Anthropic's Project Glasswing sounds necessary to me(simonwillison.net)

47 pointsby simonw12 hours ago4 comments

ghm21998 hours ago
So my home router, all my iot devices attached to it from printers to projectors, not to mention custom stacks like Lutron. BLE based locks, car key fobs.
All of these technically could have zero day vulnerabilities and people/companies who made it don't have the resources to buy 20000$ of tokens to go debug them... Maybe they don't care but if they do, what if they can't afford such models or get access in time.
I would like to know how can someone like me defend against them?
- taspeotis3 hours ago
  > don't have the resources to buy 20000$ of tokens to go debug them
  $20,000 - how many developers do these hardware companies have that they need to spend that much? Claude Team Premium is US$125/mo for a seat and even cheaper if you buy annually...
- DustinBrett4 hours ago
  That's the neat part, you can't.
orenlindsey11 hours ago
I think AI bug scanning is a good thing, it will ensure almost all high severity get caught before entering prod. There can certainly be downsides but I am personally all for it.
- Smaug1239 hours ago
  Only if everyone runs it. The attacker just needs to find one vulnerable system; the defender must protect them all. Obviously given that the tool exists, the defender must run it, but it's not at all clear to me that the existence of the tool different all favours defence.
ChrisArchitect12 hours ago
Discussion: https://news.ycombinator.com/item?id=47679121
and Related:
System Card: Claude Mythos Preview [pdf]
https://news.ycombinator.com/item?id=47679258
Assessing Claude Mythos Preview's cybersecurity capabilities
https://news.ycombinator.com/item?id=47679155)
verdverm9 hours ago
Strong agreement. I include https://roost.tools in this category of necessary efforts. A strong privacy law would be great, but a more political thing, though there is much we can do as technologists.