Re: Claude Mythos Preview

On 2026-04-10, 山卡洛 <mwpudrtxoe@gmail.com> wrote: > --000000000000f6a5ef064f17447a > Content-Type: text/plain; charset="UTF-8" > > what does the OpenBSD team think about this: > https://red.anthropic.com/2026/mythos-preview/ "Over 99% of the vulnerabilities we've found have not yet been patched, so it would be irresponsible for us to disclose details about them" they're going to run into a lot of that. as if it wasn't bad enough before, many projects are receiving reports of *very* variable quality, some of which are valid, others are complete nonsense, having to separate truth from fiction, evaluate fixes, make sure they don't cause unintended side effects (proposed fixes often not being done with good understanding of the software involved). "We have contracted a number of professional security contractors to assist in our disclosure process by manually validating every bug report before we send it out to ensure that we send only high-quality reports to maintainers." good for them - those maintainers however also have to deal with less ethically done reporting from people trying to build up a portfolio of cve numbers. > specifically: does the claim appear valid (as in: it has potential to find > a third hole in a hack of a long time)? maybe > if yes, would an automated code audit make sense? it is safe to assume that a bunch of people are already doing various automated code audits using various methods, for various different purposes > if yes, did you receive access? if I understand correctly for this particular system, they are only sharing with certain specific partner orgs (looks like all USA based). -- Please keep replies on the mailing list.