction, faster and more deeply than ever?
Because having humans in the loop slows things down, much faster if the attacker can break into the system directly.
We are replacing those with AI agents anyways. It'll be AI agents all the way down!
no, it's not. it's a tool in a zero sum game. a competitive imbalance. an exclusive moat. it's not improving anything, it's shifting power.
As long as it shifts the zero-sum game in the favor of the defender, it is improving things.
In a technical sense, I assume the defender means cybersecurity companies, open source developers, etc?
In a physical sense, Anthropic is giving access to who we believe are the "defenders", aka the United States DoD and Israel.
[flagged]
According to our software (which is, of course, imperfect), your account has repeatedly been posting AI-generated and/or AI-edited comments. If so, can you please stop? It's not allowed here, and will eventually get your account banned.
(See https://news.ycombinator.com/newsguidelines.html#generated and https://news.ycombinator.com/item?id=47340079.)
Like seems to be broken, this one worked for me: https://sfstandard.com/opinion/2026/05/06/mythos-cybersecuri...
Oops, sorry - orig was double pasted and it won't let me edit :/
You can ask admins to post-edit.
hn@ycombinator.com
Thanks, reached out