I've been brewing on this topic since Mythos preview was announced. As Mythos got finally released, then banned, then released again under U.S. government control, it was time to finally flesh it out and use it as a way to exit the lurker-zone on HN !
> Since then, Mythos and it’s safeguard-heavy equivalent
The simple "it's" vs. "its" rule is this:
If you can replace it with "it is" and it sounds weird, it's "its", otherwise it's "it's". In other words, "it's" is 100% of the time an abbreviation of "it is" (or, rarely, "it has"); it's not a possessive form.
Which is of course internally-inconsistent; I say "Peter's toys", not "Peters toys", but we say "its toys" to mean the same thing. /shrug
I only tell you this because I screwed it up for years before looking up the rule and going "... Oh. Duh. But also... Fucking hell, English!" ;)
The fear porn around this all has been horrible. I work in Cybersecurity and Mythos is all the vendors will talk about because they want to sell something. It started the day of the announcement which is what told me it was all BS. They had no information about it yet would happily tell me about all their solutions for it.
Anyone in my profession worth a damn will tell you the vast majority of security issues are related to bad configurations and bad practices + accidents and bad luck. Vulnerable software is a problem but basic defense in depth will either mitigate or drastically reduce attack surface. Mythos does nothing to change that.
The technical debt at companies is the largest security threat. That, and layer 8 which is the people factor. The amount of silliness I've seen from people and companies as a whole is truly hard to verbalize. I've seen banks that gave every employee from the janitor up to the CEO domain admin access due to a crappy application that was written in 2004 that they never updated. I've seen a fortune 250 company write its own internal routing protocol that was basically clear text traffic that dated back to the 1990's and was never retired because, why not. I've seen contractors infect entire fab's in the chip industry because they plugged an infected USB stick into a 30 year old tool that hadn't seen an update in over 20. Then when the fab came back up, they did it again the next day.
Ultimately, Mythos is just another tool in the toolbox. It's great to find new vulns but it is incredibly short sighted to think it will move the needle in any meaningful way in the security industry.
Mythos actually does change that calculus. Going forward, with access to a mythos caliber llm actors are not tied to bad configs or lazy admins for access. I get that the bs is real. But it's important for you to not rest on your laurels having recognizing that salesmen sell. You actually have to pay attention to and understand the new developments your field. It's sad that the marketing department odd doing a better job than you in that manner
I've seen things you people wouldn't believe. Attack ships on fire off the shoulder of Orion. I watched C-beams glitter in the dark near the Tannhäuser Gate. All those moments will be lost in time, like tears in rain. Time to die.
> since they have values more compatible with western democracy.
I'm mostly investing in China these days too. Remember that they have no soul and only do this as long as it is beneficial to them to appear that way (liberal, democratic). Same for the US. This is how the game is played.
- June 1st 2026: Anthropic files S-1 paperwork with SEC to get ready for IPO
- June 2nd 2026: Anthropic annouces expanding "Project Glasswing" to let people use their new model to enhance security of existing systems
- June 9th 2026: Anthropic releases Mythos model
- June 12th 2026: Model gets export regulations placed on it by US Gov
- June 26th 2026: US gov announces they will let some companies use new model
- August 2026: Anthropic goes IPO
The timing of all of this just seems to be a play to pump the stock. The reality is that in six months GLM-5.3 will be released open source with comparable functionality to their Mythos model. They are trying to cash in before that happens.
I would not be surprised if the US government, the people pulling the strings who actually put the export announcements onto Anthropic, actually have purchased stock in the company to artificially pump up the stock, I would bet money on it.
Nah I spoke to a security researcher who still has access to Mythos. He says it is significantly better than their earlier models for security research. Based on my one-day use of Fable that was also a noticeable step up for coding.
There's absolutely no way Anthropic engineered this to bump their IPO price. That's lunatic conspiracy theory territory.
> I would not be surprised if the US government, the people pulling the strings who actually put the export announcements onto Anthropic, actually have purchased stock in the company to artificially pump up the stock, I would bet money on it.
The same US government that labelled Anthropic as a supply chain risk? This is the most ridiculous idea I've heard all week.
Anthropic losing their ability to release new models to most customers (and thereby revenue, and thereby ability to train new models) makes you think investors will value it more highly than if they could release new models to everyone who wanted to pay them?
Find some pretty good vulnerabilities, and at a very fast speed--one or two weeks ago, mimo-v2.5-pro(some where between v4 flash and pro), released ultra-speed version with 1000 tokens/s. gpt-5.6 sol also has a nominal 750 tokens/s
With so much cloud being at risk from AI now, soon or in the future, it seems like self-hosting or at least managed custody of your own gear is going to become more of a thing.
Memory safety is the best way to address a large aspect of the threats posed by frontier models.
It's one thing to forget an Authorize attribute. That's a coaching event and procedure update. It's another altogether to not be able to see a dormant use-after-free bug because your brain can't hold the entire codebase and product roadmap at once. You can't coach a human developer on that. We all miss things this deep in the rabbit hole. The 2nd best option is to avoid this space of possibilities altogether.
29 comments
[ 10.4 ms ] story [ 144 ms ] thread> Since then, Mythos and it’s safeguard-heavy equivalent
The simple "it's" vs. "its" rule is this:
If you can replace it with "it is" and it sounds weird, it's "its", otherwise it's "it's". In other words, "it's" is 100% of the time an abbreviation of "it is" (or, rarely, "it has"); it's not a possessive form.
Which is of course internally-inconsistent; I say "Peter's toys", not "Peters toys", but we say "its toys" to mean the same thing. /shrug
I only tell you this because I screwed it up for years before looking up the rule and going "... Oh. Duh. But also... Fucking hell, English!" ;)
Anyone in my profession worth a damn will tell you the vast majority of security issues are related to bad configurations and bad practices + accidents and bad luck. Vulnerable software is a problem but basic defense in depth will either mitigate or drastically reduce attack surface. Mythos does nothing to change that.
The technical debt at companies is the largest security threat. That, and layer 8 which is the people factor. The amount of silliness I've seen from people and companies as a whole is truly hard to verbalize. I've seen banks that gave every employee from the janitor up to the CEO domain admin access due to a crappy application that was written in 2004 that they never updated. I've seen a fortune 250 company write its own internal routing protocol that was basically clear text traffic that dated back to the 1990's and was never retired because, why not. I've seen contractors infect entire fab's in the chip industry because they plugged an infected USB stick into a 30 year old tool that hadn't seen an update in over 20. Then when the fab came back up, they did it again the next day.
Ultimately, Mythos is just another tool in the toolbox. It's great to find new vulns but it is incredibly short sighted to think it will move the needle in any meaningful way in the security industry.
Got a cite?
I'm mostly investing in China these days too. Remember that they have no soul and only do this as long as it is beneficial to them to appear that way (liberal, democratic). Same for the US. This is how the game is played.
I would not be surprised if the US government, the people pulling the strings who actually put the export announcements onto Anthropic, actually have purchased stock in the company to artificially pump up the stock, I would bet money on it.
There's absolutely no way Anthropic engineered this to bump their IPO price. That's lunatic conspiracy theory territory.
> I would not be surprised if the US government, the people pulling the strings who actually put the export announcements onto Anthropic, actually have purchased stock in the company to artificially pump up the stock, I would bet money on it.
The same US government that labelled Anthropic as a supply chain risk? This is the most ridiculous idea I've heard all week.
Or an Opus 9.0
Will Cybersecurity ever start to be an issue?
Ctf fundamentaly have to change.
It also showed how critical it is to use llms now.
A lot has changed in just 12 month tbh.
If you still don't invest time and money into adding llms to your security you didn't hear the bang.
It's one thing to forget an Authorize attribute. That's a coaching event and procedure update. It's another altogether to not be able to see a dormant use-after-free bug because your brain can't hold the entire codebase and product roadmap at once. You can't coach a human developer on that. We all miss things this deep in the rabbit hole. The 2nd best option is to avoid this space of possibilities altogether.