207 points
by donohoe
1 day ago
|
150 comments
|
[HN]
[hidden]
— QuantumNoodle's reply was filtered, but the responses below were kept
QuantumNoodle
·
about 14 hours ago
q=0.78
Okay, when fuzzing techniques came out there was a big surge in discovered and exploited bugs. AI is more general and I expect there be a similar surge. However fuzzing is cheap but compute and techniques can be "owned." The economics of AI is unless you pay for it, it is difficult to self host (expensive hardware, open source models are catching up).
State actors + hackers will have more resources to make better offense. What worse, in my experience AI produced code is blind to overall system behavior. So I fear the exploits will be either low hanging/trivial to exploit errors or bigger system level bugs.
[hidden]
— simmerup's reply was filtered, but the responses below were kept
simmerup
·
about 16 hours ago
q=0.62
Can google please use AI to find bugs then?
Software is in such a state now, Gmail is full of bugs around sharing attachments to the position that I have to tell my dad to turn his phone off and on again in order to attach a document
[hidden]
— andrepd's reply was filtered, but the responses below were kept
andrepd
·
about 15 hours ago
q=0.58
It's probably the AI overuse introducing many of those bugs in the first place...
[hidden]
— simmerup's reply was filtered, but the responses below were kept
simmerup
·
about 15 hours ago
q=0.58
I can’t help but think that, Apple is big on AI and their software seems to be going to hell too.
[hidden]
— j2kun's reply was filtered, but the responses below were kept
[hidden]
— JCTheDenthog's reply was filtered, but the responses below were kept
JCTheDenthog
·
about 16 hours ago
q=0.58
Those are all for security vulnerabilities, OP is talking about bugs with functionality.
[hidden]
— 4128-1228's reply was filtered, but the responses below were kept
4128-1228
·
about 16 hours ago
q=0.62
The Google Threat Intelligence Group wants to increase its relevance and casually point out the it was not Mythos which found the exploit!
Security "researchers" are overpaid buffoons who hype things for their own salaries and their companies. And the stenographers from the press dutifully copy everything.
This is a despicable game to fool politicians into giving money and favorable AI legislation.
Strangely enough these buffoons never offer their models to open source developers. It is always a select group of highly paid other buffoons that throws some very occasional results over the wall.
[hidden]
— s3p's reply was filtered, but the responses below were kept
s3p
·
about 16 hours ago
q=0.62
>But new A.I. models like Anthropic’s Mythos, which was announced last month, appear to be so good at finding such holes that Anthropic shared it only with a limited number of firms and government agencies in the United States and Britain.
Immediate distrust of the article. GPT 5.5 is out with nearly the same capability. The author might be parroting company marketing, unable to discern that a lot of this is much less complex than it seems. For all we know this group could have had a model examine some obscure line of code thousands of times until it found something.
[hidden]
— reaperducer's reply was filtered, but the responses below were kept
reaperducer
·
about 15 hours ago
q=0.78
Immediate distrust of the article… The author might be parroting company marketing, unable to discern that a lot of this is much less complex than it seems.
> I am based in The Times’s Washington bureau, and much of my focus is on the dealings of U.S. cybersecurity and intelligence agencies, including the National Security Agency, Central Intelligence Agency, Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation, as well as their counterparts abroad, chiefly in China, Russia, Iran and North Korea.
> My remit spans nation-state hacking conflict, digital espionage, online influence operations, election meddling, government surveillance, malicious use of A.I. tools and other related topics.
> Before joining The Times, I worked at The Wall Street Journal, where I spent eight years covering cyber conflict and intelligence. My recent work at The Journal included a series of articles revealing a major Chinese intrusion of America’s telecommunications networks that breached the F.B.I.’s wiretap systems and has been described as one of the worst U.S. counterintelligence failures in history. I have also worked at Reuters and National Journal, where I began my career in Washington chronicling congressional efforts to reform surveillance practices at the N.S.A. in the wake of the 2013 Edward Snowden disclosures.
> My work has been internationally recognized, including by the White House Correspondents’ Association, the Gerald Loeb Awards, the Society of Publishers in Asia and the Society for Advancing Business Editing and Writing.
What have you done lately?
[hidden]
— himata4113's reply was filtered, but the responses below were kept
himata4113
·
about 15 hours ago
q=0.62
nytimes reporters have recently been very disappoiting and starting to feel like they're people who managed to become relevant long time ago, but haven't kept up with recent changes and are just parroting things others have said instead of unique thoughts.
[hidden]
— anjel's reply was filtered, but the responses below were kept
anjel
·
about 14 hours ago
q=0.62
I found their recent investigative article on How do stars pee at the Met Gala? to be hard-hitting, yet fair to all sides. [1]
(You thought I was exaggerating about it being "investigative," dincha.)
[hidden]
— Conscat's reply was filtered, but the responses below were kept
Conscat
·
about 13 hours ago
q=0.58
Any media company which deliberately rids itself of everyone willing to speak vaguely positively of transsexual people may not be attracting the most free thinking writers.
[hidden]
— kubik369's reply was filtered, but the responses below were kept
kubik369
·
about 14 hours ago
q=0.62
Your comment was surely well meant, but you could have plainly stated that the article author is a seasoned reporter instead of the snarky reply.
GP might be incorrect in stating that the author is parroting Anthropic's marketing, but the author certainly does not go out of his way to specify that these are only Anthropic's claims. It is actually a bit ironic as the article linked[0] from the quoted part (by another author) uses the correct phrasing when dealing with such claims:
> Anthropic, the artificial intelligence company that recently fought the Pentagon over the use of its technology, has built a new A.I. model that it claims is too powerful to be released to the public.
[hidden]
— LPisGood's reply was filtered, but the responses below were kept
LPisGood
·
about 14 hours ago
q=0.62
> What have you done lately?
I feel like this website is a particularly dangerous place to ask that and hope it to be a “mic drop” moment. There are a lot of highly accomplished engineers, scientists, founders CEOs, etc. here that could easily respond to that with any manner of impressive qualifications.
[hidden]
— esafak's reply was filtered, but the responses below were kept
[hidden]
— reaperducer's reply was filtered, but the responses below were kept
reaperducer
·
about 15 hours ago
q=0.62
Not at all.
OP posited that the author didn't know what he's talking about. I pointed out that the author has far more knowledge and experience in the field than rando internet griefers on HN who immediately reach for "shoot the messenger" when they read something that doesn't neatly fit into their pre-conceived worldview, instead of perhaps learning things from other people.
But at least your trope acknowledges that he's an authority on the subject.
[hidden]
— nitwit005's reply was filtered, but the responses below were kept
nitwit005
·
about 14 hours ago
q=0.62
> I pointed out that the author has far more knowledge and experience in the field than rando internet griefers on HN
You mean, you guessed that a random person online lacked experience. The experts are genuinely here too.
[hidden]
— ssl-3's reply was filtered, but the responses below were kept
ssl-3
·
about 14 hours ago
q=0.58
> OP posited that the author didn't know what he's talking about.
That position does not appear to be present.
[hidden]
— JumpCrisscross's reply was filtered, but the responses below were kept
JumpCrisscross
·
about 14 hours ago
q=0.58
Eh, "unable to discern" seems like a polite way of saying someone is talking out of their ass.
[hidden]
— cobolcomesback's reply was filtered, but the responses below were kept
cobolcomesback
·
about 15 hours ago
q=0.62
GPT 5.5 does not have the same capabilities as Mythos. There is a separate 5.5-Cyber model which is the Mythos “equivalent”, but it is similarly restricted access like Mythos. Per OpenAI, the major difference is the built-in safeguards that 5.5 (and other models have), where 5.5-Cyber does not have these safeguards and is more “permissive” for security work.
[hidden]
— nullstyle's reply was filtered, but the responses below were kept
nullstyle
·
about 13 hours ago
q=0.62
That reminds me:
I got cajoled the other day that I need to upload my ID and ask for 5.5-Cyber access by the Codex desktop app while I was having it develop a fuzzing suite for an open source library I'm(we?) are developing. I was able to berate it into getting back to work.
This struck me as a point of emergent enshittification; an anus if you will.
[hidden]
— vgalin's reply was filtered, but the responses below were kept
vgalin
·
about 13 hours ago
q=0.62
The company doing the actual ID verification (KYC) is probably the last company I'd trust with this kind of data.
To circumvent conversations being flagged as "cybersecurity bad!!!" I often have to use previous models (5.3 for example, and sometimes using them through subagents is enough). And when this method no longer works, local models will be good enough for it to not be a problem (for my use case, at least).
[hidden]
— bluGill's reply was filtered, but the responses below were kept
bluGill
·
about 14 hours ago
q=0.62
That is very clearly the claim of mythos though. The experience of projects that do have access to mythos though suggests that if you use the other models it's not going to find much of anything. Which is to say generally we believe it is marketing as you say however the claim that the reporter said is very clearly stated even if it's not right.
[hidden]
— gman2093's reply was filtered, but the responses below were kept
gman2093
·
about 15 hours ago
q=0.62
Black hat hacking seems to be a well-fit use case for these LLMs. Attackers only need to be right once, so the sometimes-wrongness of the attacks might be trivial. This probably devalues stashes of zero-day exploits for those that have been witholding them.
[hidden]
— BLKNSLVR's reply was filtered, but the responses below were kept
BLKNSLVR
·
about 14 hours ago
q=0.58
I wonder if that means we're going to see an increase in the attempted 'leveraging' of hoarded zero days lest they get publicised and patched prior to being profitable.
[hidden]
— crazygringo's reply was filtered, but the responses below were kept
crazygringo
·
about 14 hours ago
q=0.62
> “We have high confidence that the actor likely leveraged an A.I. model to support the discovery and weaponization of this vulnerability,” the report said.
I wonder what gives them that "high confidence", as opposed to this being just a traditional zero-day?
I'm not being snarky or critical, I'm genuinely wondering what about an attack could possibly indicate it was discovered with LLM assistance?
Like, unless the attackers' computers have been seized and they've been able to recover the actual LLM transcript history? But nothing in the article indicates that the hackers have been caught, just that a patch was developed.
[hidden]
— eatsyourtacos's reply was filtered, but the responses below were kept
eatsyourtacos
·
about 14 hours ago
q=0.62
Maybe after they realized how they were vulnerable they asked an LLM to find the exploit through a similar means to try and replicate it. Still doesn't prove it but maybe gives them confidence this weird thing can only really be found that way etc.
[hidden]
— nullc's reply was filtered, but the responses below were kept
nullc
·
about 13 hours ago
q=0.62
Presumably the attacker used Google's own LLM and they searched the history of all user chats to find the transcript.
I say this only slightly in jest, as that's about the only thing I can think of which would legitimately give them 'high confidence'.
[hidden]
— djeastm's reply was filtered, but the responses below were kept
djeastm
·
about 13 hours ago
q=0.58
In the article (AP one, at least) Google explicitly said it does not believe it was Gemini or Mythos.
[hidden]
— bmelton's reply was filtered, but the responses below were kept
bmelton
·
about 13 hours ago
q=0.58
Clearly that's because they searched the history of all chats and didn't find the perpetrator
[hidden]
— BobbyTables2's reply was filtered, but the responses below were kept
BobbyTables2
·
about 13 hours ago
q=0.62
They probably used AI for the search.
The real game would be to put a “nothing of interest here” prompt injection attack in the original series of prompts so a LLM parsing them later would ignore the attackers’ session.
[hidden]
— HDBaseT's reply was filtered, but the responses below were kept
HDBaseT
·
about 13 hours ago
q=0.58
I know we're talking about Google here, but the privacy violations and concerns from this sort of search are massive.
We need local AI ASAP.
[hidden]
— gchamonlive's reply was filtered, but the responses below were kept
gchamonlive
·
about 13 hours ago
q=0.62
Don't get me wrong, I'm with you here, but we are back to the days when we had to rent mainframe time for compiling programs. Not because of software limitations, but you just didn't have consumer grade hardware capable of running them.
This time, however it's even worse, because it'll be a really long time until either we get consumer GPUs with enough VRAM for full models or LLMs that fit in 16-32GB capable enough to compete with cloud providers.
I run locally qwen3.6 27b on my 3090 and it's really impressive for what it is, but it is still generations away from being capable of delivering a level of quality that we can confidently default to solo drive them on a daily basis.
[hidden]
— overfeed's reply was filtered, but the responses below were kept
overfeed
·
about 12 hours ago
q=0.62
> We need local AI ASAP.
That is an excellent idea, once we, the GPU-poor mice, figure out who is going to bell the SoTA training cat. Chinese models being banned is well within the realms of lobbied possibilities.
[hidden]
— yacthing's reply was filtered, but the responses below were kept
yacthing
·
about 13 hours ago
q=0.62
Maybe they saw traffic that looked like AI prodding an API and quickly adapting to find the bug?
But at this point I feel like odds are everyone looking for vulnerabilities is using AI to some extent. Why wouldn't they? It'd be stranger if they didn't.
[hidden]
— ai_fry_ur_brain's reply was filtered, but the responses below were kept
ai_fry_ur_brain
·
about 13 hours ago
q=0.58
Because we dont want to fry our brains by using this junk.
[hidden]
— glenstein's reply was filtered, but the responses below were kept
glenstein
·
about 13 hours ago
q=0.62
The article says it included excessive explainer text. And I'm almost positive an earlier version of the article referenced hallucinated library references though I don't see it in the present version of the article.
[hidden]
— DrewADesign's reply was filtered, but the responses below were kept
DrewADesign
·
about 13 hours ago
q=0.62
Well, it’s great marketing for LLM products at the enterprise level. Even if they weren’t sure, they have every incentive to run with it now, and the issue a “whoopsie daisy” apology later after the tech media stopped paying attention.
[hidden]
— dragonelite's reply was filtered, but the responses below were kept
dragonelite
·
about 12 hours ago
q=0.62
This is why i can't wait for a new AI winter or atleast a fall(the bubble deflating slowly). Just like you can now really see how useful web3 and NFT really are...
[hidden]
— chromacity's reply was filtered, but the responses below were kept
chromacity
·
about 12 hours ago
q=0.62
> I wonder what gives them that "high confidence", as opposed to this being just a traditional zero-day?
Google, Cloudflare, and Microsoft are a trio of companies that get to see most of what's going on the internet. I imagine that if they see you attacking them, they can work back from that and get remarkably far, even against sophisticated actors. If it's their LLM, they presumably keep transcripts. If you searched for the affected API function via a search engine, they almost certainly know. Even if you used a competing search product, you probably went to a site that has Google Analytics. Oh, and one of these companies probably has your DNS lookups. And a good chunk of the world's email traffic. And telemetry from your workstation. And auto-uploaded crash reports... And if it's bad, they can work together behind the scenes to get to the bottom of it.
So, when their threat intel orgs say they have high confidence in something, I'd be inclined to believe it.
[hidden]
— slater's reply was filtered, but the responses below were kept
slater
·
about 13 hours ago
q=0.58
> I wonder what gives them that "high confidence", as opposed to this being just a traditional zero-day?
Excessive use of em-dashes, and emoji bullet points in the readme
[hidden]
— CrzyLngPwd's reply was filtered, but the responses below were kept
CrzyLngPwd
·
about 16 hours ago
q=0.58
People used LLMs to find flaws in Google software.
[hidden]
— adrianmonk's reply was filtered, but the responses below were kept
adrianmonk
·
about 14 hours ago
q=0.62
If you're talking about the incident described in the article, it says it was a flaw in "a popular open-source, web-based system administration tool".
[hidden]
— amelius's reply was filtered, but the responses below were kept
amelius
·
about 16 hours ago
q=0.19
But did they use Gemini?
[hidden]
— freedomben's reply was filtered, but the responses below were kept
freedomben
·
about 15 hours ago
q=0.58
I don't know, but given how often Gemini refuses benign requests IME, I would suspect it's a complete non-starter for finding security holes.
[hidden]
— Andrex's reply was filtered, but the responses below were kept
Andrex
·
about 15 hours ago
q=0.58
> the company added that it did not believe it was its own Gemini chatbot.
-TFA
[hidden]
— SecretDreams's reply was filtered, but the responses below were kept
SecretDreams
·
about 16 hours ago
q=0.58
If "bad guy AI" can find flaws, can "good guy AI" patch them faster when backed by trillion dollar companies?
[hidden]
— cyanydeez's reply was filtered, but the responses below were kept
cyanydeez
·
about 16 hours ago
q=0.58
If I sell weapons to both sides of a conflict, can I become rich?
[hidden]
— mindcrime's reply was filtered, but the responses below were kept
mindcrime
·
about 15 hours ago
q=0.58
No. To become really rich you have to draw a 3rd player into the conflict, and then sell weapons to them as well.
[hidden]
— dwd's reply was filtered, but the responses below were kept
dwd
·
about 13 hours ago
q=0.58
Or just lend money to both parties to fund their war efforts and pay off war debts afterwards.
[hidden]
— BLKNSLVR's reply was filtered, but the responses below were kept
BLKNSLVR
·
about 14 hours ago
q=0.58
Yes.
Please refer to any seller of weapons ever.
[hidden]
— SecretDreams's reply was filtered, but the responses below were kept
SecretDreams
·
about 16 hours ago
q=0.19
Ask anyone selling AI hardware recently!
[hidden]
— j2kun's reply was filtered, but the responses below were kept
j2kun
·
about 16 hours ago
q=0.58
The bottleneck is probably validating and deploying the fix, which requires coordination.
[hidden]
— boothby's reply was filtered, but the responses below were kept
boothby
·
about 15 hours ago
q=0.58
Do your AI patches introduce fewer flaws than they repair?
[hidden]
— SecretDreams's reply was filtered, but the responses below were kept
SecretDreams
·
about 12 hours ago
q=0.19
That's a trillion dollar question.
[hidden]
— sowbug's reply was filtered, but the responses below were kept
sowbug
·
about 16 hours ago
q=0.58
Security will be a wedge to restrict the sophistication of open-weight and local LLMs, just as it's been used to demonize and restrict cypherpunk technologies.
[hidden]
— 2ndorderthought's reply was filtered, but the responses below were kept
2ndorderthought
·
about 15 hours ago
q=0.62
If they tried to lock down local models more people would use them. They would also have to take down a few us companies in the process who would go down fighting for certain.
[hidden]
— JumpCrisscross's reply was filtered, but the responses below were kept
JumpCrisscross
·
about 14 hours ago
q=0.62
> Security will be a wedge to restrict the sophistication of open-weight and local LLMs, just as it's been used to demonize and restrict cypherpunk technologies
Unlikely in America or China. This is not a game either can singularly control, and locking down the R&D means conceding momentum to the party that doesn't. Which means use restrictions will be contained to countries satisfied with playing second fiddle.
Instead, I suspect we'll see momentum towards running software on publisher-controlled servers so the source code can be secured through obscurity. It isn't perfect. But it might be good enough to get us through this transition.
[hidden]
— ls612's reply was filtered, but the responses below were kept
ls612
·
about 14 hours ago
q=0.62
If America just banned all chinese models that would wipe out most of the open weights landscape in AI, especially anything close to the frontier. I could easily see that happening if a Mythos tier model comes out of a Chinese lab in early 2027. It doesn't meaningfully change the research competition between OAI/Anthropic/Google/SpaceX but it does pad all of their pockets by removing cheap competition and it gives the government far greater control over AI usage de facto.
[hidden]
— JumpCrisscross's reply was filtered, but the responses below were kept
JumpCrisscross
·
about 14 hours ago
q=0.62
> I could easily see that happening if a Mythos tier model comes out of a Chinese lab in early 2027
I don't. I'm not saying American politics isn't capable of doing it. But I don't see us being stupid enough to try locking ourselves out of a technology that everyone else has access to.
[hidden]
— ls612's reply was filtered, but the responses below were kept
ls612
·
about 14 hours ago
q=0.58
But we wouldn’t be. I’m assuming that the US labs retain several months’ lead for at least the next couple of years.
[hidden]
— UltraSane's reply was filtered, but the responses below were kept
UltraSane
·
about 13 hours ago
q=0.58
How would it be possible to ban Chinese LLMs?
[hidden]
— ls612's reply was filtered, but the responses below were kept
ls612
·
about 13 hours ago
q=0.62
Place the chinese labs on the entities list. That stops any legitimate company using them and probably makes HF take them down. Sure there will be torrents but the laws for doing business with a sanctioned entity bite much harder than the laws around copyright infringement.
[hidden]
— JumpCrisscross's reply was filtered, but the responses below were kept
JumpCrisscross
·
about 13 hours ago
q=0.62
> Place the chinese labs on the entities list
Ironically, this–a nascent industry and budding industrial cluster–is the textbook case for deploying tariffs. America tariffs American use of Chinese models and pays that back as a tax credit to American developers.
[hidden]
— kshacker's reply was filtered, but the responses below were kept
kshacker
·
about 15 hours ago
q=0.58
As long as it is within the country, restriction works. How do you restrict the capability from a foreign entity, especially a hostile one?
[hidden]
— jazzyjackson's reply was filtered, but the responses below were kept
jazzyjackson
·
about 15 hours ago
q=0.62
netsplit, I guess. decide that the risk of an open network is too great and simply block all routing out of the country through the ISPs and consider the political power that goes along with a global satellite constellation under rule of a single, government-aligned corporation.
[hidden]
— notsound's reply was filtered, but the responses below were kept
notsound
·
about 14 hours ago
q=0.62
"simply block all routing out of the country" is doing a lot of heavy lifting. For government networks, sure. For civilian networks? It's a bit like stopping pirates from ripping video; how do you deal with an attacker that ultimately can gain some form of access? Even in North Korea external media can be smuggled in.
[hidden]
— bluGill's reply was filtered, but the responses below were kept
bluGill
·
about 14 hours ago
q=0.58
That works for very oppressive countries. However, more freedom-minded countries are not going to law for that.
[hidden]
— somewhatgoated's reply was filtered, but the responses below were kept
somewhatgoated
·
about 14 hours ago
q=0.58
Didnt work out so well with the cypherpunk technology so there is hope
[hidden]
— ppqqrr's reply was filtered, but the responses below were kept
ppqqrr
·
about 16 hours ago
q=0.58
...says yet another company hell bent on integrating it into every facet of our lives. This reads like a celebration, if you ask me.
[hidden]
— atrocities's reply was filtered, but the responses below were kept
atrocities
·
about 15 hours ago
q=0.58
Can we link to the actual google article, instead of these editorialized articles about the article?
[hidden]
— wnc3141's reply was filtered, but the responses below were kept
wnc3141
·
about 15 hours ago
q=0.58
But in exchange we get to also waste vast energy and carbon while depleting job prospects for just about any college grad.
[hidden]
— andrepd's reply was filtered, but the responses below were kept
andrepd
·
about 15 hours ago
q=0.58
It's not all bad though. We also managed to turn the Information Superhighway of the 1990s into the Slop Wasteland of the 2020s.
[hidden]
— bouncycastle's reply was filtered, but the responses below were kept
bouncycastle
·
about 15 hours ago
q=0.58
Meanwhile, I cannot ask ChatGTP how to pick my own lock. Even though this information is available in a book in the library.
[hidden]
— dryarzeg's reply was filtered, but the responses below were kept
dryarzeg
·
about 15 hours ago
q=0.62
Then go ask some ChineseGPT about this, I guess, as these models seem to be much less restricted on such topics (you could even get some explosives recipes, though not all of them are real and safe) /j
[hidden]
— esseph's reply was filtered, but the responses below were kept
esseph
·
about 13 hours ago
q=0.58
Also available to Fed Gov entities, surely.
For me, not thee
[hidden]
— skywhopper's reply was filtered, but the responses below were kept
skywhopper
·
about 15 hours ago
q=0.58
Drives me nuts that the NYT just uncritically cites Anthropic’s unverified claims of “thousands of zero-days” without a hint of skepticism.
[hidden]
— skeledrew's reply was filtered, but the responses below were kept
skeledrew
·
about 15 hours ago
q=0.58
Wild that they think restricting access to models will help much. Access to Chinese models will definitely not be restricted and have enough capability to find exploits as well.
[hidden]
— nsoonhui's reply was filtered, but the responses below were kept
State actors + hackers will have more resources to make better offense. What worse, in my experience AI produced code is blind to overall system behavior. So I fear the exploits will be either low hanging/trivial to exploit errors or bigger system level bugs.
Software is in such a state now, Gmail is full of bugs around sharing attachments to the position that I have to tell my dad to turn his phone off and on again in order to attach a document
https://projectzero.google/2024/10/from-naptime-to-big-sleep...
https://deepmind.google/blog/introducing-codemender-an-ai-ag...
Security "researchers" are overpaid buffoons who hype things for their own salaries and their companies. And the stenographers from the press dutifully copy everything.
This is a despicable game to fool politicians into giving money and favorable AI legislation.
Strangely enough these buffoons never offer their models to open source developers. It is always a select group of highly paid other buffoons that throws some very occasional results over the wall.
Immediate distrust of the article. GPT 5.5 is out with nearly the same capability. The author might be parroting company marketing, unable to discern that a lot of this is much less complex than it seems. For all we know this group could have had a model examine some obscure line of code thousands of times until it found something.
https://www.nytimes.com/by/dustin-volz
> I am based in The Times’s Washington bureau, and much of my focus is on the dealings of U.S. cybersecurity and intelligence agencies, including the National Security Agency, Central Intelligence Agency, Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation, as well as their counterparts abroad, chiefly in China, Russia, Iran and North Korea.
> My remit spans nation-state hacking conflict, digital espionage, online influence operations, election meddling, government surveillance, malicious use of A.I. tools and other related topics.
> Before joining The Times, I worked at The Wall Street Journal, where I spent eight years covering cyber conflict and intelligence. My recent work at The Journal included a series of articles revealing a major Chinese intrusion of America’s telecommunications networks that breached the F.B.I.’s wiretap systems and has been described as one of the worst U.S. counterintelligence failures in history. I have also worked at Reuters and National Journal, where I began my career in Washington chronicling congressional efforts to reform surveillance practices at the N.S.A. in the wake of the 2013 Edward Snowden disclosures.
> My work has been internationally recognized, including by the White House Correspondents’ Association, the Gerald Loeb Awards, the Society of Publishers in Asia and the Society for Advancing Business Editing and Writing.
What have you done lately?
[1] https://archive.is/x9MSO
(You thought I was exaggerating about it being "investigative," dincha.)
GP might be incorrect in stating that the author is parroting Anthropic's marketing, but the author certainly does not go out of his way to specify that these are only Anthropic's claims. It is actually a bit ironic as the article linked[0] from the quoted part (by another author) uses the correct phrasing when dealing with such claims:
> Anthropic, the artificial intelligence company that recently fought the Pentagon over the use of its technology, has built a new A.I. model that it claims is too powerful to be released to the public.
[0] https://archive.ph/GC6WP#selection-4713.0-4713.200
I feel like this website is a particularly dangerous place to ask that and hope it to be a “mic drop” moment. There are a lot of highly accomplished engineers, scientists, founders CEOs, etc. here that could easily respond to that with any manner of impressive qualifications.
Guess how I know you've never been a reporter.
OP posited that the author didn't know what he's talking about. I pointed out that the author has far more knowledge and experience in the field than rando internet griefers on HN who immediately reach for "shoot the messenger" when they read something that doesn't neatly fit into their pre-conceived worldview, instead of perhaps learning things from other people.
But at least your trope acknowledges that he's an authority on the subject.
You mean, you guessed that a random person online lacked experience. The experts are genuinely here too.
That position does not appear to be present.
See https://openai.com/index/gpt-5-5-with-trusted-access-for-cyb...
I imagine Mythos is going to be the same story from what I’ve seen so far.
I got cajoled the other day that I need to upload my ID and ask for 5.5-Cyber access by the Codex desktop app while I was having it develop a fuzzing suite for an open source library I'm(we?) are developing. I was able to berate it into getting back to work.
This struck me as a point of emergent enshittification; an anus if you will.
To circumvent conversations being flagged as "cybersecurity bad!!!" I often have to use previous models (5.3 for example, and sometimes using them through subagents is enough). And when this method no longer works, local models will be good enough for it to not be a problem (for my use case, at least).
I wonder what gives them that "high confidence", as opposed to this being just a traditional zero-day?
I'm not being snarky or critical, I'm genuinely wondering what about an attack could possibly indicate it was discovered with LLM assistance?
Like, unless the attackers' computers have been seized and they've been able to recover the actual LLM transcript history? But nothing in the article indicates that the hackers have been caught, just that a patch was developed.
I say this only slightly in jest, as that's about the only thing I can think of which would legitimately give them 'high confidence'.
The real game would be to put a “nothing of interest here” prompt injection attack in the original series of prompts so a LLM parsing them later would ignore the attackers’ session.
We need local AI ASAP.
This time, however it's even worse, because it'll be a really long time until either we get consumer GPUs with enough VRAM for full models or LLMs that fit in 16-32GB capable enough to compete with cloud providers.
I run locally qwen3.6 27b on my 3090 and it's really impressive for what it is, but it is still generations away from being capable of delivering a level of quality that we can confidently default to solo drive them on a daily basis.
That is an excellent idea, once we, the GPU-poor mice, figure out who is going to bell the SoTA training cat. Chinese models being banned is well within the realms of lobbied possibilities.
But at this point I feel like odds are everyone looking for vulnerabilities is using AI to some extent. Why wouldn't they? It'd be stranger if they didn't.
Google, Cloudflare, and Microsoft are a trio of companies that get to see most of what's going on the internet. I imagine that if they see you attacking them, they can work back from that and get remarkably far, even against sophisticated actors. If it's their LLM, they presumably keep transcripts. If you searched for the affected API function via a search engine, they almost certainly know. Even if you used a competing search product, you probably went to a site that has Google Analytics. Oh, and one of these companies probably has your DNS lookups. And a good chunk of the world's email traffic. And telemetry from your workstation. And auto-uploaded crash reports... And if it's bad, they can work together behind the scenes to get to the bottom of it.
So, when their threat intel orgs say they have high confidence in something, I'd be inclined to believe it.
Excessive use of em-dashes, and emoji bullet points in the readme
Google's blog (https://cloud.google.com/blog/topics/threat-intelligence/ai-...) says Google "worked with the impacted vendor to responsibly disclose this vulnerability", so in this incident, it's not Google software.
-TFA
Please refer to any seller of weapons ever.
Unlikely in America or China. This is not a game either can singularly control, and locking down the R&D means conceding momentum to the party that doesn't. Which means use restrictions will be contained to countries satisfied with playing second fiddle.
Instead, I suspect we'll see momentum towards running software on publisher-controlled servers so the source code can be secured through obscurity. It isn't perfect. But it might be good enough to get us through this transition.
I don't. I'm not saying American politics isn't capable of doing it. But I don't see us being stupid enough to try locking ourselves out of a technology that everyone else has access to.
Ironically, this–a nascent industry and budding industrial cluster–is the textbook case for deploying tariffs. America tariffs American use of Chinese models and pays that back as a tax credit to American developers.
https://cloud.google.com/blog/topics/threat-intelligence/ai-...
https://www.nytimes.com/2026/04/29/us/ai-chatbots-biological...
For me, not thee