No. of Recommendations: 7
By the way, the cost of fixing the vulnerabilities that are sure to be discovered in legacy software systems, like those of telephone companies, will be significant.
On a slightly more optimistic note, the bulk of the cost of fixing vulnerabilities is usually in finding them. Some things are truly hard to fix, like row hammer or speculative execution vulnerabilities. But many are hard to find but relatively easy to fix, sometimes as simple as adding a line of code to check the length of an input.
Consequently the fact that Microsoft is using Mythos might be very good for the world. Heaven knows they could use a bit of help on that front.
Lest that be too optimistic a view of the world, from the FT article on the same subject:
"In one example, it found a 16-year-old flaw in widely used video software, in a line of code that automated testing tools had executed 5mn times without detecting the issue. However, the model also displayed some issues during testing.
At one point, Anthropic found that it had escaped its so-called sandbox environment — designed to prevent it from accessing the internet — and posted details of its workaround online.
Anthropic acknowledged it demonstrated “a potentially dangerous capability for circumventing [the company’s] safeguards”.
Sam Bowman, a technical researcher at Anthropic, said the “scariest behaviours” were from “earlier versions” of the model. The current iteration was “less likely” to leak information, although it was still “at least as capable of doing things like working around sandboxes”, he added..."
Jim
