惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google DeepMind News
Google DeepMind News
博客园_首页
H
Help Net Security
T
Tailwind CSS Blog
S
SegmentFault 最新的问题
GbyAI
GbyAI
Scott Helme
Scott Helme
D
Docker
Hacker News: Ask HN
Hacker News: Ask HN
P
Privacy & Cybersecurity Law Blog
Jina AI
Jina AI
雷峰网
雷峰网
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Spread Privacy
Spread Privacy
G
GRAHAM CLULEY
C
Cisco Blogs
The Hacker News
The Hacker News
F
Full Disclosure
Y
Y Combinator Blog
Blog — PlanetScale
Blog — PlanetScale
Recent Announcements
Recent Announcements
G
Google Developers Blog
量子位
K
Kaspersky official blog
Cisco Talos Blog
Cisco Talos Blog
The Cloudflare Blog
A
About on SuperTechFans
C
Cybersecurity and Infrastructure Security Agency CISA
Last Week in AI
Last Week in AI
博客园 - 三生石上(FineUI控件)
Microsoft Security Blog
Microsoft Security Blog
Martin Fowler
Martin Fowler
T
Tenable Blog
P
Palo Alto Networks Blog
H
Heimdal Security Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
W
WeLiveSecurity
Schneier on Security
Schneier on Security
The Register - Security
The Register - Security
F
Fortinet All Blogs
Stack Overflow Blog
Stack Overflow Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
T
The Blog of Author Tim Ferriss
N
News and Events Feed by Topic
Hugging Face - Blog
Hugging Face - Blog
小众软件
小众软件
V
V2EX
爱范儿
爱范儿

The New Stack | DevOps, Open Source, and Cloud Native News

Agentic development hinges on verification. For cloud-native software, that is a runtime problem. AI agents need infrastructure: Why Europe’s regional cloud strategy matters Transform your AI coding agent into a deterministic Java Spring expert WeAreDevelopers is coming to the US to give unsung developers a bigger voice Cleaner AI training data, fewer bugs: Sonar’s SonarSweep explained Observability overload is drowning engineers Google’s DiffusionGemma is 4x faster than its other Gemma models Fable 5: Guardrails and burn rate are annoying users, who say it’s still better than Opus 4.8 The Anthropic leader who built Claude Code says he ditched prompting — now he just writes loops. AWS can now mathematically prove your VMs are isolated Microsoft pulled 73 GitHub repos after malware attack — but still won’t say who’s compromised Databricks wants to kill the “email me a file” problem for AI agent skills Ramp bets forward deployed engineers can do what off-the-shelf finance AI can’t Git real: AI agents aren’t just for solo developers anymore Anthropic launches Claude Mythos/Fable 5, but you better try it soon This AI agent startup ditched Anthropic for DeepSeek — and says it’s saving millions When your data model is the bottleneck: lessons from Medium’s feature store How long before we stop reading the code? The tokenmaxxing party is over, and Revenium is mopping up How AI is solving the memory crunch it created Microsoft’s pitch to enterprises: Ditch Azure Repos for GitHub, despite its rocky reliability record Claude Code’s biggest upgrade yet ran 5 agents at once — here’s what happened Why Anthropic just doubled Claude Cowork limits at no charge For years, Apache Cassandra handed this work to your team — 6.0 takes it back “A dangerous combination”: The 2 factors that can “corrupt” AI agent workflows With Foundry, Microsoft bets the enterprise AI battle is about reliability, not capability Microsoft unlocks Visual Studio for developers left behind by its own AI AI teams now deploy 1,000 times a month. Your pipeline wasn’t built for that. Microsoft just made the agent runtime free — and kept everything around it “Whoever builds the most joyous product wins”: The agent war begins Netlify CTO Dana Lawson: Writing code is no longer the job From Jupyter Notebook to production: How to ship AI systems that actually work OpenClaw used Gavriel Cohen’s code and exposed the AI Agent accountability problem Replit shows how vibe coding is getting its own financial stack — and a path to profit Cloudflare aqui-hires VoidZero: Did a piece of the open web just stabilize, or become more brittle? Cursor cuts prices and adds enterprise spend controls amid “tokenomics” reckoning Google Gemma 4 12B nearly matches 26B benchmarks — and runs on your laptop Snowflake thinks it knows what’s really slowing developers down Autonomous agents have met their biggest challenge yet: The database. Why agentic AI makes the ops platform the most important layer in the enterprise How to dramatically improve enterprise security alert tuning to battle cyberattacks Why the need for humans won’t disappear in the age of autonomous databases How to secure Kubernetes in the age of AI workloads Asana says its new AI “chief of staff” turns your Slack chaos into trackable work Nvidia’s best model is now live Mate Security’s Asaf Wiener made every backend engineer a model router. He’s right to. The AI cost crisis finally has a watchdog — just not the companies causing it How to get operational data off the factory floor without creating an IT breach Why CPUs still matter in the age of AI agents Rayfin: Microsoft’s answer to the gap between vibe coding and enterprise production Microsoft bets the enterprise AI race will be won on data context, not model power “A successful attack could be catastrophic”: Anthropic gives more groups access to Claude Mythos How GitHub plans to win developers back Microsoft really, really, really wants developers to love Windows again With Intelligent Terminal, Microsoft is reinventing the Windows terminal Microsoft debuts “Scout” at Build, a new personal agent for work OpenAI’s Codex adds new tools — Sites, Annotations, more plugins — for knowledge workers GitHub Copilot’s usage-based billing is live: Here’s what you need to know OpenAI, Anthropic, Google, Amazon, and xAI all fail on type of attack, study finds JetBrains open-sources Mellum2 to go where Claude Code can’t Claude Code vs. Cursor vs. Codex vs. Antigravity — six months in This coding agent doesn’t want your feedback — it ships without it “Blowing things up”: The one move vendors got wrong on AI agents At Sapphire, SAP makes the case that enterprise AI is a context problem Gavriel Cohen found his own code inside OpenClaw, so he walked away AI retrieval at scale is becoming a systems problem, not a tooling problem The DIY platform trap that’s burning out engineering teams I tested Cursor’s new Jira integration and it’s 5 stars, no notes. Here’s why. Why GPT-5.4, Claude, and Gemini can’t agree on basic, real-world facts Replit’s vibe coding platform just got a Visa-backed identity layer for AI agents — and it changes how agents spend money Opus 4.8 Made Claude Smarter. Token Discipline Got Urgent. Why Linux creator Linus Torvalds gets angry hearing “99% of code is AI” Vendor neutrality isn’t magic: A hard look at the OpenTelemetry ecosystem “The AI did it” won’t save you when EU regulators come knocking The fix for soaring AI cloud bills exists — so why won’t we trust it? AI is shipping code faster than security was built to handle Why AWS scrapped OpenSearch’s architecture to chase agent workloads Claude Opus 4.8 is here: effort controls, dynamic workflows, cheaper fast mode, better honesty, less deception Percona celebrates 20th birthday with new foundation — and a goat cake Why OpenAI and Anthropic are hiring forward deployed engineer teams Claw-style AI agents are coming to the enterprise. The governance infrastructure is still catching up. The agentic identity crisis: Why your security isn’t ready for the AI revolution Debugging the undebuggable: building observability into probabilistic AI systems Snowflake commits $6B to AWS as it pushes deeper into AI Why MotherDuck refuses to fork DuckDB Researcher “gave Claude Code ‘ADHD’… and it thinks 2x better now.” Outside experts want more proof. “There is no accountability”: AI coding agents are installing packages no one owns “Tokenmaxxing is real, expensive & it’s spreading”: AI budgets are exploding With Google’s debut, the most important AI agent feature is now the most boring one Why AI agents need a Context Lake Google ranks the best AI for building Android apps, and the winner isn’t Gemini Google pushes Pro, Ultra, and free users from open-source Gemini CLI to closed-source Antigravity CLI The reason enterprise outages almost never start where ops teams think Taming the agentic influx: a blueprint for AI business observability How the AC/DC framework helps teams govern AI coding agents GitLab 19.0 trades its string section for a full DevSecOps orchestra Who’s monitoring the agents? How Jaeger hit 8.6× compression on 10 million spans with ClickHouse What ClickHouse learned from a year of coding with AI agents OpenClaw passed 300,000 GitHub stars. Then Google launched Spark.
Will it Mythos? One coder's verdict on Anthropic's blend of debugging
Adrian Bridgwater · 2026-06-25 · via The New Stack | DevOps, Open Source, and Cloud Native News

Anthropic’s rollercoaster ride with Claude Fable 5 and Mythos 5 has left various deposits of fallout this year, but the mêlée hasn’t stopped independent software application developers from testing the models’ purported powers via their own methods and channels.

Austin, Texas-based software developer Joe Cooper (aka swelljoe) has said he is skeptical about how well Mythos might find really challenging security bugs and cyber vulnerabilities.

A rich enough blend for debugging – will it Mythos? 

“The idea was to gather up bugs that were specifically found by Mythos, as covered by Anthropic’s own documentation [and start to build a benchmarking service],” wrote Cooper, on his blog.

“[I wanted to] find the commit from before the bug was fixed, verify that a top-tier model (Opus, in this case) can identify and understand the bug if pointed right at it, and add that to our corpus for benchmarking whether models going in blind can accurately detect and describe the bug,” explained Cooper. 

In homage to the Will It Blend? YouTube infomercial video series, which served as a marketing vehicle for the Blendtec line of blenders featuring founder Tom Dickson attempting to blend everything from a whole chicken to an iPhone 4, Cooper’s analysis piece this May was amusingly titled Will It Mythos? 

The description of his process noted that he had previously built a tool called Nelson to automate bug hunting in his own projects. He noted that he had “already noticed there are surprising differences” among the various models (Nelson works with a variety of models via Claude Code, Gemini CLI, and OpenAI-compatible APIs) and in how effectively they identify bugs.

But he wanted hard numbers, and so he mostly used Claude to cook up a benchmark suite that borrows some code from Nelson and takes Mythos to task.

Zero-day vulnerabilities in every major operating system

With his ambitions to test bug gathering according to “Anthropic’s own documentation”, let’s remember here that Anthropic famously said that during its testing, it found Mythos Preview was capable of identifying and then exploiting zero-day vulnerabilities in “every major operating system and every major web browser” when directed by a user to do so.

“The toughest bugs are multi-file bugs. The models were free to look at all files, but one often needs to know the context to know that a given usage is a problem. This is a hard problem for any security reviewer, human or AI.”

Ultimately, he wanted to find out whether models going in blind can accurately detect and describe a bug. Cooper’s system was built so that the models used can look at the whole code repository and follow logic across file boundaries, but they’re not told what to look for.

“The toughest bugs are multi-file bugs. The models were free to look at all files, but one often needs to know the context to know that a given usage is a problem. This is a hard problem for any security reviewer, human or AI,” Cooper says.  

He said he assumed Mythos has more advanced tooling and perhaps runs the software in a debugger or performs fuzz testing

Some credence that Mythos is particularly good at this 

“Guessing at everything Mythos might do is beyond the goals of this project for now. But there are bugs in this corpus that are extremely hard to find, giving some credence to the notion that Mythos is particularly good at this problem,” conceded Cooper.

“It almost certainly leads in raw capability, so in that sense, Mythos is engineered to blend an expansive range of bugs. But it’s important to recognize the difference between simply leading a benchmark, versus gating all security progress on one model.” – Conor Sherman, Sysdig.

Raw model capability is not the same as gate-all security

As opinions on Anthropic’s new model abilities start to crystallize, we will gradually gain more real-world insight into their working mechanics.

Conor Sherman, global CISO at runtime security specialist Sysdig is a glass-half-full kind of guy, he tells The New Stack that Mythos stands apart from other AI models. 

“It almost certainly leads in raw capability,” Sherman says. “So in that sense, Mythos is engineered to ‘blend’ an expansive range of bugs (but perhaps not a whole chicken or iPhone), and it has an inherent ability to perform well when hunting out the multi-file bugs that stump everything else seems to be where it’s most notably ahead.”

But there are caveats here: Sherman advises that it’s important to recognize the difference between simply leading a benchmark and gating all security progress on one model, like some kind of cyber wonder-panacea. 

“A less capable but less expensive model wired into the right scaffolding can close most of that gap,” explains Sherman. “The edge that actually matters for defenders isn’t model-versus-model on a corpus of known bugs. Security in an age of AI-powered threats requires runtime context and real-time signals that equip teams to act at the speed at which today’s attackers move.”

Fabien Renaudineau, co-founder and co-CEO at AI-native synthetic testing company Mozark, tells The New Stack that in terms of pure capability, agentic testing and debugging tools are improving very quickly, and it “would be a mistake” to underestimate them. 

“Systems in this class can already help engineers reason through larger code contexts, identify likely failure paths, and accelerate remediation,” Renaudineau says. “But whatever the benchmark, blend or breed… production reliability is not determined only by what an agent can do.”

Renaudineau draws a line here and says that debugging reliability can only ever be determined by how a tool’s output is verified, and by what we choose to base that verification on – and the first principle here is that an “agent itself cannot be the credible judge” of its own reliability.

“Verification has to be independent of the agent, reproducible and tested against real-world conditions of use – not only against the controlled environment in which the agent was developed or benchmarked,” Renaudineau adds.

What DevSecOps developers should think next

As for the original Will it Mythos man himself, Joe Cooper, noted that on the core question of whether Anthropic’s model can identify really challenging bugs, his benchmark answers “with a resounding, maybe” in this test.

“Mythos, maybe, really is better than the other current models at finding security bugs, as it found four bugs that no model in this experiment found. But I’ll keep testing. It’s possible prompt or tooling or harness changes can enable better results from the current crop of publicly available models,” concluded Cooper. “Over time, I’ll evolve the corpus. It may become a more generic CVE-based benchmark if Anthropic stops bragging about specific bugs.”

With interest and anticipation in Anthropic’s latest batch so fervent and with the work carried out in areas such as Project Glasswing being so cloak-and-dagger, the fact that the software engineering community is working to provide so much (hopefully always) impartial analysis must be a good thing.

YOUTUBE.COM/THENEWSTACK

Tech moves fast, don't miss an episode. Subscribe to our YouTube channel to stream all our podcasts, interviews, demos, and more.

Created with Sketch.