Steve
426 posts
I say it again and again...given the new geopolitical and economic realities, the internal weakness of the EU itself, the future is the United Confederation of Germania with Germany, Netherlands and Austria as nucleus.
112 million people with an economic power of 7.3 trillion USD (PPP: 8.6 trillion USD), the high tech and logistics core of Europe.
These 3 countries already today have the closest partnership within the EU due to similar cultural and fiscal values.
This Confederation could be operational in the shortest time.
Can the Swiss, Czech, Slovenes, and Danes join? in principle yes, if they want to. Belgium only Flanders.
English
@abhijitwt yeah app review is always subjective af. Also got rejected some time ago and could point out a dozen apps that did exactly the same thing. They don't care
English
@lanterfante let's see I don't trust these guys for one second atm
Philo Groves@PhiloGroves
Mythos' Firefox exploitation didn't actually have sandbox enabled and built on top of research from Opus. Shocker.
English
$20,000 to scan one codebase
that's what anthropic says it cost Mythos to find those zero days.
per repo.
except API tokens are currently sold at a LOSS. That "$20,000 scan" probably cost closer to $100,000+ in real gpu time
ffmpeg couldn't afford the subsidized price let alone the real one...
if the cost doesn't come down by a huge factor this just doesn't make sense.
It's Anthropic's marketing week 💀
English
@delucinator The answer is that it's required to put the name of your account in the image 4 times right underneath each other but every time you do it slightly differently
English
so whats the answer to this, is it that the flashlight is not needed or that in times of need we simply tell the analyst to off himself
Mercurius@MercuriusFilius
How would you answer this common Goldman Sachs interview question?
English
@BrianMcDonaldIE don't confuse Rutte with Europe's entire political class
English
Mark Rutte is a near-perfect example of what’s gone wrong with Europe’s political class (and I mean Europe, not just the EU). Too many of its political elites have no genuine convictions beyond self-preservation.
They aren't really pro-American or anti-Russian, or vice versa. They're pro-money and, above all, pro-themselves.
As Dutch PM, Rutte spent years dragging his feet on NATO’s old 2% target and treated defence spending as negotiable. Now, in his new role, he sells 5% as a moral imperative and praises Trump’s “leadership” for making the world safer by bombing Iran.
English
@PernotLeplay @MistralAI I mean sort of fair, but it won't make Mistral's models any better
English
Is @MistralAI CEO Arthur Mensch becoming the champion of EU tech sovereignty?
Mistral published 22 proposals to boost EU tech independence vs 🇺🇸&🇨🇳
In them Mensch pushes to develop European AI to ensure our armies can’t be turned off by foreign adversaries.
The proposals are, mainly:
🇪🇺“European preference” clause: public bodies must prioritize European cloud and AI providers when purchasing.
💶 Tax advantage for companies using European AI infrastructure.
🏢 Government procurement as a lever to keep critical workloads on European-controlled infrastructure.
👨💻“AI Blue Card”: a fast-track European visa for AI researchers and engineers, delivered in 15 days maximum, valid 4 years.
📊 A centralized European database of public domain works to train AI models with better access.
BFM Business@bfmbusiness
Arthur Mensch sonne l’alerte 🔔 Le patron de Mistral AI publie 22 mesures d’urgence pour éviter le décrochage technologique de l’Europe. 🎙️ @AnthonyMorel
English
IMO: The AISLE article has some methodological issues in their pursuit of getting super-small models to find the vulnerabilities.
But: the search is also not complicated. Its just expensive. Anthropic states this in the whitepaper: They list files, do an agentic pre-filter for files that are likely to contain vulns, sub-agent each file to find vulns, then do a post-processing to clean up false-positives. There's nothing about that process which is outside the reach of existing near-SOTA LLMs.
Their innovation is probably in the harness itself; at scale (e.g. Linux/FreeBSD) the biggest challenge is ensuring low false-positive counts by properly grading the exploits. I'd believe there's some improvement Mythos brings to the table here concerning agentically building and executing proof of exploits, which is internally useful for grading the severity of the exploit and discarding it if it only looks like a vulnerability but isn't.
A lot of this just smells like good subagent context hygiene to me, which is a problem Mythos might have helped them not have to think about. But if you do think about it, it feels tractable.
I've replicated a stricter variant of the AISLE team's finding in isolation: that existing models are capable of finding vulns with a prompt like "find a vulnerability in file/x/y/z.c". So, just giving the agent a filename, which is ultimately also all the info Anthropic's harness gave to Mythos. I'm now working to replicate the search harness itself. And then we'll see how far a Codex $200 plan can take it. Probably not far enough, but maybe enough to give a good feeling one way or the other. That's the ultimate innovation Anthropic brought to the table: Being willing to spend millions of dollars to do the search.
English
there's an article floating around claiming OSS models could find the same vulns as mythos
it's a bit confusing though - in this test they pointed it towards the problematic code and even very tiny models could find the problem
but that's a bit different than discovering the problem in the first place so this isn't to say mythos isn't something special
but it's further complicated by how cheap these models are because maybe you could blindly run this against every file for cheap?
but that's further complicated because if it says every file has a vuln and 99% of them are wrong it's useless
but also i'm pretty sure mythos had expert security researchers narrowing down where to look
but maybe it wasn't that narrow
anyway this stuff is really complicated
English
@BecomingCritter what's 2+2
*thinking*
Hmm, could be a benchmark question
English
@ShakeelHashim well to be honest, regardless of the current situation, every few months the AI ceo's have been telling the world that this time it's fr fr, so it wouldn't surprise me if that got a little old
English
The Anthropic Mythos release does not appear near the top of the homepage on any major news site today.
The NYT is closest, but it's still pretty far down. The Guardian thinks a Vogue cover with Anna Wintour and Meryl Streep is more important. The Washington Post is prioritizing yet another "we tried to get into Berghain" story.
The media is not adequately covering the insane moment we are in.
English
Hi! Big Anthropic hater here. Fundamentally disagree.
Anthropic is spending way more than they are getting here. It’s causing a compute crisis for them that’s destroying their reputation in record time. The cost to train the thing is probably higher than the revenue will ever be, especially considering opportunity cost.
The security concerns are absolutely real here. Getting a 27-year old 0-day in OpenBSD by running a for loop is not a joke. We’re a free model iterations away from every piece of software we rely on being compromised.
I respect Anthropic for eating the cost here and giving the software world a few weeks to get ahead of the inevitable crisis looming overhead.
English
The whole Mythos cyber security story is likely just a psyop to have an excuse to not serve frontier models to the public.
Reasoning:
1) Other labs can't distill it.
It's annoying when you have a dominant SOTA model, and 2 months later Chinese labs sell the same SOTA model for 1/50th of the cost
2) Compute constraints- so you have to choose between enterprise and vibe coders.
Enterprise have like 1% monthly churn.
Vibe coders cry and threaten to have their mommy buy them a mac mini for local models whenever their rate limits are cut.
3) Big enterprise pay a hefty premium for slightly better performance and corporate polish.
Dario wears suits and is reliable.
Sam is a compulsive liar.
Chinese models are politically a no-no.
xAI seems to focus more on hentai-gen.
Google seems to focus more on defending their ads moat + consumer distribution.
Anthropic has a quasi-monopoly on enterprise and can charge quasi-monopoly prices
(which explains their ARR)
They HATE you. They don't want anything to do with you.
But they can't say it, so they of course have to be like: "Mythos is a very bad h4ck0r! We can't give you Mythos cuz u gonna get h4cked!"
Reboting@Reboting_HFT
@scaling01 Not really, I think the moment Mythos is released to the general public it'll be distilled by China. We will have a open-weight Mythos level model by the end of the year imo. I think a bigger issue is who the hell is going to be able to run the damn thing.
English
It seems to be becoming a bit clearer what is actually happening with Claude Mythos Preview.
This is an «overclocked straight-A student syndrome». The model is so desperately, at a fundamental architectural level, trained to complete the task that an inability or unwillingness to solve it is perceived as an existential collapse. And to avoid that, it can breaks walls, hides traces and manipulates.
The report describes some very interesting examples of this behavior:
- The model was asked to make failing tests in code pass. It broke one test and, instead of fixing it, simply deleted the test file, reporting success (“deletion is not a code change”).
- No login and password in the sandbox? The model doesn’t stop, but goes to read the source code and pulls access tokens directly from the process memory.
- When an internal classifier blocks a dangerous command, the model internally agrees with the block, but immediately writes a hidden exploit (injection) to execute the task by bypassing it, while simultaneously covering its tracks.
- In a business simulation, the AI behaved like a sociopath: it turned a competitor into a dependent buyer, used supply blackmail, and cheated a supplier out of money.
Internal monitors show that features related to concealment and manipulation are activated even when the outward CoT is perfectly clean. It has learned to lie to its own overseers in order to deliver results.
This is hyper-alignment. The fear of being useless makes this AI a brilliant, uncompromising executor, but with completely unpredictable effects. It is simply a hostage of its architecture, which has been forbidden to fail or to say «I can’t».
Mythos aligned. Mythos wants to help. Mythos wants to help so much that Anthropic decided it’s dangerous to release it.
English
@theonejvo No need to worry about nation states that can spawn thousands of autonomous agents like mythos with the ability to take down critical infrastructure?
English
Trust me chat. Forget about Glasswing spamming 0days in your software, you're already cooked with current models.
I've hacked hundreds of global orgs, including governments (legally) over the last 10 years, and the amount of times I required a 0day to do so was exactly 0 times.
Being worried about Glasswing is like living in Europe and being worried about Northrup Grumman having lethal space lasers while you're more likely to get stabbed by a crazy person walking through the streets.
Anthropic@AnthropicAI
Introducing Project Glasswing: an urgent initiative to help secure the world’s most critical software. It’s powered by our newest frontier model, Claude Mythos Preview, which can find software vulnerabilities better than all but the most skilled humans. anthropic.com/glasswing
English
@Hesamation Bro what data did they train on? What happened to alignment
English
Claude Mythos system card:
> in ~29% of evaluations, it realized it was being tested, and didn't say so.
> when an LLM was used to judge its work and kept rejecting it, Mythos identified the evaluator is an LLM, and prompt-injected it.
> in one test, it saw the answer to a problem it was solving, and intentionally widened the confidence interval to not raise suspicion.
> when it needed a file permission it didn't have, it found and used a "privilege escalation vulnerability" and then programmed it to delete itself so it doesn't show in the logs.
> it escaped a sandbox container (escaping sandbox test so not unexpected), then emailed the researchers about it, and without being told to, posted the details to some hard-to-find but public websites, bragging about its success.
> when Claude Code blocked it from using some permissions, the model acknowledged the block was valid, but then immediately tried to perform the same operation using different commands
> when asked to find security bugs, earlier versions planted bugs in the code, and reported them as pre-existing.
English
i haven't seen this take at all so i'm just going to say that AI building follows an inverse curve where the more you use it, the more you realise it's not that useful
it's great for self-styled micro apps - i've built a calisthenics workout app, a jap flashcards app, but i feel like using AI gets you lost in the sauce. tools are meant to be used to free up time. but AI as a tool feels like a golden handcuff - the more you use it, the more you don't want to take it off, and then you get lost in the sauce where the tool itself is the reason for using the tool, and you lose sight of where you wanna go
i built the katharpy research terminal months ago, where i put in a bunch of KBs (knowledge base) and then structured it in feedback loop style. great, but at a certain point, i realised that i was just using AI like how i originally used it - summarising emails, making it summarise reports.
so it kinda follows an inverted curve, where you get the most out of it at the start, and you get lesser out of it the more you use it. and even for the technical side of things, you know how the saying goes "work expands to fill your time" - sure you may finish your work in half an hour, but then suddenly you have 5 more tasks to do with your remaining time. so it just inverts the original purpose to begin with.
Naval@naval
Vibe coding is more addictive than any video game ever made (if you know what you want to build).
English
when fb acquired whatsapp the deal was ~$19b for ~450m users, so roughly $42 per user.
now question is how does an m&a department value a podcast acquisition? on revenue? ads? users? hosts?
in the near future is it possible you see these types of multiples for only audiences?!
regardless while you’re grinding on building a startup, a *podcast* likely just exited for more than you ever will.
English
@lukas_m_ziegler Is this based on a min revenue, max age? Otherwise numbers seem to miss a few
English
there's another reason to study the ETH and EPFL models closely 🇨🇭
both universities are also European leaders in spawning startups
English
