The fear porn around this all has been horrible. I work in Cybersecurity and Mythos is all the vendors will talk about because they want to sell something. It started the day of the announcement which is what told me it was all BS. They had no information about it yet would happily tell me about all their solutions for it.
Anyone in my profession worth a damn will tell you the vast majority of security issues are related to bad configurations and bad practices + accidents and bad luck. Vulnerable software is a problem but basic defense in depth will either mitigate or drastically reduce attack surface. Mythos does nothing to change that.
The technical debt at companies is the largest security threat. That, and layer 8 which is the people factor. The amount of silliness I've seen from people and companies as a whole is truly hard to verbalize. I've seen banks that gave every employee from the janitor up to the CEO domain admin access due to a crappy application that was written in 2004 that they never updated. I've seen a fortune 250 company write its own internal routing protocol that was basically clear text traffic that dated back to the 1990's and was never retired because, why not. I've seen contractors infect entire fab's in the chip industry because they plugged an infected USB stick into a 30 year old tool that hadn't seen an update in over 20. Then when the fab came back up, they did it again the next day.
Ultimately, Mythos is just another tool in the toolbox. It's great to find new vulns but it is incredibly short sighted to think it will move the needle in any meaningful way in the security industry.
Does depth matter when you can automate attacks with intelligent agents?
Will the intelligent agents be plugging the infected USB sticks in?
We already are using software that is ancient, with many vulnerabilities that are already in the public, we already use insecure software more than we care to admit, if Mythos is gonna help with that, it's gonna make finding (not discovering) these vulnerabilities easier because it already has the knowledge, but the enough intellect to come up with new ones. Same applies for other LLMs
All of this, but you forgot that ai opens up new vectors.
AI itself is a security risk: https://www.404media.co/hackers-simply-asked-meta-ai-to-give...
I keep seeing screen shots of random AI chat bots who have been prompt injected to write code. That car dealership is now paying for the tokens for some script kiddie to pump out python.
Forget whether it is Mythos or GPT 5.6, or any other specific model. SOTA models have tool likely have the knowledge and capability to create zero days from nearly every discovered and many undiscovered vulnerabilities. In the wrong hands can deploy and generate malware and submarine code that would go undetected behind secured systems. Add in the ability to clone voices, create mass social engineering campaigns.
Yet "Just another tool in the toolbox." I mean, that's not wrong!
You think this is not happening with open weight models?