Anthropic Mythos: маркетингова бульбашка чи реальний прорив у безпеці?

[music] >> Hi. Welcome to another video. So, a new model kind of has dropped and it is called Mythos. This is by Anthropic and is not generally available. I won't talk too much about the already existing common knowledge around the model. This model is apparently very big and the capabilities are so good that, according to people at Anthropic, it can't be generally released. I have seen more and more people concerned about it. So, I wanted to share my two cents on it, which is not much, but many people were indeed asking me for my thoughts. I have indeed read through the system card, the blogs by Anthropic partners, and much more to find out what Anthropic is trying to convey here. Anthropic says that Mythos is such a big model that it can find cybersecurity bugs in almost all major open-source repos that make almost every system we use susceptible to breaches and attacks. They themselves mention things like pre-existing bugs in FFmpeg that had been lasting for many years, which Mythos was able to find. If you don't know, most of the software that you use that contains anything related to video probably relies on this library. I'll come back to this point later as well, so keep this in mind. There were also more repos where they were able to find things like this. In the case of OpenBSD, they were able to find a bug where a simple, subtle request change can crash a whole system. You would have heard about all this by now, but the devil is in the details here. According to Anthropic's own blog post, Mythos was run over a thousand times to find this vulnerability in OpenBSD, which cost over 20K in total. The run that caught it was about $50. Now, you also don't know what the agentic contraption looks like here. Was it given a calculator? Was it given web search? Was it given MCP? Was it given compiler access? Was it given access to other sub-agents? The point I'm trying to make here is that this is probably not just the raw model capability. It is probably not like they copied all the repo source code and it was able to reason through that. In fact, if you look at page 21 of the system card, they explicitly say that they even use different kinds of model checkpoints in different evaluations. For example, they say here, and I quote, "Our evaluations are designed to address realistic, detailed, multi-step, medium time frame scenarios. That is, they were not attempts to elicit single pieces of information. As a result, for automated evaluations, our models had access to various tools and agentic harnesses, software setups that provide them with extra tools to complete tasks. And we iteratively refined prompting by analyzing failure cases and developing prompts to address them. When necessary, we used a version of the model with harmlessness safeguards removed to avoid refusals. And we used extended thinking mode in most evaluations to increase the likelihood of successful task completion. Taken broadly, our reported scores are the highest scores seen across both the helpful only and helpful, harmless, honest variants. For red teaming, uplift trials, and knowledge-based evaluations, we equipped the model with search and research tools. For agentic evaluations, the model had access to several domain-specific tools. So, this means that they not only gave it extremely complex tools, but they also gave it different model checkpoints with no guardrails to find this even after all this at this size of a model, they were only able to find very few bugs. At this point, with the right set of tools, this was probably already achievable by any person on the internet who has access to GPT-5.4, Opus, Sonnet, and the like, probably even for less money. Google has already done this kind of stuff where they made Gemini, which is a pretty weak model, find vulnerabilities in things like FFmpeg. While I don't say that what this model found is worthless, I do believe that this is more marketing speak. The reason I think this is very simple is this. The mathematical probability of Mythos finding an extremely intricate bug with all the tools, system prompts that probably tell it to look only for bugs, and different checkpoints of the model with no guardrails is still only 0.05%. The thousands written in their blog post can be any number in the thousands. I took it as 2,000, but it can be 9,000 or 10K as well. But let's keep it at 2,000. Well, it not only costs a lot to run, the probability of finding vulnerabilities across different repos will not only be costly, but also very, very time-consuming. A 10 trillion parameter model will not respond at 40 tokens a second. It will be more like one or two tokens a second even when four or five people are using it on enterprise-grade hardware. It will be extremely time-consuming. Another thing that I see is that if this model can't find a bug by reading files in one go, then it would still be unable to write safe code, which is the biggest drawback of current gen models. Plus, considering that they basically used an uncensored model in their tests and different checkpoints, it tells me that most of this stuff that they are talking about can already be fixed with guardrails and by limiting how much a user can use it. It just doesn't make any sense to me not to release this to the public. Secondly, the most important part here is that almost every new gen AI company already has a model of this size. OpenAI even released theirs as GPT-4.5 a while back, which was actually a distilled version. The reason I say this is because every model now relies on synthetic data. Synthetic data can be really useful because it is structured, you can control it, and you can also use these models as judges to train models when doing RL. These models are not always very capable because with great data comes great dumbness. Because of the density of neurons and the complex nature of these systems that rely on data, they can very easily become biased and not learn tool calling correctly. Because the tool calling data that we have as humans is not very proportionate to the stuff on the internet. The reason Mythos is not released is because it is probably not a great model for the price. The reason is simple. This BS about security and the world has been recited by Anthropic so many times that it seems like a joke to me at this point. Giving access to major companies is fine, apparently, but to end users, it is not. >> So, the thing is that most of the stuff you're seeing about it on the internet is just gaslighting. Yes, finding vulnerabilities has become much easier in the age of AI, but Mythos is not the first one to do it. If you tried hard enough and somehow got access to something like an uncensored Opus, then you would already have been able to do it anyway. That is the reason why there are rate limits on models, even when you pay, that are imposed by almost every company to make sure that you don't use the models for something harmful. You as an end user probably won't even be able to run Opus 4.6 thousands of times inside Claude code, even if you paid the API pricing. The thing is that writing a blog post is much more marketing-friendly than a model that costs $1,000 per million tokens and generates a subpar landing page. Giving access to users with like five requests a day would have just been better, but that wouldn't fetch the results Anthropic has achieved with vague posts. I think that most of the stuff here is nothing new. Please don't fall for all the marketing people on the internet. Read the system card yourself, look at the posts, and you'll be disappointed. Overall, it's not so cool. Anyway, let me know your thoughts in the comments. If you like this video, consider donating through [music] the Super Thanks option or becoming a member by clicking the join button. Also, give [music] this video a thumbs up and subscribe to my channel. I'll see you in the next one. Until then, bye.