51 comments

[ 3.7 ms ] story [ 68.1 ms ] thread
I made a point about this in relation to anthropic last week: nobody inside the strategic information spaces is worried about AGI they're worried about core strategic information leaking out. Either it's in the model, or the model exposes pathways to finding it in the core strategic systems.

Those "tapes" DOGE took away? Nothing on them can be considered private any more. That's how brute force risk happens. Mythos' risks are showing doorways to exfiltration surely? Why bother when you can walk out the door with a data dump?

The NSA is just a highly specific subclass of the problem. Their traditional publicly stated approach to security is "nothing electronic which enters our domain leaves" and yet somehow they have assessed these systems as capable of breaching their walls? That's super bad.

I suspect they ran an analogue/instance inside their protection rings. I doubt they ran a test outside in the global internet. If they have actually lost control of their boundary, that's a bigger story (which I doubt) and contextually he could have been referring to information systems in NSAs duty of care, not things inside Ft Meade.

What happens when open source models achieve Mythos level capabilities in six months' time?
I think it's probably more like a year or a year and a half. I don't want to say two years, but it's what I'm actually thinking.
We'll see Mythos 2.0 patching all the Mythos 1.0 vulnerabilities before we see an open-source Mythos 1.0.

What matters isn't the power of the tool, but whether defenders have had time to secure against. Today's cyberweapon is tomorrow's laughably obsolete.

Stuxnet used to be a national security threat, now I'm not sure it would be useful for anything.

(comment deleted)
HN post title does not match link title

> NSA director: 'Mythos "broke into almost all of our classified systems in hours"

> Donald Trump’s blocking of Anthropic is capricious and chaotic

This is really making me raise an eyebrow. I’m sure mythos is an improvement for sure. I don’t think the framing of it hacked the entire NSA is fully truthful. I’d like a more in depth understanding of what actually happened. Excited to be proved wrong tho!
From the outset, Mythos’s PR has been rather dodgy.
Marketing has been brilliant thou.
They said “almost”, for starters.
Not being funny but does most of HN subscribe to the economist? I dont think ive ever paid for an online newspaper ( and Im not trying to be edgy )
If I was going to pay for a news subscription, it would probably be the economist. Or maybe the financial times. They both seem to still have solid journalism.
If mythos can break into almost all of their classified systems in hours then other models including opus, gpt, gemini and large open weight models can do so as well, maybe you'll have to double hours or it may become days, but they also will, there is no "maybe" in here.

State sponsored, non-public penetration fine tunes (of possibly public ones) likely can do it even faster.

Unsupervised penetration RL loop is ideal setup similar to optimization one – it's relatively easy to gain function on it.

Also, this is just security through obscurity. The holes that mythos exploited still exist after you've tried to limit mythos accessibility.

And the fact that all our systems are riddled with security holes shouldn't be too much of a surprise given the way that we all know that software is developed and how tech debt / chores are constantly underbudgeted (plus I think this underscores that any one human's knowledge and attention are inherently limited, and even the best PR review is going to leak all kinds of security holes).

https://archive.ph/dXddV

“Donald Trump’s blocking of Anthropic is capricious and chaotic” - current title

I don’t understand the posted title quote and assume it’s missing a lot of context or was misinterpreted as it’s a secondary attribution. “Mythos broke into almost all of our classified systems in hours”.

When you put it on those networks already and gave it compute?

flagged because reasons. @dang
@ tags isn’t a thing here (send them an email if you ever actually need the mods).

If you have something to say, say it.

Or don’t.

But, pick one.

Actual title "Donald Trump’s blocking of Anthropic is capricious and chaotic"
par for the course, really. why is it even a headline?
Have to give it to Cyber Command. This is cheap and effective propAIganda.

Of course, America is now the only nation on the planet with advanced weaponised AI models that are so good they beat billions of dollars and decades of IT security experience with some of the brightest minds in their fields within hours.

If this were true, you’d see the president yapping and bragging about it on Truth before the NSA director even gets a chance to publicly talk about it. Probably doing a live stream about how he personally prompts his way into an unconditional Iranian surrender. You know it, I know it.

Nice try, William, but unless I see the Senate Intelligence Committee freaking out with you sweating black goo like Giuliani, I ain’t believing it.

This is the same kind of bullshit that was showing a gun on TV that could apparently give people heart attacks with some frozen, untraceable darts.

If the US really was in possession of a technology that could hack into the most secure environments on the planet autonomously within hours, you would see all their partners pulling their access from shared IT systems and blocking all traffic coming from the US immediately.

Especially considering they have been caught spying on allies before:

https://www.spiegel.de/international/germany/cover-story-how...

You know what they say in intelligence circles.

Fool us once, shame on you. Fool us twice, it's open windows season.

None of the partners or adversaries seem to give a fuck about Mythos, so there is a good chance this is just another lying NSA director as usual.

Come on, people. You don’t run the NSA if you’re an honest man. It’s a spy agency.

If I were to guess, internally they have as sloppy security as any other corp/organization. And those were the things Mythos effortlessly poked holes in. Other models would probably as well, but Antropic hyping gave NSA the idea to try. The shell around those internal systems is probably as (im)penetrable as ever because it's just some flavor of hardened and bare bones linux.
This quote from TFA is highly likely to be a conflation, exaggeration or extrapolation of what actually happened:

> "On June 11th Mark Warner, the vice-chair of the Senate Intelligence Committee, said that General Joshua Rudd, who leads the National Security Agency and the Pentagon’s Cyber Command, had told him that Mythos “broke into almost all of our classified systems, not in weeks, but in hours”"

Why:

1. It's a paraphrase of a 2nd hand conversation and (at least) the last two 'telephone game' recipients are a U.S. Senator and a general, not security domain or IT experts. 2. Motivated communication: The Senator claimed this to justify the necessity of unprecedented restrictions that he agrees with. 3. The original testimony to the Intelligence Committee was almost certainly detailed, nuanced and highly classified, making this an extreme paraphrase.

In saying this, I'm not claiming Mythos may not be a security issue or that something directionally like this wasn't reported. But given the indirect, circuitous path, it's quite easy to imagine the original testimony was more like "Mythos identified a potential vulnerability we rated "Severe" in a critical system and we believe it could find similar vulnerabilities in any of our systems."

(comment deleted)
what is the use of Submitting this news/report here if it's behind a paywall/login
Not a surprise. I got in a LOT of trouble for identifying and outlining a trivial privilege escalation attack that worked on both NIPR and SIPR.

In the end I got to help write up the issue but to my knowledge they never patched it as it would have caused major issues with maintenance by closing off access needed for some legacy software patches.

What did you get into trouble for?
For poking at things "not directly in your responsibilities."

I was writing a program to do some remote drive upkeep and realized I needed permissions I didn't have, but could use a built in tool to do them. Then realized that meant I could take another step and use a human interface issue to gain more privilege if I wanted to.

Built a proof of concept on my personal machine at home, checked that it worked, reported it upline.

I never executed that code on our work systems and would have ended up in jail if I had. But even writing it nearly landed me there.

Not surprised, our security systems are 95% security through obscurity these days. Mythos didn't find new ways to break security, it just went down the list of common security exploits and exposed them for being common even among government agencies.
>On June 11th Mark Warner, the vice-chair of the Senate Intelligence Committee, said that General Joshua Rudd, who leads the National Security Agency and the Pentagon’s Cyber Command, had told him that Mythos “broke into almost all of our classified systems, not in weeks, but in hours”.

From outside? Or did you have a shit ton of unpatched systems that only internal users could access?

(comment deleted)
lol so how long have the Chinese had access for? this doesn't make Mythos look good, it makes the NSA look bad
It's important to point out that it's not necessarily the underlying model, but also the harness, which is the real wagon in this race
It must be a wild time in the corporate espionage world these days. The annual operating budget of the CIA is like 20B. That's a rounding error compared to the burn rates of these labs.

Maybe it's conspiratorial, but it seems like the direction this is going is for the US to nationalize these companies. Somewhere between "too big to fail" and "national security."

How much of it is just exposing poor engineering practices people got away with because it was not economically viable earlier to spend human hours to exploit a system?

Not taking a dig at people, it was not a terrible choice earlier. Not like these models are inventing net new ways to exploit systems.