惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Engineering at Meta
Engineering at Meta
T
Threatpost
P
Palo Alto Networks Blog
NISL@THU
NISL@THU
O
OpenAI News
Project Zero
Project Zero
G
GRAHAM CLULEY
P
Privacy International News Feed
A
Arctic Wolf
Microsoft Azure Blog
Microsoft Azure Blog
H
Help Net Security
M
MIT News - Artificial intelligence
T
Threat Research - Cisco Blogs
S
Security @ Cisco Blogs
Google DeepMind News
Google DeepMind News
B
Blog RSS Feed
D
Docker
aimingoo的专栏
aimingoo的专栏
博客园 - 【当耐特】
N
Netflix TechBlog - Medium
云风的 BLOG
云风的 BLOG
雷峰网
雷峰网
W
WeLiveSecurity
P
Proofpoint News Feed
腾讯CDC
Cloudbric
Cloudbric
S
Secure Thoughts
C
Check Point Blog
博客园 - Franky
T
The Exploit Database - CXSecurity.com
T
Troy Hunt's Blog
GbyAI
GbyAI
Security Archives - TechRepublic
Security Archives - TechRepublic
Application and Cybersecurity Blog
Application and Cybersecurity Blog
月光博客
月光博客
C
Cyber Attacks, Cyber Crime and Cyber Security
I
Intezer
TaoSecurity Blog
TaoSecurity Blog
L
Lohrmann on Cybersecurity
V
Visual Studio Blog
F
Fortinet All Blogs
博客园 - 叶小钗
C
CXSECURITY Database RSS Feed - CXSecurity.com
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Recorded Future
Recorded Future
C
Cisco Blogs
博客园 - 司徒正美
Stack Overflow Blog
Stack Overflow Blog
Y
Y Combinator Blog
Apple Machine Learning Research
Apple Machine Learning Research

The San Francisco Standard

Musk vs. Altman: The AI trial of the century comes to Oakland With or without Steve Kerr, how much do the Warriors need their offense to evolve? Sheriff’s deputy accused of beating second inmate in county jail Nima Momeni, convicted of murdering tech executive Bob Lee, wants a new trial Sunset supervisor candidates join forces, targeting incumbent Alan Wong The Valkyries’ Marta Suárez returns: How a former Cal star is embracing the Bay again SF Symphony legend Michael Tilson Thomas dies: ‘Like some great library being burned’ Why empty nesters are flocking back to San Francisco (while they can still afford to) PG&E launches $10 million PAC to take out gubernatorial candidate Tom Steyer Yet another awesome wine bar opens in North Beach. This one’s Croatian The Giants’ Patrick Bailey proves big moments are in his DNA: ‘I’ve had a history’ Six candidates walked into a debate. Nobody walked out a winner Mapped: The top-priority SF streets slated for repair Aella launches AI doom creator residency in Berkeley: Grimes to mentor Yes, Xavier Becerra is surging. Thank the FOXes This North Beach eyesore was about to be torn down — until residents blocked it Opinion: Cartoon: Trump’s Presidio makeover The 18 best events in SF this weekend, from Earth Day celebrations to a dog festival The chicken breast theory of dating ‘It’s disgusting’: Jackie Speier on Swalwell and the toxic culture of Capitol Hill Can Tony Vitello’s Giants put a dent in a one-sided rivalry? A fiery attitude will help Jerry Garcia’s daughter, roadies put Grateful Dead memorabilia up for auction in SF $18 cable car rides, parking meter price hikes: SFMTA approves new budget A very serious investigation into the Safeway paper bag crisis pissing off San Francisco ‘Section 415’ podcast: How the Warriors are approaching a critical offseason Yale University considering San Francisco for satellite campus 4 things to know about SF’s dangerous Crestwood mental health facility The home where ChatGPT was created is for sale ‘It was a wild, dangerous place’: Inside San Francisco’s troubled mental health ward Kawakami: The Trent Williams plan and more 49ers pre-draft positioning Valkyries training camp: Roster battles heat up as Golden State begins Year 2 Japantown is about to cut the mic on this popular karaoke bar Lurie forges music partnership with Shanghai on first international trip First time on market: See inside this Olle Lundberg-designed home asking $22.5M Steph Curry isn’t done yet, but things won’t be the same Is Trump blowing up the Presidio? Here’s everything we know about his plans How a little-known founder is trying to change Calif. politics — to the tune of $1 billion Behind the scenes with Tosh Lupoi: Why Cal’s new football coach was made for this job Inside the 49ers’ special teams overhaul, and why there’s still room to improve Before dawn, SF gathers to remember the earthquake that made it Kawakami: Did Steve Kerr just say goodbye to the Warriors? The Warriors’ season fizzles out with a play-in loss to Suns, tipping off a seismic summer She was killed in the street. Then her reputation was put on trial Paul Toboni grew up on San Francisco’s baseball diamonds. Now he’s a Giants foe SF is so expensive, even doctors are working AI side hustles San Francisco’s latest housing crisis for the ultra-rich? A ‘mansion shortage’ The start of TonyBall? How a wake-up call can help the Giants find their edge Kawakami: 5 thoughts on the Warriors’ potential hangover game in Phoenix Saikat Chakrabarti can’t stop talking about AOC. In a new interview, she ghosts him SF has a measles case. Here’s what you need to know Duo accused of shooting at Sam Altman’s house are freed; no charges filed Why the Warriors’ rowdy play-in win could be a ‘preview’ of more for Kristaps Porzingis Controversial leader of powerful SF political group steps down Lurie-aligned nonprofit offers $25M to help businesses move into downtown First poll after Swalwell exit shows ‘impressive’ swing to Becerra for governor Post-Swalwell Democrats push for consensus. Plus: Was London Breed passed over for job? SF schools’ reading reform is failing. An expert tells us why — and how to fix it A James Beard-recognized pastry chef makes a quiet comeback in the Dogpatch Behind the heart of a champion, the Warriors keep their season alive Kawakami: A Warriors win for the ages — this isn’t over until Steph Curry says so Former AOC staffer has spent $5M to succeed Pelosi — with more to come San Francisco has gone YIMBY. Progressives are scrambling to protect their wins A royal pain: How a British real estate empire is quietly quitting San Francisco Is Claude down? There goes my day The 20 best events in SF this week, from 4/20 celebrations to art fairs SFUSD’s strategy for missing its education goals? Delaying the due date ‘This is really serious shit’: OpenAI policy czar thinks ‘doomers’ are playing with fire Ronan Farrow on Sam Altman’s ‘pattern of deception’ and Silicon Valley’s ‘culture of hype’ From Snapchat to stardom: Meet the best friends who are the future of Bay Area soccer The $30 lunch is a new reality we have to learn to swallow Altman Molotov cocktail suspect was in ‘acute mental health crisis,’ lawyer says After a curious draft-day trade, Valkyries fans deserved a better explanation ‘Section 415’ podcast: Which levers can Buster Posey pull to spark a Giants turnaround? Swalwell ends campaign for California governor amid sexual assault allegations Steyer may surge in governor’s race, courting Swalwell base. Plus: Alameda DA weighs in Sam Altman’s house targeted in second attack; two suspects arrested How All-Star addition Gabby Williams fits the Valkyries’ long-term plans The surprising reason anti-Asian hate is going unpunished He arrived in the U.S. with $100. Now his family feeds the Warriors OpenAI wants a New Deal for AI. An attack on Sam Altman’s home made it urgent ‘Bum in SF’ influencer on voluntary homelessness ‘Where there’s smoke, there’s fire’: In Swalwell’s backyard, support is running out Trump ousts all six Biden-appointed Presidio Trust board members How Republicans plan to make Swalwell a liability for Democrats Swalwell denies sexual assault allegations as Manhattan DA opens probe In a play-in tournament dress rehearsal, alarms ring for the Warriors PST: San Francisco vs DC: In the AI age, who really runs the world? Attack on Altman home prompts new fears: Is the AI backlash getting dangerous? 49ers mock draft: The best (and most realistic) options for all six picks The best Bay Area food town you’re not going to Is that moon photo real? How to spot Artemis II AI slop ‘We’re in really crazy territory’: Swalwell bombshell could upend the governor’s race Swalwell’s support collapsing after sexual assault allegations surface Rivals, Pelosi urge Swalwell to drop out of governor’s race amid assault accusations ‘Section 415’ podcast: Can the Warriors provide their fans with a play-in surprise? Swalwell accused by women of sexual assault and rape Cartoon: Pelosi discovers the virtues of term limits The case for the 49ers to trade their first-round draft pick Suspect in Molotov cocktail attack on Sam Altman’s home identified The Bay Area soccer star traveling 5,000 miles for a home game
Actually, Mythos is the best cybersecurity news we’ve ever had
Josephine Wo · 2026-05-06 · via The San Francisco Standard

Undoubtedly, there are good reasons to monitor such tools carefully and to be thoughtful about who gets access to them and when. The ability to discover vulnerabilities in software and exploit them is the basis for almost every significant, sophisticated technical compromise, ranging from cyber-espionage to disruptive and destructive cyberattacks. So making that process faster, easier, and available to a wider range of people could, of course, mean more serious cyberattacks coming from more quarters.

But we were already witnessing more serious cyberattacks coming from more quarters, well before the development of Mythos. And, more to the point, we were grappling with an asymmetry in cybersecurity, wherein the accepted wisdom has long been that it’s easier to compromise software than it is to secure it. The gist of that asymmetry is that defenders have to find all the vulnerabilities in their code to make it secure, while attackers have to find and exploit only one vulnerability to launch an attack, and therefore the latter group will always have an advantage over the former. We assume that software released to the public will have vulnerabilities, that researchers and adversaries will find those vulnerabilities and report or exploit them, that they will then have to be patched, and that we will continue repeating that cycle in perpetuity.

AI tools like Mythos suggest a possible alternative: What if finding every vulnerability in a piece of software were just as fast and easy as finding a few of them, thanks to automation? What if those vulnerabilities could be comprehensively catalogued and patched prior to the release of software? What if attackers and defenders were so reliant on the same tools that neither had any advantage over the other when it came to finding vulnerabilities?

It would be one of the most radical — and promising — paradigm shifts in cybersecurity since the advent of public key cryptography (opens in new tab).

The fact that it’s possible to envision a path to a world where cyber defense has the upper hand is nothing short of remarkable. That’s especially true at a moment when more countries (opens in new tab) are turning to offensive cyber operations to shore up the vulnerabilities in their digital critical infrastructure, accepting that they won’t be able to protect their networks and should instead try to dissuade adversaries from attacking them by threatening counter cyberattacks. For a few years, it has seemed like the governments with the greatest cyber capabilities — led by the U.S. (opens in new tab) and China (opens in new tab) — have been increasingly focused on compromising one another’s computer systems and preparing or positioning themselves for potential disruptive cyberattacks in the future. If it were possible to meaningfully secure our critical infrastructure with automated tools, rather than just threatening to attack everyone else’s in order to stop them from attacking us, it would be a safer, more stable status quo for everyone.

One fear is that as these AI tools continue to improve, there will always be a new model with the ability to find even more complicated vulnerabilities and design ever more sophisticated ways of exploiting them. In that case, rather than a more stable status quo, we’re looking at a steady state much closer to where we are now, but instead of racing to find new vulnerabilities themselves, we’ll instead see governments and criminals racing to develop AI models that can identify vulnerabilities faster than their opponents. But it’s not entirely clear that there are so many vulnerabilities in every piece of software that newer, better AI will always be able to find some that were missed by previous models. It’s possible that the progress Anthropic reported (opens in new tab) with Mythos will level out, that there are a finite number of vulnerabilities in software, and that at some point AI will have managed to find effectively all of them.

Another fear is that only major companies — and criminals — will have access to the best AI tools for finding vulnerabilities, creating even more dramatic discrepancies in the quality of code coming out of Big Tech versus small or independent software developers. For instance, serious vulnerabilities in open-source projects like Apache Log4j (opens in new tab) and the OpenSSL cryptography library (opens in new tab) have caused major cybersecurity problems because they are so widely used and have so few developers and resources to devote to security efforts. More recently, an AI scanning tool reportedly identified (opens in new tab) a years-old vulnerability in the open-source operating system Linux, highlighting how much value other open-source projects might be able to derive from this technology. But that’s a reason to make these tools more widely available, not less. If open-source software could be as secure as the software produced by companies that employ thousands of security engineers, there would be tremendous benefits for everyone. That includes big companies, many of which rely on some open-source libraries and suffer considerably when open-source vulnerabilities come to light (opens in new tab).

There are good reasons to be worried about the ways that emerging AI technologies will affect cybersecurity. There’s a huge amount of software deployed that will need to be reviewed and patched — and this is a slow and complicated process. That’s one reason to be cautious in the deployment of tools like Mythos and to work with companies beforehand, as Anthropic is doing, to make sure their systems are patched before any bad actors can use those tools to find and exploit vulnerabilities. On top of that, the integration of even more software — and more complicated software — into our infrastructure and daily lives will create vast attack surfaces that can be exploited by adversaries looking to make money or steal secrets or break things. 

But with the exception of some fraudsters sending out fake invoices and other social engineering efforts, almost all of those adversaries, regardless of their end goal, will start by looking for software vulnerabilities they can exploit to plant malware on the systems they’re targeting. If we can really, truly change the calculus of how hard it is to find one vulnerability to exploit, compared with finding all of them to patch, it will revolutionize our ability to protect ourselves against all of those threats, even as more software is being rolled out for new AI systems in every domain.

Most of the decisions that will determine whether countries and companies manage to capitalize on the promise of AI tools for cybersecurity will be process and policy decisions, not technical ones. The issue is not whether tech companies can build AI tools with better technical safeguards to prevent people from using them to exploit technical vulnerabilities — they can’t. The same features that make these tools invaluable to attackers are what make them critical for defense. The issues that will matter moving forward are whom companies and governments let use these tools first, and how much of a head start they need to patch their code before access expands to a broader circle, and how they will test and roll out patches faster and more effectively, and make sure that the developers and maintainers of critical software who can’t afford access to the best tools are able to use them. The conversations that both the private and public sector most need to be having are around the policies and governance structures that will apply to these models — how to design them and how to evolve them and learn from our inevitable mistakes.

If not, we risk missing out on one of the greatest opportunities we’ve ever had to secure the computer systems that are integral to our daily lives.

We’d like to hear what you think about this or any of our opinion articles. You can email us at [email protected]. Interested in submitting an opinion piece of your own? Review our submission guidelines.