As someone who has lived through a security breach at a former organization, I can say the experience is frightening and leaves you feeling exposed, vulnerable and out of control. I was impressed and a little scared when I read the NYT article about Claude Mythos Preview and how the AI model found critical zero-day vulnerabilities in software that thousands of other scans missed. My .02 is this power needs to be controlled and am thankful of Anthropic’s prescriptive approach to their limited rollout. That said, I’m curious what AI models, steps, detection, etc that others may have leveraged in their Pega workflows to prevent egregious actors from exploiting your application(s)?
@dayts1 Its very good AI model if used correctly Lot of pega applications are shipped to different cloud environments in various regions of the world. Using this Anthropic Mythos model we can easily build pega components in market place and give IT partners access to scan the pega code base before deploying to cloud environments. we have to harness the power of Mythos AI model effectively in building components in market places and also data compliance across various regions of the world. Its powerful and reduce lot of time for security scan and security audits in cloud enviroments. If companies who have used it first should share there security insights to there partners to avoid lot of vulnerabilities in existing code bases. I support for the model if it generates revenue to developers , reduce time of security audit and scanning in code basses and also give free time to security person in none office hours.
1 Like
Hi, have you already got experience using Mythos model?
1 Like
Here is a short commentary that I also posted on LinkedIn
Marketing myth or new cybersecurity reality? My 5 cents. #Anthropic launches a preview of #Mythos, alongside a #cybersecurity program as with Mythos it has uncovered major vulnerabilities in commonly used software.
First, fear sells, and ironically all major players have used #AI doom to market their products, some more than others. That said, given their b2b, paid user, AI assisted coding go to market, Anthropic has paid specific attention to safety, both in research and product, and zero day vulnerabilities are to be taken seriously. AI simply accelerated the process of finding these, and for adversarial actors it lowers the threshold to create zero day exploits.
Second, the self-published benchmark results are very good. Anthropic states that for now Mythos is not made generally available for safety reasons and it will be used to improve its core models. Safety could not be the only reason though, such a ‘student teacher’ approach could make a lot of economical sense. The most capable and largest models could be harder to market given the high unit token cost, but could fit very well to ‘teach’ smaller models, for instance in reinforcement learning or generation of synthetic data. Yet at some point you can expect that the model itself might make its appearance.
Third, and nothing new here, this yet another sign of competition in the base foundation model heating up. Last couple of days it was OpenAI announcing a new funding round, Anthropic announcing Mythos and posting record revenue run rates, no doubt the likes of #Google and #AWS might be dropping news next week, who knows.
Mythos is a promising model with good performance, but the GenAI services market will keep evolving and commodifying, tomorrow there will be yet another model ;).
1 Like
@Kamil_Janeczek I didn’t got the access but read articles about it in web. I have confidence on anthropic products after experiencing some of there demos.
1 Like
Very good point Staci. Yes it’s scary how smart Mythos can get and the most uncanny fact is Mythos has found an 27 year vulnerability in OpenBSD!
But I like the way Anthropic treading this carefully and restricting access to Mythos and it’s not public yet. Rather they launched project glasswing so selected firms can find their vulnerabilities and fix them first before Mythos reveals to the public. I am sure Anthropic will launch further releases of Project glasswing to wider software products, and yes Pega needs to get early access to Mythos preview model by onboarding to glasswing sooner.