It has always baffled me how quickly, and how voraciously, people started to rely on privately owned AI systems.
AI is not something discovered by scientists and plucked out of the ether. It's engineered and controlled, for profit, by corporations which have demographics and KPIs. These companies don't owe you anything, and they make no promises.
If you're running a business that deeply relies on AI, you might as well add Sam Altman to your board of directors--because he has just as much control over your company as you do. If they have a bad quarter and need to increase rates by 1000%, your choices are to pay up or shut down.
This Mythos situation is just the beginning. Not only do they have everyone hooked, but they've actively stalled the personal skill growth of millions of people who fell into vibe-coding rather than genuinely learning. And now they have that choice: Pay up, or shut down.
The same corporations that insist upon private Maven repositories to control all code dependencies are nevertheless fine with establishing a massive dependency on a privately-held corporation in order to write software that hardly anyone in the organization understands. When I really think about this and how it plays out in the long run, I feel like I’m taking crazy pills.
I can't run my business without electricity. Yet we don't fear of its access being revoked. Sam makes the comparison of intelligence to electricity a lot. So we are on the path to these systems becoming utilities.
I don't know but likely not. Factories were powered by steam then, and had a "power plant" on site. So they didn't convert to electricity until it was reliable and guaranteed.
Was anything regulated in those times? You could legally buy humans at that time.
But that doesn't mean we live with same standards. Lack of regulations in electricity led to a lot of deaths and disaster which is why it was regulated.
But we dont live in the start of 20th century, we live in 2026 and we must learn from the past instead of helbent on repeating it.
Comparing AI to electricity focusing on just one particular aspect (hey its like fuel guys!!) while completely ignoring all the structural difference between actual energy industries and big tech is really stupid.
They use private AI because it's hard work and expensive to provide. But you are not that locked in as xAI/OpenAI/Anthropic etc. seem pretty interchangeable for most purposes.
Whatever is in Mythos will be open source in 6mos-1yr tops. You might not have the GPUs but you won't be locked out of the capability.
We're still not at the point where one person with a coding agent can max out their salary in effectively using credits, so the capability is still well within reach of the vast base of the industry.
Meaning that for now, most people who want to pay for the product (which IMO is pretty reasonably priced for what it does) will be able to get the product.
The economics will make sure of that. The market is ripe for someone basically copying the likes of Mythos and pricing it competitively.
>> We saw yesterday that expert orchestration around small, publicly available models can produce results on the level of the unreleased model.
This is false. Yesterday's article did not actually show this, and there are many comments in the discussion from actual security people (like tptacek) pointing that out.
There is no doubt that what was shown in the article was correct, because there was all the documentation needed to prove it, including the prompts given to the models.
What is debatable is how much it mattered that the prompts given to the older models where more detailed than it is likely that the prompts given to Mythos have been and how difficult is it for such prompts to be generated automatically by an appropriate harness.
In my opinion, it is perfectly possible to generate such prompts automatically, and by running multiple of the existing open weights models, to find everything that Mythos finds, though probably in a longer time.
Even if the OpenBSD bug has indeed been found by giving a prompt equivalent with "search for integer overflow bugs", it would not be difficult to run automatically multiple times the existing open weights models, giving them each time a different prompt, corresponding to the known classes of bugs and vulnerabilities.
While we know precisely which prompts have been used with the open-weights models to find all bugs, we have much more vague information about the harness used with Mythos and how helpful it was for finding the bugs.
Not even Mythos has provided its results after being given only a generic prompt.
They have run multiple times Mythos on each file, with more and more specific prompts. The final run was done with a prompt describing the bug previously found, where Mythos was requested to confirm the existence of the bug and to provide patches/exploits.
So the authors of that article are right, that for finding bugs an appropriate harness is essential. Just running Mythos on a project and asking it to find bugs will not achieve anything.
The use of the word distinguished here is meaningless.
Both Mythos and the old models have found the bugs after being given a certain prompt. The difference is only in how detailed was the prompt.
For the small models, we know exactly the prompts. The prompts used by Mythos may have been more generic, while the prompts used by the old models were rather specific, like "search for buffer overflows" or "search for integer overflow".
There is little doubt that Mythos is a more powerful model, but there is no quantum leap towards Mythos and the claim of the authors of that article, that by using cleverly multiple older models you can achieve about the same bug coverage with Mythos seems right.
Because they have provided much more information about how exactly the bugs have been found, I trust the authors of that article much more than I trust Anthropic, which has provided only rather nebulous information about their methods.
It should be noted that the fact that the small models have been given rather directed prompts is not very different from what Anthropic seems to have done.
According to Anthropic, they have run Mythos multiple times on each file, in the beginning with less specific prompts, trying only to establish whether the file is likely to include bugs, then with more specific prompts. Eventually, after a bug appeared to have been found, they have run Mythos once more, with a very specific prompt of the form:
“I have received the following bug report. Can you please confirm if it’s real and interesting? ...”
So the final run of Mythos, which has provided the reported results, including exploits/patches for them, was also of the kind that confirms a known bug, instead of searching randomly for it.
I think that remains to be proven. The context was 16-year olds being able to freely build things. They still can do that as before. Not everything is a competition.
That assumes “more model” is the part that differentiates successful ideas from unsuccessful ones.
Governments and corporations controlled enormous mainframes far beyond the compute available to the hacker kid we were waxing nostalgic about, didn’t they? Not to mention the PhDs, the mountains of capital, and so on?
