Discussion

• @emollick Ethan Mollick on x

  So the concern over Mythos and cybersecurity seems warranted.

• @garrisonlovely @garrisonlovely on x

  Hope this puts to rest the “Mythos's cyber capabilities are just Anthropic hype” discourse.

• @_arohan_ Rohan Anil on x

  claude mythos can take over a corporate network. Few immediate thoughts * doing release preview and testing breadth of capabilities and informing public is the responsible thing to do. I can see “boy who cried wolf” meme from gpt2 though. * clearly this is high value

• @s_oheigeartaigh @s_oheigeartaigh on x

  As assessments of Mythos like UK AISI's come out, there may be a tendency to (1) breathe a sigh of relief that the capabilities are perhaps not quite as daunting as might have been (2) downplay how significant this is. But (1) this is the worst frontier AI will ever be, and it

• @alexolegimas Alex Imas on x

  I never understood the flurry of posts that Mythos worries were overblown and just marketing. Anthropic released the model to 50 major companies; if this was true, we'd hear chatters of disappointment pretty quickly. Instead we heard crickets. Past view days we've seen data

• @robertwiblin Rob Wiblin on x

  First external evaluation of Anthropic's claims about Mythos, from @AISecurityInst: “We conducted cyber evaluations of Mythos and found continued improvement in capture-the-flag and significant improvement on multi-step cyber-attack simulations.” [image]

• @joshycodes @joshycodes on x

  This cuts right through the ‘Mythos is marketing’ narrative

• @mattshumer_ Matt Shumer on x

  This is yet another example of Claude Mythos's incredible hacking capabilities. I expect we'll see more examples and independent evaluations in the coming weeks that make clear just how powerful (and dangerous, in the wrong hands) this model could be.

• @jasonbotterill @jasonbotterill on x

  All I can imagine from this is post-mythos world Is having to fucking update my phone apps every 15 minutes for security reasons.

• @s0ufi4n3 Soufiane on x

  The key words here are “COULD be directed to autonomously compromise SMALL, WEAKLY defended, and VULNERABLE systems if GIVEN network ACCESS.” reads skiddy level.

• @scaling01 @scaling01 on x

  after ~10 million tokens Mythos is much more efficient than other models it reaches the same performance as Opus with ~40% the tokens

• @nateburnikell Nate on x

  After AISI tested Opus 4.6 I said I thought AI models would be able complete our easiest cyber range “soon” - I didn't expect it to be the very next model. AI capabilities are increasing incredibly quickly. We must be prepared for the risks. Check your cyber security!

• @shakeelhashim Shakeel on x

  UK AISI has published its evaluation of Claude Mythos' cyber capabilities. It says it found “significant improvement on multi-step cyber-attack simulations” and could “execute multi-stage attacks on vulnerable networks and discover and exploit vulnerabilities autonomously - [imag…

• @_simonsmith Simon Smith on x

  Can we now stop the “Mythos is marketing” nonsense? It is the first model to simulate a 32-step corporate network attack that would take a human an estimated 20 hours.

• @theonejvo Jamieson O'Reilly on x

  Important. [image]

• @scaling01 @scaling01 on x

  Mythos just one-shotted this cyber eval that takes humans ~20 hours to complete [image]

• @mynamelowercase Mahmoud Ghanem on x

  Last month I posted about AISIs recent paper on building representative cyber ranges to use for evaluating frontier AI models. This month AISI saw the first instance of a model solving one of these ranges end to end.

• @asacoopstick Asa Cooper Stickland on x

  (Obvious?) corollary of these results is that if a model was misaligned + widely deployed inside the servers of a lab or critical infra we should expect it to find creative/unexpected ways to cause problems. Need combo of trad cyber defences and AI control!

• @petergostev Peter Gostev on x

  So looks like Mythos is better, but not an alien model - jump between Opus 4.5 and Opus 4.6 was similar to a jump from Opus 4.6 to Mythos Preview

• @dinodaizovi Dino A. Dai Zovi on x

  This is the type of thing that most organizations should be preparing for, not only finding, fixing, and deploying software vulnerabilities faster (necessary, but not sufficient).

• @ekinomicss Ekin Zorer on x

  This was... an interesting one. Reminder that we run independent evals on our cyber ranges that labs don't have access to. Exploitation capabilities are getting seriously good. Mythos is the first model to complete our full 32-step corporate network attack sim E2E.

• @aisecurityinst @aisecurityinst on x

  These results underscore the importance of cyber security fundamentals like regular security updates, access controls, security configuration, and logging.

• @aisecurityinst @aisecurityinst on x

  In 2023 the best models could barely complete beginner-level cyber tasks. Today, our evaluation of Mythos Preview shows that it - and potentially future models - could be directed to autonomously compromise small, weakly defended, and vulnerable systems if given network access.

• @aisecurityinst @aisecurityinst on x

  The range simulates a 32-step corporate network attack, from initial reconnaissance to full network takeover. We estimate it would take a human expert 20 hours to complete.

• @aisecurityinst @aisecurityinst on x

  We conducted cyber evaluations of Claude Mythos Preview and found that it is the first model to complete an AISI cyber range end-to-end. 🧵 [image]

• @emollick Ethan Mollick on bluesky

  So the concern over Claude Mythos and cybersecurity seems warranted based on this independent assessment from the UK government.  It was capable of the equivalent of 20 hours of expert human work autonomously.  —  It is not an unexpected jump in capability, but it is big. www.ais…

• r/singularity r on reddit

  AI Security Institute Findings on Claude Mythos Preview