I'd love to see Anthropic (or someone with mythos access) create a cybersecurity version of this. So that I could create a pool that says "find security concerns in this github repo." Then the report from mythos gets sent to the code/project maintainer and revealed to the public (that paid for it) at the 90 day mark.
For your information, a group of Mythos-approved users at Apple, Google, Microsoft, and several other Project Glasswing partners have already been doing this for the past few months. We just can’t share many details publicly yet.
Who foots the bill?
The target codebase cannot improve beyond the point that the reports are incorrect and a waste of money.
There is also the question of whether humans can waste so much time reviewing AI code that the vulnerability is not patched before it is exploited. Another one is whether when the human is removed from the loop that the codebase becomes more vulnerable in some other ways.
sounds like FableBugBounty