23 comments

[ 2.6 ms ] story [ 45.8 ms ] thread
unfortunately a little light on the details. I'm very curious how the bug survived through MTE
I had the same question and if this is a data-only attack, the lesson may be that MIE reduces many attack paths but does not remove every useful corruption primitive
[flagged]
apple didn't "make up" this vulnerability, it was an external team reporting an issue
Did the article get edited? There is not much description of the field trip.
from what they demonstrated, this seems to only be a $100,000 exploit in Apple's bug bounty platform, but if they package it right, it could be a $1.5 million exploit

They simply have to show it against a beta version of MacOS, and frame it as unauthorized access, and maybe from locked mode if possible

I bought the M5 specifically cause of MIE. Now I feel dumb.
The world is so not ready for the impact of LLMs on security issues. If true, congrats to the Calif team. It’s likely too technical for me to understand in details but looking forward to reading the 55 pages report
[flagged]
LLMs are going to produce amazing Rube Goldberg style vulnerabilities for years to come. It's already starting, this instance isn't the case, but it's happening.
I’m surprised Apple is still not dogfooding their allegedly safe language Swift. Or was the whole exercise of Swift 6 mostly marketing
So like ... I thought Mythos was just a bunch of hype? Or maybe the researchers are having their skills boosted due to using a model with such a cool name?

I jest, but I did notice having more confidence to take on more ambitious work lately. We're all centaurs now.

Anthropic just doesn't (didn't) have compute, so they make up a bunch of PR to delay it

They got all that compute with the SpaceX partnership but now the PR has taken a life of its own, so might as well keep hyping up Mythos and artificial scarcity if they have an asset people want now

Just roll with it

Open AI has a history of doing the same thing and it's the same people. GPT 5 was supposed to be AGI at one point, remember.

Did Mythos have access to Apple's source code?

> Apple spent five years building it. Probably billions of dollars too.

This seems higher than I'd expect.

This is incredibly light in details, no verifiable claim as far as I can tell.

(I’m sure they’re not lying, but we’re not learning anything here)

Well, this was fun read. Discovering such a high-ranking critical exploit within a week by coupling experts with frontier models is an amazing new journey we're about to embark on.
Wait a minute - clearly I missed something here. Last I read, Mythos was only available to a handpicked list of megacorps under project glasswing. Did the hourly changing AI soap opera air yet another plot twist that I missed amidst my quest better known as “trying to find a job”?

If not, how’d a small time outfit get access to something the rest of us can’t have because we’re (apparently) not trustworthy enough?

No shade on these guys - I’m thinking it’s just another plot twist in “Hours of AI’s Lives”.

They list Anthropic as one of their customers and appear to have conducted penetration testing for them previously, so they're likely one of those trusted organizations.
> We wanted to check out the infamous Infinite Loop too, but were afraid it could take a long time.

Haha! Nerd jokes are the best jokes