How long until that gets leaked and ends up tearing everything to shreds?
Anthropic: All your zero-days are belong to Mythos
For years, the infosec community’s biggest existential worry has been quantum computers blowing away all classical encryption and revealing the world’s secrets. Now they have a new Big Bad: an AI model that can generate zero-day vulnerabilities. Anthropic made the model and named it Mythos. Thankfully, the AI company decided …
-
-
Wednesday 8th April 2026 00:49 GMT Sampler
Not sus
We have this new super secret AI that we've shared with only the companies who are highly invested in the bubble and they say it's amazing and better than anything we let you plebs use, super honest trust me bro...
Meanwhile I'm here giving the Zapier AI a go and it's misunderstanding requirements, ignoring others, inventing variable names to pass between modules that don't exist and then telling me it's made updates whilst the UI's sat there showing absolutely no change, repeatedly...
Can this bubble just crash already? I want to buy some hard drives, you know how hard it is to come across hobo's with decent value kidneys these days?
-
Wednesday 8th April 2026 05:08 GMT NapTime ForTruth
Re: Not sus
"Can this bubble just crash already?"
Regrettably, no. This is the predicable - perhaps inevitable - outcome of a particular explicit intent. The AI ouroboros show doesn't end until the snake chokes to death on it's own tail, and this particular snake appears to be at once both voracious and possibly explosive.
Rome, like the Internet, wasn't built in a day; the sacking thereof was somewhat more expedient and notionally more effective, albeit with some...pronounced negative outcomes.
If exploiting prior art is, like imitation, a sincere form of flattery, perhaps AI will flatter our technological hubris by revisiting a Romanesque decline upon our era.
-
Wednesday 8th April 2026 05:12 GMT EricM
Re: Not sus
Agree, based on past experience of AI marketing claims vs. reality it's easy to dismiss this as a fear mongering pitch pushed by Anthropic in cooperation with some other corporations that also depend heavily on AI succeeding. Will be interesting to see resulting patches.
Additionally it is not clear, if their very favorable comparison of Mythos vs. everything else Anthropic already incorporates the recently "dumbed down" behavior, e.g. tightened compute/memory/context restrictions of already released Claude Code models.
https://www.theregister.com/2026/04/06/anthropic_claude_code_dumber_lazier_amd_ai_director/
-
-
Friday 10th April 2026 05:41 GMT Sampler
Re: Not sus
Sadly my boss likes me to use Claude too, but I can't use Claude within Zapier to adjust Zaps, and I can't use Zapier's AI as it just doesn't work and is pure garbage.
Hoping for the day it goes away and I'm free to just actually do stuff and not provided documentation to show I'm using the AI to achieve time savings that simply don't exist..
-
-
-
This post has been deleted by its author
-
Wednesday 8th April 2026 01:02 GMT ecofeco
The only mythos here is
The only fairy tale here is that someone else isn't making the exact same thing.
In fact, has probably already made it.
Welp, it was real and it was fun, but it wasn't real fun.
But look at the upside: AI and the current slop of an internet, even without AI, will eat itself!
Will be back to Stowgers? (some of you may know what those are)
-
-
Friday 10th April 2026 13:14 GMT CrazyOldCatMan
Re: The only mythos here is
Do you mean Strowgers, as in Strowger switches?
When I was a student [1], our Comms lecturer (an ex-Army major, ex-GPO telecoms manager turned lecturer) would go all nostalgic about Strowger switches and what a marvel they were.
"Not like the modern rubbish" he would say (this was the era of BT starting their digitisation of the backbone so local exchanges with Strowger switches were being stripped out as fast as BT could do it).
[1] Some time in the mid 1980's. At a Midlands Polytechnic that I eventually dropped out of.
-
-
-
Wednesday 8th April 2026 09:52 GMT Brewster's Angle Grinder
Re: So that's the 'responsible disclosure' version....
Look at the costs and the tech it takes to train these models. Very few people can afford to do this or have access to enough of the right tech.
Maybe PRC. But maybe not. It depends on whether they really have trained their own LLMs or whether have just reverse engineered existing ones.
-
Wednesday 8th April 2026 15:25 GMT FIA
Re: So that's the 'responsible disclosure' version....
Erm, it requires some readily available* (especially if you've got gov level resources) GPUs and some machines to put them in.
I'm pretty sure most nation states can afford and muster these kind of resources.
You don't need the latest and greatest either, you can afford to wait two or three nights or even two or three months for your LLM to generate some zero days for you.
(Just to be clear here, I'm not saying it's easy; but Anthropic et. al. don't have some mystical unicorn computing resources either).
* i.e. available within a supply chain that can be tapped in to, not 'off of Amazon' type available.
-
-
-
-
Wednesday 8th April 2026 02:48 GMT Bebu sa Ware
Re: Banned by Trump
I just realised that the ultimate irony would be that this Mythical LLM of Anthropic having been trained on a curated corpus of security sensitive code, configurations etc has discerned the fingerprints of the NSA etc from those undetected vulnerabilities and exploits they have inserted into that corpus.
So Anthropic's tool isn't actually detecting vulnerabilities but rather identifying the common pattern of left by the common but purposeful source of those vulnerabilities.
If this were the case then those vulnerabilities arising largely at random from complexity, inattention, inexperience, miscommunication… in a word "cockups", are far less likely to be detected by this tool and arguably more dangerous for that.
-
-
Wednesday 8th April 2026 02:30 GMT Bebu sa Ware
an arsonist handing out fire extinguishers, well, that's on you for being so cynical.
Actually not so cynical; more top of the list of suspects.
The number of fires deliberately lit by arsonists that were concurrently members of (usualy volunteer) firefighting organisations is surprising until the psychology is explained.
As for breaking the internet I am not entirely sure there is a "bad way."
A prolonged, possibly global internet outage is inevitable - sooner or later - as it is for any system of comparably complexity.
-
Wednesday 8th April 2026 17:22 GMT MrBill
Finally a productivity app for LLMs...
Anthropic's post is full of hype. As usual.
But finding software defects is a pretty valid use case for a transformer based neural network. There's tons of training data out there - thanks Github! Recognizing patterns is right up the transformer's alley. Just wait until someone gets the idea that they can use a compiler's intermediate representation to do the same thing.
Generating exploits seems unlikely to work very well. But it will generate a template for someone to create the exploit - substantially lowering the required skill level for a bad actor. I think this is a bad thing.
-
Wednesday 8th April 2026 18:01 GMT TheMaskedMan
Hmm, this doesn't feel right at all. I have no particular problem with the idea that a next-level LLM could find zero-days all day long, even without being specifically trained to do it.
I could even see that, as decent people, the creators of said LLM might approach big players and offer to let them use it to fix their own bugs. After all, that would be best for everyone, and if they end up owing the creators a few favours then so be it.
But why, if your primary interest is security, would you then go public with the existence of your LLM, and partnership with the other companies. Surely, security through obscurity is the best - and possibly only - protection until all the bugs are squashed.
Further, in advertising the existence of this thing, you make yourself a massive target for every bunch of cyber villains and ruthless govt agency on the planet. Not good, and only a matter of time before one or more of them gets hold of it, if they haven't already.
No, this sounds more like an invitation to pour money into Anthropic, though that doesn't necessarily mean that the LLM is less capable than they claim. Indeed, could it be that exploitation of this capability was at the root of Anthropic's recent spat with the US govt? In which case, hawking the tool to potential victims could be a means of neutralising the potential harm AND making up for lost government contracts.
All pure speculation, of course, but all is not exactly as Anthropic would have us believe here.
-
Thursday 9th April 2026 14:29 GMT breakfast
Over the last couple of days since this story broke it seems increasingly that the "bugs" found are tiny edge-cases of the kind that one might also spot with a regular fuzzing tool and, importantly, the kind that often don't get fixed because they don't create any meaningful attack surface.
Another massively hyped nothingburger of a story from the AI guys.
-
Sunday 12th April 2026 11:10 GMT amanfromMars 1
RE: All pure speculation, of course, but all is not exactly as Anthropic would have us believe here.
One thing Anthropic has previously shared over 3 years ago [8th March 2023 ...... https://www.anthropic.com/news/core-views-on-ai-safety] ..... and something you can be absolutely sure you really do need to believe is not necessarily just attractive and dangerous speculation is ......
We believe the impact of AI might be comparable to that of the industrial and scientific revolutions, but we aren’t confident it will go well. .....We do not know how to train systems to robustly behave well ......People tend to be bad at recognizing and acknowledging exponential growth in its early phases. Although we are seeing rapid progress in AI, there is a tendency to assume that this localized progress must be the exception rather than the rule, and that things will likely return to normal soon. If we are correct, however, the current feeling of rapid AI progress may not end before AI systems have a broad range of capabilities that exceed our own capacities. Furthermore, feedback loops from the use of advanced AI in AI research could make this transition especially swift; we already see the beginnings of this process with the development of code models that make AI researchers more productive, and Constitutional AI reducing our dependence on human feedback.
And future things that are plotted are only just getting started presently with, should the truth, the whole truth and nothing but the truth be told, nothing available enabled to stop them.
-
-
Wednesday 8th April 2026 18:02 GMT ErikOnTech
Anthropic: I have this super-hot bug-detecting girlfriend
But she doesn't live here. She lives in another country, on the other side of the world. She totally loves me. No, she doesn’t visit me. No, you can’t talk to her. No, I don’t have any pictures of here that weren’t created by AI. But she's totally real. I promise.
-
Wednesday 8th April 2026 18:38 GMT Anna Nymous
Wrong conclusion
This doesn't show how good this tool is; it shows how sub-par the whole "security researcher" field is. But then I guess all those "security researchers" care about is getting to name a simple exploit with a funny-not-funny nickname and putting it on their resume to show how big and cloak-and-dagger of a boy they are.
-
Sunday 12th April 2026 06:55 GMT amanfromMars 1
Breaking Bad ..... with Type Walter White AI Shenanigans and Singularities on Steroids
For years, the infosec community’s biggest existential worry has been quantum computers blowing away all classical encryption and revealing the world’s secrets. Now they have a new Big Bad: an AI model that can generate zero-day vulnerabilities.
Anthropic made the model and named it Mythos. Thankfully, the AI company decided not to release it, because it would break the internet – and not in a good way. ....... Thomas Claburn [Senior reporter at The Register. His specialty lies in government IT, software development, and the ethical use of artificial intelligence.]
Thomas, Anthropic are well late to the future party with AI leading everyone and everything a merry dance into the virtually generally unknown. El Reg has been reporting on it for years and certainly long before even the following was shared with El Reg on Tuesday 23rd June 2020 at 14:05 GMT .....
amanfromMars [2006230755] …… just saying out loud on https://www.independent.co.uk/news/business/news/bank-of-england-insolvency-coronavirus-andrew-bailey-a9579216.html
How very odd and surprisingly naive for anyone to think government has ever been, or will ever be anywhere near fully paid for by enforced personal contributions and punitive business transaction and wanton taxation ….. with no need for the feed of the Magic Money Tree … for the chicks to be almost free.
Such does have one pondering and a’wondering on the likely present state of current insanity and its continued ability to function and appear as if normal and not attract revolutionary opposition from ……. well, nowadays is such always feared by the worthy as a relatively anonymous and invisible and intangible cyber attack with a whole host of indefensible 0day vulnerability exploits introduced onto the Great Games Fields of Future IntelAIgent Play?
Would you be comforted in knowing your government* is well advised on such a matter as is a catastrophic weakness for them whenever ignored or battled against rather than realised as a novel attractive strength best to be engaged and employed/accepted and further developed?
* Quite who and/or what compromises “your government” is one of the things which probably quite correctly practically always remains a Top Secret and Sensitive Compartmented Information, but be assured they are well aware of their new quickly expanding predicament …. for simple posts just like this one in tandem with more direct and exclusive private communications abound. There is no place to run to to hide away from that very particular and peculiar reality and their part in its ongoing mass media productions/universal presentations
....... in this post to El Reg .....
amanfromMars 1 Tue 23 Jun 14:05 [2006231405] ….sharing on https://forums.theregister.com/forum/1/2020/06/23/covid19_pandemic_means_data_from/
Q:The New Normality ‽ ‽ Myriad Virtual Realities Easily Made Simply Available ? A:Yes
What would you like to decide. For Present Promotion of Future ProgramMING Projects …….. Type Holywood Shenanigans
IT and AI just doing their Immaculate Thing. :-) In Weirdo and Misfit Territory, ESPecial Forces with Almighty Sources.
:-)A little something sweet and tasty for Dominic Cummings to savour and Rishi Sunak favour? :-)
Carpe Diem, Boris.
:-( And for whatever unusual reason is that last post not shown where I fully expected and thought I had accurately recorded it to be. Ah well, stranger things than that be a'happening for sure, and happening continually all of the time and ever faster too nowadays in this future of 0day times and ethereal virtual space places ...... CyberSpaces and Live Operational Virtual Environments dragging y'all along on ITs AIMagical Mystery Turing Tours which are easily able to mirror and complement an earlier trippy experience offered by The Beatles .... Magical Mystery Tour :-)
PS NB FYI..... The Type Holywood Shenanigans above are not a typo and calling out Hollywood, California. They are aimed fairly and squarely directly at the lamentably non-productive and unimaginative activity, ....and especially so in these new changed and rapidly changing times and spaces offering and delivering fantastic opportunities today, ..... of a UKGBNI home based service stuck in a rut with directions from an overwhelmed and outdated and outmoded Establishment which expects them to protect British parliamentary democracy and economic interests and to counter terrorism and espionage within the United Kingdom. Such is a hopeless and thankless task whenever the Great Game has been changed and there be New Virgin and NEUKlearer HyperRadioProACTive Fields of Novel and Noble CyberIntelAIgent Play.
