patrick sphinx

from firefox blogpost where mythos found 270 new bugs: > The defects are finite, and we are entering a world where we can finally find them all it's like lord kelvin saying "there is nothing new to be discovered in physics now". can't tell if firefox has some incentives at play or is just naivete fascinating example here on what i mean x.com/5aelo/status/2…, saelo wrote a fuzzer with a few files and found crazy bugs. he pulled it off because he already knows the target deeply( he designed ubercage?) and knows how to shape the fuzzer toward the interesting surface. i still think, operators like saelo + mythos set the ceiling of the bugs that can be found, even then its not all bugs, the next version after mythos would move up, but mythos in a loop on its own sits below the ceiling you only want the software to be secure from smartest adversary in the world, its not all bugs, cuz rice theorem and stuff means you are not getting there anyway. sure, for fixed code base like basic web app, the set might be finite and you can exhaust them all, but i cant convince myself that software like firefox has finite set of bugs and you can exhaust em all. if mythos isn't agi and is still jagged, the narrative that mythos alone is the smartest adversary and will find all "finite" bugs is exactly what a frontier model company would sell untested. and bro even "our team + mythos will find them all" is a crazy narrative too, it assumes your team has the smartest humans in the world, and that nso or some north korean team won't be pwning you with the same setup at the top of the ceiling BUT ALSO, mythos alone is probably smarter than 99.9% of humans (vibes-based), and 100s of them running behind api keys is really bad, because most things you’d want to breach don’t need saelo+mythos ceiling bugs to get into. so we cooked?