惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

D
Docker
爱范儿
爱范儿
人人都是产品经理
人人都是产品经理
博客园 - 司徒正美
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
量子位
罗磊的独立博客
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
小众软件
小众软件
C
Cybersecurity and Infrastructure Security Agency CISA
Cyberwarzone
Cyberwarzone
大猫的无限游戏
大猫的无限游戏
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
雷峰网
雷峰网
Simon Willison's Weblog
Simon Willison's Weblog
The Cloudflare Blog
博客园 - 三生石上(FineUI控件)
D
Darknet – Hacking Tools, Hacker News & Cyber Security
C
Cyber Attacks, Cyber Crime and Cyber Security
博客园_首页
博客园 - 叶小钗
V
Vulnerabilities – Threatpost
T
The Exploit Database - CXSecurity.com
T
Tailwind CSS Blog
IT之家
IT之家
博客园 - 聂微东
Spread Privacy
Spread Privacy
V2EX - 技术
V2EX - 技术
S
Security Affairs
宝玉的分享
宝玉的分享
V
V2EX
C
Cisco Blogs
博客园 - Franky
美团技术团队
酷 壳 – CoolShell
酷 壳 – CoolShell
月光博客
月光博客
S
Securelist
J
Java Code Geeks
Webroot Blog
Webroot Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
P
Proofpoint News Feed
Last Week in AI
Last Week in AI
L
LINUX DO - 热门话题
NISL@THU
NISL@THU
WordPress大学
WordPress大学
W
WeLiveSecurity
T
Threatpost
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
腾讯CDC
阮一峰的网络日志
阮一峰的网络日志

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Mythos and Cyber Models: What does it mean for the future of software?
shakti mishr · 2026-04-26 · via DEV Community

Anthropic Made Its Model Worse On Purpose. Here's What That Tells You About the State of AI Security.

In the entire history of commercial AI model releases, no company has intentionally made a model worse on a published benchmark before shipping it to the public.

That changed this month.

Anthropic released Opus 4.7. And if you look at the CyberBench scores, it performs below Opus 4.6 — the model it was supposed to supersede. That regression was not a bug. It was a deliberate product decision, and understanding why they made it is one of the most important things a software architect can do right now.

The reason is a model called Claude Mythos. It is the most capable vulnerability-discovery system ever tested on real-world production software. It found a 27-year-old flaw in OpenBSD — one of the most security-hardened operating systems on the planet. It found a 16-year-old vulnerability in FFmpeg. It chained multiple Linux kernel weaknesses into a working privilege escalation exploit, going from ordinary user access to full machine control.

And then Anthropic looked at those results, looked at the systems the rest of the world runs on, and decided the right thing to do was to restrict access before releasing anything more capable publicly.

That decision is the signal. Everything else in this post explains what it means.


What Claude Mythos Actually Did

Mythos is not a research artifact or a red-team proof of concept. It is a production-grade capability that was released — under the codename Project Glasswing — to a small set of approximately 40 vetted organizations that operate critical software, specifically so they could begin hardening their systems before the model's capabilities became more widely known.

What it demonstrated in controlled environments:

Active zero-day discovery at scale. Mythos does not just match known CVE patterns. It analyzes real systems, identifies previously undocumented vulnerabilities, and produces working proof-of-concept exploit chains. The OpenBSD bug had existed since 1997. It was not obscure legacy code that nobody touched — OpenBSD is actively maintained and specifically designed to be resistant to exactly this kind of analysis. A 27-year-old bug surviving in that environment is not a failure of individual engineers. It is a signal about the limits of human-scale review.

Exploit chaining. Finding a single vulnerability is one thing. Combining multiple weaknesses into a viable attack path is the work that turns a theoretical risk into a real one. Mythos demonstrated the ability to do this across kernel-level Linux vulnerabilities, turning a sequence of low-individually-critical issues into full privilege escalation. This is the kind of chain that typically takes a skilled attacker weeks to construct. The model did it as part of its analysis pass.

Scale that no human team can match. The significance is not any single finding — it is the rate. Human security researchers are bottlenecked by expertise, time, and context-switching. Mythos evaluates thousands of potential attack surfaces in parallel, continuously, without fatigue or prioritization constraints.


OpenAI Is Thinking the Same Thing

Anthropic is not operating in isolation. Within days of Mythos going out to Project Glasswing partners, OpenAI released GPT-5.4-Cyber — a variant of its flagship model fine-tuned specifically for defensive cybersecurity use cases. It is only available to vetted participants in their Trusted Access for Cyber (TAC) program.

The parallel is striking:

Anthropic                              OpenAI
─────────────────────────────────────────────────────
Claude Mythos                          GPT-5.4-Cyber
Project Glasswing (~40 partners)       TAC program (vetted participants)
Restricted pre-release access          Safety-guardrail modifications
                                       for authenticated defenders
Vulnerability discovery & chaining     Binary reverse engineering enabled

Enter fullscreen mode Exit fullscreen mode

GPT-5.4-Cyber goes further in one specific way: it removes many standard safety guardrails for authenticated defenders, including support for binary reverse engineering — a capability that is normally off-limits. OpenAI's Codex Security tool has already contributed to fixing over 3,000 critical and high-severity vulnerabilities.

What this pattern tells you is not that these models are risky in an abstract sense. It is that both of the leading frontier AI labs have independently reached the same conclusion: their models are now powerful enough that unrestricted public access would be a net liability. That is not a marketing stunt. That is not regulatory positioning. That is two organizations treating their own work the way defense contractors treat classified technology.


The Shift That Actually Matters: Human Effort Is No Longer the Limit

For as long as software security has existed as a discipline, there has been a natural rate-limiting factor: human effort.

Finding vulnerabilities required skilled people with time, focus, and domain expertise. Even the most sophisticated state-level adversaries were constrained by how fast their teams could move. The difficulty of exploitation was, itself, a form of defense.

That constraint is gone.

Here is what the new operating environment looks like:

Old model (human-rate-limited):
─────────────────────────────────────────────────────
Attacker → manually analyze codebase
         → weeks/months per target
         → limited to known vulnerability patterns
         → exploitation requires specialists
         → limited parallelism

New model (AI-accelerated):
─────────────────────────────────────────────────────
AI system → continuous automated analysis
          → thousands of targets in parallel
          → identifies novel vulnerability classes
          → generates working exploit chains
          → operates 24/7 without fatigue

Enter fullscreen mode Exit fullscreen mode

The attack surface has not changed. The cost of probing it has dropped by orders of magnitude.

Vulnerability discovery now happens continuously instead of periodically. Exploit development can be partially or fully automated. And as these models become accessible — either through legitimate programs or through underground markets where stripped-down variants already circulate — the population of actors capable of sophisticated attacks expands dramatically.


The Real Problem: The Remediation Gap

Here is the uncomfortable truth that the Mythos story exposes.

Most of the risk in software systems today does not come from vulnerabilities that haven't been found yet. It comes from vulnerabilities that have already been found, are already documented, and have not been patched.

Security teams work against a perpetual backlog. Systems are too fragile to update quickly. Regressions break things when patches go in. Dependency chains make change expensive. This is the normal operational state of almost every engineering organization running at scale.

What AI does is accelerate the discovery side without equally accelerating the remediation side. That asymmetry is the actual risk.

Discovery velocity         ████████████████████████████░░  (AI-accelerated)
Remediation velocity       ████████░░░░░░░░░░░░░░░░░░░░░░  (still human-rate-limited)
                                    ^^^
                            This gap is your attack surface

Enter fullscreen mode Exit fullscreen mode

A system that finds 10,000 previously unknown vulnerabilities in a month is not obviously helpful if your team can patch 200. The remaining 9,800 are now known — potentially to adversaries — and unaddressed. The net effect can be a larger effective attack surface, even though the underlying systems have not changed at all.

This is the design problem that the industry has not solved. Mythos forced the conversation into the open.


The Monoculture Risk Nobody Is Talking About

Individual vulnerabilities are dangerous. Vulnerabilities in software that runs everywhere are catastrophic.

The hidden amplification factor in this story is software monoculture: the same operating systems, the same libraries, the same frameworks are used across millions of production systems globally. A single vulnerability in glibc, OpenSSL, or the Linux kernel is not a bug in one application. It is a bug in the substrate that most of the world's software infrastructure runs on.

When AI accelerates vulnerability discovery in monoculture environments, the impact does not scale linearly — it scales by the number of systems running that codebase.

Traditional single-target exploit:
  1 attacker → 1 target → 1 breach

AI-discovered monoculture exploit:
  1 AI system → 1 vulnerability → millions of targets
                                 (same code, different deployments)

Enter fullscreen mode Exit fullscreen mode

This is how the Mythos findings — an OpenBSD bug, an FFmpeg flaw — become systemic risks rather than isolated incidents. OpenBSD runs in firewalls, embedded systems, and network appliances across critical infrastructure. FFmpeg processes video in applications that touch billions of users. These are not edge cases.


An Unexpected Counterforce

There is one interesting development beginning to emerge from the same forces that created this risk.

As AI reduces the cost of building software, organizations may — over time — begin to build more customized, less standardized systems. When you can generate a bespoke authentication module in minutes instead of weeks, the calculus around using shared libraries changes.

If that shift materializes at scale, it could reduce the blast radius of any single vulnerability. Attackers cannot reuse the same exploit across millions of targets if the targets are no longer running identical code.

The catch is that this benefit only materializes if security practices evolve at the same pace as development. Right now, AI is accelerating development velocity significantly faster than it is accelerating security rigor. The window between "built with AI" and "secured with AI" is where the risk lives.


Where This is Heading: AI vs. AI

The end state of this trajectory is a security landscape that operates entirely differently from today's.

Current state:
  Human attackers ──────────► Human defenders
  (slow, expertise-limited)    (slow, expertise-limited)

Near-term state:
  AI attackers ─────────────► Human defenders
  (fast, scalable)              (slow, expertise-limited)
                    ^^^
              Current danger zone

Future state:
  AI attackers ─────────────► AI defenders
  (fast, scalable)              (fast, scalable)
         └──────────────────────────┘
              Competing feedback loops

Enter fullscreen mode Exit fullscreen mode

We are currently in the second phase — the danger zone. AI-accelerated attack capability is outpacing human-scale defense. The third phase, where AI defense catches up, is coming, but it is not here yet.

The organizations that close that gap fastest will not necessarily have the most capable models. They will have the tightest feedback loop between detection and remediation. Anthropic understood this when they degraded Opus 4.7 on CyberBench. They looked at Mythos's capabilities, understood that making something more capable publicly available was a liability before the defense side had caught up, and made a product decision that cost them a benchmark headline in exchange for reduced near-term risk.

That is the playbook. Build for the loop, not the leaderboard.


What Developers and Architects Should Actually Do Right Now

The model release news cycle will pass. The structural shift it represents will not. Here is how to think about your exposure:

Audit your patch lag. The remediation gap is your real risk surface. How long does it take your organization to go from "CVE published" to "patch deployed in production"? That number tells you more about your actual risk than your perimeter security posture.

Treat your dependency graph as infrastructure. Libraries and shared frameworks are not just technical debt decisions — they are blast radius decisions. Every shared dependency is a vector through which a single discovered vulnerability reaches you. That calculus now needs to include AI-accelerated discovery timelines.

Start thinking about detection-to-remediation as a pipeline, not a process. The organizations that will handle the next phase of AI-accelerated attacks are the ones that have automated the boring parts of remediation so that their human capacity can focus on the genuinely novel cases.

Understand which of your systems run on monoculture infrastructure. OpenBSD, Linux kernel, FFmpeg, OpenSSL, glibc — if your systems touch these, you are exposed to a different risk profile than systems running on more customized stacks. Know which category you are in.


Key Takeaways

  • The intentional benchmark regression is the story. Anthropic degraded Opus 4.7 on CyberBench specifically because Mythos demonstrated that unrestricted public access to more capable models is a net liability for critical infrastructure. That is an industry-first decision worth understanding deeply.
  • Human effort is no longer the rate-limiting factor in vulnerability discovery. AI systems can probe attack surfaces at scale, continuously, across thousands of targets — and produce working exploit chains, not just theoretical flags.
  • The remediation gap is now the primary risk. AI accelerates discovery without equally accelerating patching. The asymmetry between those two velocities is your real attack surface.
  • Software monoculture amplifies everything. A single AI-discovered vulnerability in shared infrastructure (Linux, OpenSSL, FFmpeg) is not one bug in one system — it's one bug in the foundation of millions of systems simultaneously.
  • Both Anthropic and OpenAI are now treating their own models like classified defense technology. This is not regulatory theater. It is a calibrated signal that capability has outpaced the defense ecosystem's readiness.

The Question That Should Keep Architects Up at Night

Anthropic made their model worse on purpose because they understood something most of the industry has not caught up to yet: the capability is already here. The question that remains is who gets to use it first, and whether the defense side catches up before the attack side scales.

We like to believe that modern software systems are mature and well understood. They are not. A 27-year-old bug in a deliberately hardened operating system is not an anomaly — it is evidence that complexity has always outpaced our ability to fully audit what we build. AI is not introducing that complexity. It is exposing it.

Here is the question I want to leave you with: If a system like Mythos ran against your production infrastructure today, how long would it take your team to close what it found — and do you have a plan for the gap?

Drop your answer in the comments. I'm particularly curious how organizations with large legacy surface areas are thinking about this.


Credit: The technical analysis in this post is based on insights from Diary of an AI Architect by Anurag Karuparti — a newsletter worth following if you build or operate software at scale.